Sujet Précédent Sujet Suivant

Gros problème dû à System Security sur WinXP

Fermé
kefrens - 15 juil. 2009 à 22:07
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 - 16 juil. 2009 à 00:06
Bonjour à tous,

ça fait quelques jours que je suis infecté avec un gros truc s'appelant "System Security".

Description: j'arrive sur le bureau du PC mais une fois là, RIEN ne veut s'ouvrir, même pas le panneau de configuration ou le gestionnaire des tâches. J'ai juste une énorme affiche en guise de fond d'écran qui me dit en gros un truc du genre "téléchargez-moi et tout ira mieux", chose que je ne veux pas faire évidemment.

J'ai tout essayé: (en mode sans échec) Spybot, SuperAntispyware, Windows defender, ... sauf mon antivirus qui
Avira qui ne fonctionne plus. Avec les antispywares que j'ai cité, ça a fonctionné 2 fois mais 10 minutes à peine
(j'avais à nouveau accès à tout) puis... "Boum!" SystemSecurity bloque tout.

Je ne sais vraiment plus quoi faire.

Quelqu'un pourrait-il m'aider SVP?
A voir également:

4 réponses

Réponse 1 / 4
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
15 juil. 2009 à 22:16
Bonjour,


Peux-tu utiliser ce logiciel de diagnostic stp, ça me permettra de t'aider :

• Télécharge Random's System Information Tool (RSIT) de random/random, et enregistre le sur ton Bureau.
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur ' continue ' à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés

Tutoriel illustré pour t'aider : https://www.androidworld.fr/

0
kefrens
15 juil. 2009 à 22:18
Merci, je vais essayer.
0
kefrens
15 juil. 2009 à 22:25
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-07-15 22:19:38
Microsoft Windows XP Professionnel Service Pack 3
System drive H: has 98 GB (41%) free of 238 GB
Total RAM: 2047 MB (81% free)


======Scheduled tasks folder======

H:\WINDOWS\tasks\Google Software Updater.job
H:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
H:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
H:\WINDOWS\tasks\Maintenance en 1 clic.job
H:\WINDOWS\tasks\MP Scheduled Scan.job
H:\WINDOWS\tasks\Norton Security Scan for Administrateur.job
H:\WINDOWS\tasks\OGADaily.job
H:\WINDOWS\tasks\OGALogon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - H:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar BHO - H:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - H:\PROGRA~1\SPYBOT~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - H:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - H:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-15 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - H:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-25 669168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - H:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-26 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - H:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - H:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
SaveLinksOrder
Locked
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - H:\Program Files\Winamp Toolbar\winamptb.dll [2007-12-13 1185120]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - H:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - H:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - H:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-15 259696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips"=C:\Windows\System32\VisualTaskTips.exe []
"Vistadrv"=C:\Windows\system32\Vistadrive\vsdrv.exe []
"Windows Defender"=H:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]
"NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2007-06-28 8466432]
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2008-01-29 16859648]
"Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Adobe Photo Downloader"=H:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe [2007-03-16 63712]
"LifeCam"=H:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-01-13 275800]
"VX3000"=H:\WINDOWS\vVX3000.exe [2006-12-06 707360]
"Belgacom"=H:\Program Files\Belgacom\bin\sprtcmd.exe [2008-05-29 202016]
"SunJavaUpdateSched"=H:\Program Files\Java\jre6\bin\jusched.exe [2009-03-09 148888]
"TkBellExe"=H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-04-07 185632]
"Google Desktop Search"=H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-05-19 30192]
"Regedit32"=H:\WINDOWS\system32\regedit.exe []
"14297504"=H:\Documents and Settings\All Users\Application Data\14297504\14297504 [2009-07-15 56]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"=H:\WINDOWS\system32\sti_ci.dll [2008-04-14 138240]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=H:\Program Files\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-02-10 68856]
"Steam"=H:\Program Files\Steam\Steam.exe [2009-06-10 1217784]
"MSMSGS"=H:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
""=H:\Documents and Settings\Administrateur\.exe /i []
"Administrateur"=H:\Documents and Settings\Administrateur\Administrateur.exe [2009-07-06 22941]
"SUPERAntiSpyware"=H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2007-06-21 1318912]

H:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - H:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

H:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage
Rainlendar.lnk - H:\Program Files\Rainlendar\Rainlendar.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="H:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
H:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2007-04-19 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
H:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2007-12-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=H:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=H:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,, digiwet.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SupportSoft RemoteAssist]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoUserNameInStartMenu"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="H:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"H:\Program Files\PeerTV\PeerCast.exe"="H:\Program Files\PeerTV\PeerCast.exe:*:Enabled:PeerCast"
"H:\Program Files\PeerTV\VLC\vlc.exe"="H:\Program Files\PeerTV\VLC\vlc.exe:*:Enabled:VLC media player"
"H:\Program Files\Shareaza\Shareaza.exe"="H:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing"
"H:\Program Files\Winamp Remote\bin\Orb.exe"="H:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"H:\Program Files\Winamp Remote\bin\OrbTray.exe"="H:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"H:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="H:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"H:\Program Files\eMule\emule.exe"="H:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"H:\Program Files\LimeWire\LimeWire.exe"="H:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"H:\Program Files\Azureus\Azureus.exe"="H:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"H:\Program Files\Microsoft LifeCam\LifeCam.exe"="H:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"H:\Program Files\Microsoft LifeCam\LifeExp.exe"="H:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"H:\Program Files\Steam\steamapps\kevinbrown2000\team fortress 2\hl2.exe"="H:\Program Files\Steam\steamapps\kevinbrown2000\team fortress 2\hl2.exe:*:Enabled:hl2"
"H:\Program Files\Internet Explorer\iexplore.exe"="H:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"H:\Program Files\Mozilla Firefox\firefox.exe"="H:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"H:\Program Files\FrostWire\FrostWire.exe"="H:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
"H:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.265\freezer v1.4 fr\freezer.exe"="H:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.265\freezer v1.4 fr\freezer.exe:*:Enabled:freezer"
"H:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX02.312\freezer v1.4 fr\freezer.exe"="H:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX02.312\freezer v1.4 fr\freezer.exe:*:Enabled:freezer"
"H:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.390\freezer v1.4 fr\freezer.exe"="H:\Documents and Settings\Administrateur\Local Settings\Temp\Rar$EX00.390\freezer v1.4 fr\freezer.exe:*:Enabled:freezer"
"H:\Program Files\Ares\Ares.exe"="H:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"H:\Program Files\Windows Live\Messenger\wlcsdk.exe"="H:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe"="H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\WINDOWS\system32\WgaTray.exe"="H:\WINDOWS\system32\WgaTray.exe:*:Enabled:ENABLE"
"H:\Program Files\Windows Defender\MSASCui.exe"="H:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:ENABLE"
"H:\WINDOWS\RTHDCPL.EXE"="H:\WINDOWS\RTHDCPL.EXE:*:Enabled:ENABLE"
"H:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"="H:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe:*:Enabled:ENABLE"
"H:\WINDOWS\vVX3000.exe"="H:\WINDOWS\vVX3000.exe:*:Enabled:ENABLE"
"H:\Program Files\Belgacom\bin\sprtcmd.exe"="H:\Program Files\Belgacom\bin\sprtcmd.exe:*:Enabled:ENABLE"
"H:\WINDOWS\system32\ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe:*:Enabled:ENABLE"
"H:\Program Files\Java\jre6\bin\jusched.exe"="H:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ENABLE"
"H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe"="H:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe:*:Enabled:ENABLE"
"H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"="H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe:*:Enabled:ENABLE"
"H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"="H:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe:*:Enabled:ENABLE"
"H:\Program Files\Messenger\msmsgs.exe"="H:\Program Files\Messenger\msmsgs.exe:*:Enabled:ENABLE"
"H:\Program Files\Rainlendar\Rainlendar.exe"="H:\Program Files\Rainlendar\Rainlendar.exe:*:Enabled:ENABLE"
"H:\Program Files\Google\Chrome\Application\chrome.exe"="H:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:ENABLE"
"H:\Program Files\Skype\Phone\Skype.exe"="H:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\Windows Live\Messenger\wlcsdk.exe"="H:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe"="H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c906cf4-eae6-11dc-bda1-001d606ddfeb}]
shell\AutoRun\command - C:\dvykjjsb.exe
shell\explore\command - C:\dvykjjsb.exe
shell\open\command - C:\dvykjjsb.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45c1f16c-d7fa-11dc-bd4b-001d606ddfeb}]
shell\AutoRun\command - eytjghnk.exe
shell\explore\command - eytjghnk.exe
shell\open\command - eytjghnk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d11d1ce-d7c1-11dc-bd4a-001d606ddfeb}]
shell\AutoRun\command - ie.exe
shell\explore\command - ie.exe
shell\open\command - ie.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad41a643-6dc9-11dd-bfb1-001d606ddfeb}]
shell\AutoRun\command - hsoylrhb.exe
shell\explore\command - hsoylrhb.exe
shell\open\command - hsoylrhb.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da181378-1def-11de-8263-001d606ddfeb}]
shell\AutoRun\command - K:\EXPLORER.EXE
shell\explore\command - K:\EXPLORER.EXE
shell\open\command - K:\EXPLORER.EXE


======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2009-07-15 22:19:38 ----D---- H:\rsit
2009-07-15 22:13:50 ----D---- H:\Program Files\Trend Micro
2009-07-15 21:55:24 ----DC---- H:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-15 21:45:45 ----D---- H:\Program Files\Drive Rescue
2009-07-15 17:33:34 ----D---- H:\Documents and Settings\All Users\Application Data\14297504
2009-07-13 19:30:22 ----A---- H:\WINDOWS\IsUninst.exe
2009-07-13 19:30:19 ----D---- H:\Documents and Settings\All Users\Application Data\10854214
2009-07-13 19:21:48 ----D---- H:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-13 19:21:45 ----D---- H:\Program Files\SUPERAntiSpyware
2009-07-13 19:21:45 ----D---- H:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com
2009-07-13 18:40:10 ----A---- H:\WINDOWS\ntbtlog.txt
2009-07-08 22:39:58 ----A---- H:\WINDOWS\SchedLgU.Txt
2009-07-08 20:59:14 ----D---- H:\Program Files\RegCleaner
2009-07-06 22:53:46 ----D---- H:\Documents and Settings\All Users\Application Data\17643434

======List of files/folders modified in the last 1 months======

2009-07-15 22:13:50 ----D---- H:\Program Files
2009-07-15 21:54:51 ----D---- H:\WINDOWS
2009-07-15 21:45:45 ----D---- H:\WINDOWS\system32
2009-07-15 21:10:56 ----SD---- H:\WINDOWS\Tasks
2009-07-15 17:37:40 ----D---- H:\WINDOWS\Temp
2009-07-15 17:34:59 ----D---- H:\WINDOWS\system32\drivers
2009-07-15 17:27:51 ----D---- H:\Program Files\Steam
2009-07-15 17:27:22 ----D---- H:\WINDOWS\system32\CatRoot2
2009-07-13 19:21:47 ----SHD---- H:\WINDOWS\Installer
2009-07-13 19:13:15 ----D---- H:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-08 21:05:52 ----D---- H:\WINDOWS\Debug
2009-07-08 20:53:20 ----D---- H:\Program Files\Fichiers communs\Wise Installation Wizard
2009-07-08 20:49:43 ----D---- H:\WINDOWS\Network Diagnostic
2009-07-08 20:48:16 ----D---- H:\Program Files\Shareaza
2009-07-08 20:48:15 ----D---- H:\Documents and Settings\Administrateur\Application Data\Shareaza
2009-07-08 20:23:37 ----D---- H:\Program Files\Norton Security Scan
2009-07-05 17:07:07 ----D---- H:\Program Files\Mozilla Firefox
2009-07-01 20:37:19 ----D---- H:\Documents and Settings\Administrateur\Application Data\FrostWire
2009-06-30 18:52:09 ----D---- H:\Documents and Settings\Administrateur\Application Data\Skype
2009-06-28 20:06:56 ----HD---- H:\WINDOWS\inf
2009-06-28 20:06:56 ----D---- H:\Program Files\Windows Live Safety Center
2009-06-27 00:36:42 ----D---- H:\Documents and Settings\Administrateur\Application Data\Azureus
2009-06-26 16:25:11 ----D---- H:\Program Files\Fichiers communs\Symantec Shared
2009-06-26 15:42:58 ----D---- H:\Program Files\Spybot
2009-06-25 21:48:39 ----A---- H:\WINDOWS\cdplayer.ini
2009-06-22 22:46:42 ----RSD---- H:\WINDOWS\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 kbdhid;Pilote HID de clavier; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; H:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 ElbyCDFL;ElbyCDFL; H:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2004-08-31 26240]
R3 GEARAspiWDM;GEAR CDRom Filter; H:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2008-02-09 13872]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Pilote de classe HID Microsoft; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; H:\WINDOWS\system32\DRIVERS\mcdbus.sys [2006-09-22 92160]
R3 mouhid;Pilote HID de souris; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; H:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-28 5810]
R3 usbccgp;Pilote parent générique USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Pilote de stockage de masse USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 intelppm;Pilote de processeur Intel; H:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
S1 SASDIFSV;SASDIFSV; \??\H:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\H:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
S1 ssmdrv;ssmdrv; H:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-06-10 28520]
S1 StarOpen;StarOpen; H:\WINDOWS\system32\drivers\StarOpen.sys [2009-03-04 5632]
S2 acpi32;acpi32; \??\H:\WINDOWS\system32\drivers\acpi32.sys []
S2 ati64si;ati64si; \??\H:\WINDOWS\system32\drivers\ati64si.sys []
S2 ElbyCDIO;ElbyCDIO Driver; H:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-21 9856]
S2 fips32cup;fips32cup; \??\H:\WINDOWS\system32\drivers\fips32cup.sys []
S2 fssfltr;FssFltr; H:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 i386si;i386si; \??\H:\WINDOWS\system32\drivers\i386si.sys []
S2 ksi32sk;ksi32sk; \??\H:\WINDOWS\system32\drivers\ksi32sk.sys []
S2 netsik;netsik; \??\H:\WINDOWS\system32\drivers\netsik.sys []
S2 nicsk32;nicsk32; \??\H:\WINDOWS\system32\drivers\nicsk32.sys []
S2 port135sik;port135sik; \??\H:\WINDOWS\system32\drivers\port135sik.sys []
S2 systemntmi;systemntmi; \??\H:\WINDOWS\system32\drivers\systemntmi.sys []
S2 ws2_32sik;ws2_32sik; \??\H:\WINDOWS\system32\drivers\ws2_32sik.sys []
S3 Arp1394;Protocole client ARP 1394; H:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 CCDECODE;Décodeur sous-titre fermé; H:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 IKFileSec;File Security Driver; H:\WINDOWS\system32\drivers\ikfilesec.sys [2009-02-17 40840]
S3 IKSysFlt;System Filter Driver; H:\WINDOWS\system32\drivers\iksysflt.sys [2009-02-17 66952]
S3 IKSysSec;System Security Driver; H:\WINDOWS\system32\drivers\iksyssec.sys [2009-02-17 81288]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-01-30 4725760]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\H:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; H:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; H:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Pilote réseau 1394; H:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nm;Pilote du Moniteur réseau; H:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; H:\WINDOWS\system32\drivers\npf.sys [2007-01-25 42000]
S3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-06-28 6807328]
S3 pcouffin;VSO Software pcouffin; H:\WINDOWS\System32\Drivers\pcouffin.sys [2008-12-14 47360]
S3 SASENUM;SASENUM; \??\H:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SLIP;Détrameur décalage BDA; H:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); H:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 58320]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; H:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 8304]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; H:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 94000]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); H:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; H:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; H:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; H:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Pilote USB audio (WDM); H:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbscan;Pilote de scanneur USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VX3000;VX-3000; H:\WINDOWS\system32\DRIVERS\VX3000.sys [2006-12-06 1964064]
S3 WSTCODEC;Codec Teletext standard; H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-12-18 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-12-18 82944]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; H:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-07-07 611664]
R2 WinDefend;Windows Defender; H:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler; H:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
S2 AudioSrv RemoteAssist;Audio Windows AudioSrv RemoteAssist; H:\WINDOWS\system32\Adobez.exe [2009-05-19 53248]
S2 Fax;Fax; H:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S2 GEARSecurity;GEARSecurity; H:\WINDOWS\SYSTEM32\GEARSEC.EXE [2008-02-09 53248]
S2 gupdate1c9908d1682a43e;Service Google Update (gupdate1c9908d1682a43e); H:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-17 133104]
S2 gusvc;Google Software Updater; H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S2 JavaQuickStarterService;Java Quick Starter; H:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]
S2 MSCamSvc;MSCamSvc; H:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-05 240408]
S2 NVSvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2007-06-28 155716]
S2 SeaPort;SeaPort; H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
S2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom); H:\Program Files\Belgacom\bin\sprtsvc.exe [2008-05-29 202016]
S2 SupportSoft RemoteAssist;SupportSoft RemoteAssist; H:\Program Files\Fichiers communs\Supportsoft\bin\ssrc.exe [2008-05-29 382320]
S2 UxTuneUp;TuneUp Extension de thème; H:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 Adobe LM Service;Adobe LM Service; H:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-01-25 72704]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; H:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-02-08 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; H:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 fsssvc;Windows Live Contrôle parental; H:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; H:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-05-19 30192]
S3 idsvc;Windows CardSpace; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 odserv;Microsoft Office Diagnostics Service; H:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; H:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); H:\Program Files\WinPcap\rpcapd.exe [2007-01-25 93048]
S3 sdAuxService;PC Tools Auxiliary Service; H:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; H:\Program Files\Spyware Doctor\pctsSvc.exe [2009-02-17 1079176]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; H:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-28 354560]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; H:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------
0
kefrens
15 juil. 2009 à 22:26
info.txt logfile of random's system information tool 1.06 2009-07-15 22:22:20

======Uninstall list======

-->H:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->H:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
ACDSee Pro 2-->MsiExec.exe /I{4AAC95F4-A30E-4EE5-A086-6F79581D0D70}
Acoustica Effects Pack-->H:\PROGRA~1\ACOUST~2\UNWISE.EXE H:\PROGRA~1\ACOUST~2\INSTALL.LOG
Acoustica Mixcraft 3.1-->H:\PROGRA~1\Mixcraft\ACOUST~1\Mixcraft3.exe uninstall
Acoustica MP3 Audio Mixer-->H:\PROGRA~1\ACOUST~1\ACOUST~1\UNWISE.EXE H:\PROGRA~1\ACOUST~1\ACOUST~1\INSTALL.LOG
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->H:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->H:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe InDesign CS2-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC}
Adobe Photoshop 7.0-->H:\WINDOWS\ISUN040C.EXE -f"H:\Program Files\Adobe\Photoshop 7.0\Uninst.isu" -c"H:\Program Files\Adobe\Photoshop 7.0\Uninst.dll"
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Adobe Shockwave Player 11.5-->"H:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101}
Adobe® Photoshop® Album Edition Découverte 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Archiveur WinRAR-->H:\Program Files\WinRAR\uninstall.exe
Ares 2.1.1-->"H:\Program Files\Ares\uninstall.exe"
Ask Toolbar-->"H:\Program Files\AskBarDis\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
ASUSDVD XP-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Attansic Ethernet Utility-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver-->rundll32.exe H:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst H:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1
Avira AntiVir Personal - Free Antivirus-->H:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Azureus Vuze-->H:\Program Files\Azureus\uninstall.exe
Bandlink-->H:\BandLink\BUninstall.exe
Belgacom Genius-->MsiExec.exe /X{FDE9FC7A-BF6D-4347-850D-05A16E6FEE17}
CCleaner (remove only)-->"H:\Program Files\CCleaner\uninst.exe"
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
CloneCD-->"H:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="H:\Program Files\SlySoft\CloneCD"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"H:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"H:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
DaViDeo 4 professional-->H:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{EF4EA1D8-E44E-41BA-B4C4-B4BEFDFCF2AC}
DivX Codec-->H:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->H:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->H:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->H:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->H:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
dolphin Wallpaper-->H:\WINDOWS\WEB\Wallpaper\dolphin dir\uninstall.exe
Dr Glitter-->H:\Program Files\Winamp\plugins\Dr Glitter\uninstallDrGlitterBeta.exe
Drive Rescue 1.9-->"H:\Program Files\Drive Rescue\unins000.exe"
eMusic - 50 Free MP3 offer-->"H:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
Extension de Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{0CA6047C-D28B-4295-834A-07C52BA20C2D}
Free DVD Video Burner version 1.1-->"H:\Program Files\DVDVideoSoft\Free DVD Video Burner\unins000.exe"
FrostWire 4.18.0-->H:\Program Files\FrostWire\Uninstall.exe
Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}
Google Chrome-->"H:\Program Files\Google\Chrome\Application\2.0.172.33\Installer\setup.exe" --uninstall --system-level
Google Desktop-->H:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Toolbar for Internet Explorer-->"H:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Home'Bank Light 3.3.3-->"H:\Program Files\ING\Off-line\Security\unins000.exe"
Installation Windows Live-->H:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
K-Lite Mega Codec Pack 3.6.5-->"H:\Program Files\K-Lite Codec Pack\unins000.exe"
MagicDisc 2.5.74-->H:\PROGRA~1\MAGICD~1\UNWISE.EXE H:\PROGRA~1\MAGICD~1\INSTALL.LOG
Malwarebytes' Anti-Malware-->"H:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Max Payne 2 Demo-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{012A835C-6937-44D0-8A04-6F40728538D4}\Setup.exe" -l0x9
Max Payne-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{39930321-4C58-4B8B-BCBF-342698C9801D}\setup.exe" uninstall uninstall
Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "H:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5-->H:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft LifeCam-->MsiExec.exe /X{718263DE-E612-4653-BB7D-7154BA9E31AB}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"H:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"H:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"H:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"H:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"H:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"H:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"H:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"H:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"H:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"H:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"H:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"H:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"H:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"H:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"H:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"H:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"H:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"H:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"H:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"H:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"H:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"H:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"H:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"H:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"H:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"H:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"H:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"H:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"H:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"H:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"H:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"H:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"H:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"H:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"H:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"H:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"H:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"H:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"H:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"H:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"H:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"H:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"H:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"H:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"H:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"H:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"H:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"H:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB961503)-->"H:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"H:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.5)-->H:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN-->H:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{1787603C-E6E3-42D4-8034-55F358486F1D}
Multimedia Card Reader-->H:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{0AFECCA6-61A0-409F-9205-67613984209D} /l1036
Nero 8 Lite 8.1.1.3-->"H:\Program Files\Nero\unins000.exe"
Next Generation Visualisations-->MsiExec.exe /I{2E376AD9-5C49-4F7D-A0BA-6A44E8FA5A3B}
Norton Security Scan (Symantec Corporation)-->"H:\Program Files\Fichiers communs\Symantec Shared\NSSSetup\{1E86581C-2858-4094-AB8B-D005EF96D4AC}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{1E86581C-2858-4094-AB8B-D005EF96D4AC}
NVIDIA Drivers-->H:\WINDOWS\system32\nvudisp.exe UninstallGUI
OGA Notifier 1.7.0105.35.0-->MsiExec.exe /I{25E98ECB-5727-408E-B30A-2CAF86F5B310}
OpenOffice.org Installer 1.0-->MsiExec.exe /X{3A2AF807-9F9F-43C9-A24A-17B617238B74}
Outil de mise à jour Google-->"H:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PeerTV 1.1.0-->"H:\Program Files\PeerTV\uninstall.exe"
PhotoFiltre-->"H:\Program Files\PhotoFiltre\Uninst.exe"
Picasa 3-->"H:\Program Files\Google\Picasa3\Uninstall.exe"
Prism Video Converter-->H:\Program Files\NCH Software\Prism\uninst.exe
QT Lite 2.2.0-->"H:\Program Files\QT Lite\unins000.exe"
Real Alternative 1.7.5 Lite-->"H:\Program Files\Real Alternative\unins000.exe"
RealPlayer-->H:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
RM-X® Audio Capture-->"H:\Program Files\RM-X® Audio Capture\unins000.exe"
SAMSUNG CDMA Modem Driver Set-->H:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem ^^-->H:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->H:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->H:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
Samsung PC Studio-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
Samsung Samples Installer-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x40c -removeonly
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Serif MoviePlus 5-->MsiExec.exe /X{78728272-F480-4899-BBCB-776207C77D89}
Services Off-line de Home'Bank 4.51-->"H:\Program Files\ING\Off-line\unins000.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Spybot - Search & Destroy-->"H:\Program Files\Spybot S&D\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 6.0-->H:\Program Files\Spyware Doctor\unins000.exe /LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Surligneur (Windows Live Toolbar)-->MsiExec.exe /X{81B5F83F-2291-48B0-8375-36B63A9BF5B0}
Team Fortress 2-->"H:\Program Files\Steam\steam.exe" steam://uninstall/440
Terayon DOCSIS Modem-->RunDll32 H:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "H:\Program Files\InstallShield Installation Information\{C98F2FE6-5AF5-11D6-8209-00D0B701C7B5}\Setup.exe" -l0x9
Theorica Divx ;-) Codecs (remove only)-->H:\Program Files\Theorica Divx ;-) Codecs\Uninstall.exe
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Uninstall 1.0.0.1-->"H:\Program Files\Fichiers communs\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB969907)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {74F98B24-AFBD-4800-9BD6-87D349B5C462}
Update for Outlook 2007 Junk Email Filter (kb970012)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {DC4A962B-9EC2-469C-BC9C-87312ADAEE81}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6h-->H:\Program Files\VLC\uninstall.exe
Virtual Sampler SDK-->H:\WINDOWS\uninst.exe -f"h:\program files\music\VSDDK\DeIsL1.isu" -c"h:\program files\music\VSDDK\_ISREG32.DLL"
VURecorder-->"H:\Program Files\Music\VURecorder\Uninstall.exe"
Winamp Remote-->"H:\Program Files\Winamp Remote\uninstall.exe"
Winamp Toolbar for Internet Explorer-->"H:\Program Files\Winamp Toolbar\uninstall.exe"
Winamp-->"H:\Program Files\Winamp\UninstWA.exe"
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Imaging Component-->"H:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Contrôle parental-->MsiExec.exe /X{D6A2DDE3-9D7C-412C-932A-756580D29919}
Windows Live Favorites pour Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live OneCare safety scanner-->RunDll32.exe "H:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}
Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353}
Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}
Windows Media Format 11 runtime-->"H:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"H:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"H:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 4.0-->H:\Program Files\WinPcap\uninstall.exe
Yahoo! Install Manager-->H:\WINDOWS\system32\regsvr32 /u H:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->H:\PROGRA~1\Yahoo!\Common\unyt.exe

======Hosts File======

::1 localhost
127.0.0.1 rad.msn.com
127.0.0.1 rad.live.com
127.0.0.1 ads1.msn.com
127.0.0.1 adfarm.mediaplex.com
127.0.0.1 localhost
127.0.0.1 0-2u.com
127.0.0.1 0-days.net
127.0.0.1 0.start.bz
127.0.0.1 00-12.us

======System event log======

Computer Name: FC5F942795334BF
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service MBAMSwissArmy.

Record Number: 25962
Source Name: Service Control Manager
Time Written: 20090104204158.000000+060
Event Type: Informations
User: FC5F942795334BF\Administrateur

Computer Name: FC5F942795334BF
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service MBAMSwissArmy.

Record Number: 25961
Source Name: Service Control Manager
Time Written: 20090104204051.000000+060
Event Type: Informations
User: FC5F942795334BF\Administrateur

Computer Name: FC5F942795334BF
Event Code: 34
Message: Le service de temps a détecté que l'heure système doit être modifiée de
-20991599 secondes. Le service de temps ne va pas modifier
l'heure système de plus de -54000 secondes. Vérifiez que votre heure et votre fuseau horaire
sont corrects et que la source de temps time.windows.com (ntp.m|0x1|192.168.1.64:123->207.46.232.182:123) fonctionne correctement.

Record Number: 25960
Source Name: W32Time
Time Written: 20090904193142.000000+120
Event Type: erreur
User:

Computer Name: FC5F942795334BF
Event Code: 1000
Message: Votre ordinateur a perdu le bail de son adresse IP 192.168.1.64 sur la
carte réseau d'adresse réseau 001D606DDFEB.

Record Number: 25959
Source Name: Dhcp
Time Written: 20090904193123.000000+120
Event Type: erreur
User:

Computer Name: FC5F942795334BF
Event Code: 1003
Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 001D606DDFEB. Il s'est
produit l'erreur suivante :
Le délai de temporisation de sémaphore a expiré.
.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Record Number: 25958
Source Name: Dhcp
Time Written: 20090904193123.000000+120
Event Type: Avertissement
User:

=====Application event log=====

Computer Name: FC5F942795334BF
Event Code: 0
Message:
Record Number: 13384
Source Name: MSCamSvc
Time Written: 20090104221807.000000+060
Event Type: Informations
User:

Computer Name: FC5F942795334BF
Event Code: 0
Message:
Record Number: 13383
Source Name: MSCamSvc
Time Written: 20090104221807.000000+060
Event Type: Informations
User:

Computer Name: FC5F942795334BF
Event Code: 0
Message:
Record Number: 13382
Source Name: MSCamSvc
Time Written: 20090104221807.000000+060
Event Type: Informations
User:

Computer Name: FC5F942795334BF
Event Code: 4096
Message: The AntiVir service has been started successfully!

Record Number: 13381
Source Name: Avira AntiVir
Time Written: 20090104221804.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: FC5F942795334BF
Event Code: 1
Message: Support Provider: belgacom
Job ID: e893c580-2565-4bb7-b6ab-0c58362b02ca
Job Status: Completed Job: name=Periodic SmartIssue, cmd="H:\Program Files\\Belgacom\agent\bin\bcont_nm.exe" /snapins:starting_snapin snapin_smartissuesender /starthidden /ignoresingle, exit=0

Record Number: 13380
Source Name: belgacom
Time Written: 20090904202930.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;H:\Program Files;H:\Program Files\Fichiers communs\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------
0
Réponse 2 / 4
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
15 juil. 2009 à 22:28
Il manque une partie du rapport (hijackthis n'a apparemment pas pu se lancer), mais on va faire sans pour le moment.


Il y a une barre d'outil néfaste sur ton ordinateur (AskBar)... Pour éviter ce genre d'infection, il faut tout lire attentivement lorsque tu installes un programme gratuit, et décocher tous les programmes additionnels qui sont proposés, en particulier les barres d'outils !

• Télécharge Toolbar-S&D (de la team IDN) sur ton Bureau.
• Lance l'installation du programme en exécutant le fichier téléchargé.
• Double-clique maintenant sur le raccourci de Toolbar-S&D.
• Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
• Choisis directement l'option 2 (Suppression). Patiente jusqu'à la fin de la recherche.
• Poste le rapport généré. (C:\TB.txt)



Ensuite, fais ce scan généraliste stp :

• Télécharge et installe Malwarebytes' Anti-Malware
• A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
• Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
• Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
• A la fin du scan, clique sur Afficher les résultats
• Coche tous les éléments détectés puis clique sur Supprimer la sélection
• Enregistre le rapport
• S'il t'est demandé de redémarrer, clique sur Yes
• Poste dans ta prochaine réponse le rapport apparaissant après la suppression stp

0
kefrens
15 juil. 2009 à 22:36
-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz )
BIOS : BIOS Date: 07/03/07 20:14:02 Ver: 08.00.12
USER : Administrateur ( Administrator )
BOOT : Fail-safe with network boot
A:\ (USB)
D:\ (USB)
E:\ (USB)
F:\ (USB)
G:\ (CD or DVD) - CDFS - Total:3 Go (Free:0 Go)
H:\ (Local Disk) - NTFS - Total:232 Go (Free:95 Go)
I:\ (CD or DVD)
J:\ (USB)

"H:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 15/07/2009|22:34 )

-----------\\ SUPPRESSION

Supprime! - H:\Program Files\AskBarDis\bar
Supprime! - H:\Program Files\AskBarDis\PopSwatter
Supprime! - H:\Program Files\AskBarDis\unins000.dat
Supprime! - H:\Program Files\AskBarDis\unins000.exe
Supprime! - H:\Program Files\AskBarDis

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Administrateur) - {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} => flashgot
(Administrateur) - {33a159b0-5d44-40b2-8b21-dc978d5786e0} => fb_tools
(Administrateur) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar
(Administrateur) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="https://www.google.fr/?gws_rd=ssl"
"Search Bar"="https://www.google.fr/?gws_rd=ssl"
"Start Page"="https://www.google.be/?gws_rd=ssl"
"Default_Search_URL"="http://www.google.fr/keyword/%s"
"Local Page"="H:\\WINDOWS\\system32\\blank.htm"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.google.fr/?gws_rd=ssl"
"Default_Search_URL"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.google.fr/?gws_rd=ssl"
"Start Page"="https://home.sweetim.com/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "H:\ToolBar SD\TB_1.txt" - 15/07/2009|22:35 - Option : [2]

-----------\\ Fin du rapport a 22:35:20,71
0
kefrens
15 juil. 2009 à 22:41
Le rapport Malware arrive... merci en tout cas.
0
kefrens
15 juil. 2009 à 22:43
Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2435
Windows 5.1.2600 Service Pack 3

15/07/2009 22:43:03
mbam-log-2009-07-15 (22-43-03).txt

Type de recherche: Examen rapide
Eléments examinés: 88430
Temps écoulé: 2 minute(s), 21 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 100
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 9

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ati64si (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\port135sik (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCONSOL.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVWNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SCAN32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ZONEALARM.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\outpost.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\autoruns.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASTask.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVDX.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFW32X.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\A2SERVICE.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGNT.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVGUARD.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVSCAN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CASecurityCENTER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVSERVER.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWIN.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSAV32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSGK32ST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Systemntmi (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\14297504 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
H:\Documents and Settings\All Users\Application Data\14297504\14297504.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
h:\WINDOWS\system32\Adobez.exe (Trojan.Agent) -> Quarantined and deleted successfully.
h:\WINDOWS\system32\drivers\i386si.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
h:\documents and settings\administrateur\local settings\Temp\BN46.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
h:\documents and settings\administrateur\local settings\Temp\BN57.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
h:\WINDOWS\Temp\BN2A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
H:\Documents and Settings\Administrateur\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
H:\Documents and Settings\Administrateur\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
H:\Documents and Settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd (Trace.Pandex) -> Quarantined and deleted successfully.
0
Réponse 3 / 4
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
15 juil. 2009 à 22:48
Il y a encore pas mal de travail pour désinfecter...


D'abord, fais ceci pour désinfecter tes disques amovibles :

Télécharge FindyKill (de Chiquitine29 et C_XX) sur ton Bureau
• Lance l'installation avec les paramètres par défaut
• Branche tes sources de données externes à ton PC (clé USB, disque dur externe, lecteur mp3 etc...) sans les ouvrir
• Double clique sur le raccourci FindyKill sur ton Bureau
• Au menu principal, choisis l'option 2 (Suppression)
• Ton Bureau va disparaitre, puis l'ordinateur va redémarrer --> c'est normal
• Laisse travailler l'outil jusqu'au bout
• A la fin, le rapport va s'afficher --> poste le dans ta prochaine réponse stp



Ensuite, on continue avec Combofix :


/!\ A l'attention de ceux qui passent sur ce sujet /!\
Le logiciel qui suit n'est pas à utiliser à la légère et peut faire des dégâts s'il est mal utilisé ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.


/!\ Désactive tous tes logiciels de protection /!\

• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Il va te demander d'installer la console de récupération : accepte.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Tutoriel officiel de Combofix : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

0
kefrens
15 juil. 2009 à 23:07
############################## | FindyKill V6.006 |

# User : Administrateur (Administrateurs) # FC5F942795334BF
# Update on 14/07/09 by Chiquitine29 & C_XX
# Start at: 22:54:54 | 15/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque amovible # 1,88 Go (996,56 Mo free) # FAT
# D:\ # Disque amovible
# E:\ # Disque amovible
# F:\ # Disque amovible
# G:\ # Disque CD-ROM # 3,99 Go (0 Mo free) [UTILS 2-2008] # CDFS
# H:\ # Disque fixe local # 232,88 Go (95,76 Go free) [DISQUE PRINCIPAL] # NTFS
# I:\ # Disque CD-ROM
# J:\ # Disque amovible
# K:\ # Disque amovible # 3,82 Go (242,5 Mo free) # FAT32

############################## | Processus actifs |

H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Windows Defender\MsMpEng.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\logonui.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
H:\WINDOWS\system32\WgaTray.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir Desktop\sched.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\SYSTEM32\GEARSEC.EXE
H:\Program Files\Google\Update\GoogleUpdate.exe
H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Microsoft LifeCam\MSCamS32.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
H:\Program Files\Belgacom\bin\sprtsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\system32\wscntfy.exe

################## | Fichiers # Dossiers infectieux |


################## | H:\Documents and Settings\Administrateur\Temporary Internet Files |

Supprimé ! H:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mia1B.tmp\data\Microsoft Visual C++ Runtime 9.0 (includes ATL and MFC) Service Pack 1\mFileBagIDE.dll\bag\install.exe

################## | All Drives ... |

K:\autorun.inf # -> fichier appelé : "K:\EXPLORER.EXE" ( Présent ! )
Supprimé ! -> K:\EXPLORER.EXE
Supprimé ! K:\autorun.inf
Supprimé ! K:\winfile.exe
################## | Autres ... |


################## | Registre # Clés Run infectieuses |

Supprimé ! HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Administrateur"
Supprimé ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{2c906cf4-eae6-11dc-bda1-001d606ddfeb}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{45c1f16c-d7fa-11dc-bd4b-001d606ddfeb}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{8d11d1ce-d7c1-11dc-bd4a-001d606ddfeb}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{ad41a643-6dc9-11dd-bfb1-001d606ddfeb}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{da181378-1def-11de-8263-001d606ddfeb}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[11/02/2008 22:30|-rahs----|211] - H:\boot.ini
[08/07/2009 22:38|---------|3866] - H:\bootex.log
[18/12/2007 04:04|-rahs----|4952] - H:\Bootfont.bin
[19/07/2008 23:04|--a------|1419] - H:\cleannavi.txt
[29/05/2009 17:03|---hs----|72] - H:\desktop.ini
[15/07/2009 23:04|--a------|3747] - H:\FindyKill.txt
[24/01/2009 23:17|--a------|193] - H:\Lecteur CD.lnk
[18/12/2007 04:04|-rahs----|47564] - H:\NTDETECT.COM
[09/09/2008 08:01|-rahs----|252240] - H:\ntldr
[?|?|?] - H:\pagefile.sys
[10/02/2008 12:07|--ah-----|232] - H:\sqmdata00.sqm
[10/02/2008 12:07|--ah-----|244] - H:\sqmnoopt00.sqm
[15/07/2009 22:35|--a------|2140] - H:\TB.txt
[04/07/2008 13:10|--a------|708] - H:\wsr.txt
[27/12/2002 18:44|-rahs----|582] - K:\SETTINGS.DAT
[09/06/2009 21:39|---hs----|72] - K:\desktop.ini
[10/06/2009 21:44|--a------|230424] - K:\img2-001.raw

################## | Vaccination |

# C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# H:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# K:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.

################## | Etat / Services / Informations |

# Mode sans echec : OK


# Affichage des fichiers cachés : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# windefend -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH ... |


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # FindyKill V6.006 ! |
0
kefrens
15 juil. 2009 à 23:20
ComboFix 09-07-14.08 - Administrateur 15/07/2009 23:09.1.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2047.1522 [GMT 2:00]
Running from: h:\documents and settings\Administrateur\Mes documents\Downloads\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\desktop.ini
h:\documents and settings\Administrateur\Administrateur.exe
h:\documents and settings\Administrateur\Application Data\inst.exe
h:\windows\system32\msconfig.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPI32
-------\Legacy_ATI64SI
-------\Legacy_AUDIOSRV_REMOTEASSIST
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_KSI32SK
-------\Legacy_NETSIK
-------\Legacy_NICSK32
-------\Legacy_PORT135SIK
-------\Legacy_SECURENTM
-------\Legacy_SYSTEMNTMI
-------\Legacy_WS2_32SIK
-------\Service_AudioSrv RemoteAssist


((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 )))))))))))))))))))))))))))))))
.

2009-07-15 20:50 . 2009-07-15 21:05 -------- d-----w- H:\FindyKill
2009-07-15 20:32 . 2009-07-15 20:35 -------- d-----w- H:\ToolBar SD
2009-07-15 20:19 . 2009-07-15 20:22 -------- d-----w- H:\rsit
2009-07-15 20:13 . 2009-07-15 20:19 -------- d-----w- h:\program files\Trend Micro
2009-07-15 19:55 . 2009-07-15 19:55 -------- dc----w- h:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-15 19:45 . 2009-07-15 19:45 -------- d-----w- h:\program files\Drive Rescue
2009-07-15 15:33 . 2009-07-15 20:43 -------- d-----w- h:\documents and settings\All Users\Application Data\14297504
2009-07-14 21:51 . 2009-07-14 21:51 438651 ----a-w- h:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aescript.dll
2009-07-14 21:51 . 2009-07-14 21:51 430452 ----a-w- h:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aerdl.dll
2009-07-14 21:51 . 2009-07-14 21:51 1855864 ----a-w- h:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeheur.dll
2009-07-14 21:51 . 2009-07-14 21:51 229748 ----a-w- h:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aehelp.dll
2009-07-14 21:51 . 2009-07-14 21:51 180597 ----a-w- h:\documents and settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aecore.dll
2009-07-13 17:30 . 1998-10-29 14:45 306688 ----a-w- h:\windows\IsUninst.exe
2009-07-13 17:30 . 2009-07-14 21:47 -------- d-----w- h:\documents and settings\All Users\Application Data\10854214
2009-07-13 17:21 . 2009-07-13 17:21 -------- d-----w- h:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-13 17:21 . 2009-07-14 13:38 -------- d-----w- h:\program files\SUPERAntiSpyware
2009-07-13 17:21 . 2009-07-13 17:21 -------- d-----w- h:\documents and settings\Administrateur\Application Data\SUPERAntiSpyware.com
2009-07-08 18:59 . 2009-07-08 19:02 -------- d-----w- h:\program files\RegCleaner
2009-07-06 20:53 . 2009-07-13 17:13 -------- d-----w- h:\documents and settings\All Users\Application Data\17643434
2009-06-16 19:17 . 2009-06-16 19:17 1915520 ----a-w- h:\documents and settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-15 21:16 . 2008-12-30 20:19 -------- d-----w- h:\program files\Steam
2009-07-15 21:06 . 2007-12-18 02:04 85458 ----a-w- h:\windows\system32\perfc00C.dat
2009-07-15 21:06 . 2007-12-18 02:04 512926 ----a-w- h:\windows\system32\perfh00C.dat
2009-07-15 20:38 . 2008-06-19 22:26 -------- d-----w- h:\program files\Malwarebytes' Anti-Malware
2009-07-15 20:37 . 2008-08-06 06:04 3775175 ----a-w- h:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-15 15:37 . 2009-06-09 21:30 93 --s-a-w- h:\windows\system32\2896099392.dat
2009-07-13 17:13 . 2009-02-16 23:18 -------- d-----w- h:\documents and settings\All Users\Application Data\Google Updater
2009-07-13 11:36 . 2008-08-06 06:05 38160 ----a-w- h:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2008-06-19 22:26 19096 ----a-w- h:\windows\system32\drivers\mbam.sys
2009-07-08 18:53 . 2008-02-07 20:31 -------- d-----w- h:\program files\Fichiers communs\Wise Installation Wizard
2009-07-08 18:48 . 2008-02-14 14:53 -------- d-----w- h:\program files\Shareaza
2009-07-08 18:48 . 2008-02-14 14:54 -------- d-----w- h:\documents and settings\Administrateur\Application Data\Shareaza
2009-07-08 18:23 . 2009-02-16 23:19 -------- d-----w- h:\program files\Norton Security Scan
2009-07-01 18:37 . 2009-02-09 22:23 -------- d-----w- h:\documents and settings\Administrateur\Application Data\FrostWire
2009-06-30 16:52 . 2008-02-07 20:39 -------- d-----w- h:\documents and settings\Administrateur\Application Data\Skype
2009-06-28 18:06 . 2009-05-17 23:33 -------- d-----w- h:\program files\Windows Live Safety Center
2009-06-26 22:36 . 2008-05-02 16:16 -------- d-----w- h:\documents and settings\Administrateur\Application Data\Azureus
2009-06-26 14:25 . 2009-02-16 23:19 -------- d-----w- h:\program files\Fichiers communs\Symantec Shared
2009-06-26 13:42 . 2008-02-07 18:53 -------- d-----w- h:\program files\Spybot
2009-06-22 20:51 . 2008-02-07 19:05 357968 ----a-w- h:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-14 01:41 . 2008-02-07 23:17 -------- d-----w- h:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-08 18:44 . 2009-02-09 22:23 -------- d-----w- h:\program files\FrostWire
2009-06-02 19:53 . 2009-06-02 19:53 -------- d-----w- h:\program files\Avira
2009-06-02 19:53 . 2009-06-02 19:53 -------- d-----w- h:\documents and settings\All Users\Application Data\Avira
2009-05-29 18:29 . 2008-02-07 20:39 -------- d-----w- h:\documents and settings\All Users\Application Data\Skype
2009-05-29 18:29 . 2008-02-07 20:39 -------- d-----r- h:\program files\Skype
2009-05-29 11:53 . 2009-06-22 20:40 648736 ----a-w- h:\windows\Fonts\HawaiiLover.ttf
2009-05-20 09:52 . 2008-05-02 16:08 -------- d-----w- h:\program files\Azureus
2009-05-19 12:43 . 2008-02-07 20:39 -------- d-----w- h:\program files\Google
2009-05-19 12:40 . 2009-05-19 12:40 32 --s-a-w- h:\windows\system32\2295763562.dat
2009-05-07 15:33 . 2007-12-18 02:04 348672 ----a-w- h:\windows\system32\localspl.dll
2009-05-03 12:23 . 2009-04-05 14:51 1878984 ----a-w- h:\documents and settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- h:\windows\system32\GPhotos.scr
2009-04-29 04:37 . 2007-12-18 02:04 828928 ----a-w- h:\windows\system32\wininet.dll
2009-04-29 04:37 . 2007-12-18 02:04 78336 ----a-w- h:\windows\system32\ieencode.dll
2009-04-19 19:50 . 2007-12-18 02:04 1847296 ----a-w- h:\windows\system32\win32k.sys
2008-12-18 10:44 . 2008-09-01 19:21 134648 ----a-w- h:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-19 12:43 . 2009-05-19 12:43 122880 ----a-w- h:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- h:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- h:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------


[-] 2004-08-19 15:09 33792 DE71362123E81D268088E78543752576 h:\windows\$NtServicePackUninstall$\msgsvc.dll
[7] 2008-04-14 02:33 33792 E67A66A3781C1A483F0F8992664CBE0D h:\windows\ServicePackFiles\i386\msgsvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="h:\program files\Spybot S&D\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ctfmon.exe"="h:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="h:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-09 68856]
"Steam"="h:\program files\Steam\Steam.exe" [2009-06-10 1217784]
"MSMSGS"="h:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SUPERAntiSpyware"="h:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="h:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"Adobe Photo Downloader"="h:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"LifeCam"="h:\program files\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800]
"VX3000"="h:\windows\vVX3000.exe" [2006-12-05 707360]
"Belgacom"="h:\program files\Belgacom\bin\sprtcmd.exe" [2008-05-29 202016]
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"TkBellExe"="h:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2009-04-07 185632]
"Google Desktop Search"="h:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-05-19 30192]
"RTHDCPL"="RTHDCPL.EXE" - h:\windows\RTHDCPL.EXE [2008-01-29 16859648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="h:\windows\system32\sti_ci.dll" [2008-04-14 138240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="h:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"TSClientMSIUninstaller"="h:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2007-10-30 13801]
"tscuninstall"="h:\windows\system32\tscupgrd.exe" [2007-12-18 44544]
"nltide_3"="advpack.dll" - h:\windows\system32\advpack.dll [2009-04-29 124928]

h:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Rainlendar.lnk - h:\program files\Rainlendar\Rainlendar.exe [2004-12-5 118784]

h:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - h:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-5-2 110592]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "h:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 11:41 294912 ----a-w- h:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="h:\program files\Skype\Phone\Skype.exe" /nosplash /minimized
"ctfmon.exe"=h:\windows\system32\ctfmon.exe
"swg"=h:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Orb"="h:\program files\Winamp Remote\bin\OrbTray.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"nwiz"=nwiz.exe /install
"NvMediaCenter"=RUNDLL32.EXE h:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Styler"=c:\program files\styler\Styler.exe
"NvCplDaemon"=RUNDLL32.EXE h:\windows\system32\NvCpl.dll,NvStartup
"Adobe Photo Downloader"="h:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"CloneCDTray"="h:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"WinampAgent"="h:\program files\Winamp\winampa.exe"
"asaaaa"=c:\program files\uninstall information\aaaaa.exe
"Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun
"UberIcon"="c:\program files\UberIcon\UberIcon Manager.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"h:\\Program Files\\PeerTV\\PeerCast.exe"=
"h:\\Program Files\\PeerTV\\VLC\\vlc.exe"=
"h:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"h:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"h:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"h:\\Program Files\\LimeWire\\LimeWire.exe"=
"h:\\Program Files\\Azureus\\Azureus.exe"=
"h:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"h:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"h:\\Program Files\\Steam\\steamapps\\kevinbrown2000\\team fortress 2\\hl2.exe"=
"h:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"h:\\Program Files\\FrostWire\\FrostWire.exe"=
"h:\\Program Files\\Ares\\Ares.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"h:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"h:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"h:\\WINDOWS\\system32\\WgaTray.exe"=
"h:\\Program Files\\Windows Defender\\MSASCui.exe"=
"h:\\WINDOWS\\RTHDCPL.EXE"=
"h:\\Program Files\\Adobe\\Photoshop Album Edition Découverte\\3.2\\Apps\\apdproxy.exe"=
"h:\\WINDOWS\\vVX3000.exe"=
"h:\\Program Files\\Belgacom\\bin\\sprtcmd.exe"=
"h:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
"h:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe"=
"h:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"h:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"=
"h:\\Program Files\\Messenger\\msmsgs.exe"=
"h:\\Program Files\\Rainlendar\\Rainlendar.exe"=
"h:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"h:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6346:TCP"= 6346:TCP:Shareaza
"6346:UDP"= 6346:UDP:Shareaza
"57931:TCP"= 57931:TCP:Pando P2P TCP Listening Port
"57931:UDP"= 57931:UDP:Pando P2P UDP Listening Port

R0 Si3124;Si3124;h:\windows\system32\drivers\si3124.sys [18/12/2007 04:04 76208]
R0 Si3531;Si3531;h:\windows\system32\drivers\Si3531.sys [18/12/2007 04:04 210224]
R1 SASDIFSV;SASDIFSV;h:\program files\SUPERAntiSpyware\sasdifsv.sys [10/10/2006 13:53 5632]
R1 SASKUTIL;SASKUTIL;h:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27/02/2007 12:39 32256]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;h:\program files\Avira\AntiVir Desktop\sched.exe [02/06/2009 21:53 108289]
R2 fssfltr;FssFltr;h:\windows\system32\drivers\fssfltr_tdi.sys [14/04/2009 19:35 55152]
R2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);h:\program files\Belgacom\bin\sprtsvc.exe [29/05/2008 12:18 202016]
R2 WinDefend;Windows Defender;h:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;h:\windows\system32\drivers\atl01_xp.sys [09/02/2008 23:35 38656]
R3 SASENUM;SASENUM;h:\program files\SUPERAntiSpyware\SASENUM.SYS [16/02/2006 17:51 4096]
S2 gupdate1c9908d1682a43e;Service Google Update (gupdate1c9908d1682a43e);h:\program files\Google\Update\GoogleUpdate.exe [17/02/2009 01:19 133104]
S3 fsssvc;Windows Live Contrôle parental;h:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 18:08 533360]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;h:\program files\Google\Google Desktop Search\GoogleDesktop.exe [19/05/2009 14:43 30192]
S3 NPF;NetGroup Packet Filter Driver;h:\windows\system32\drivers\npf.sys [25/01/2007 19:31 42000]
S3 sdAuxService;PC Tools Auxiliary Service;h:\program files\Spyware Doctor\pctsAuxs.exe [17/02/2009 01:20 356920]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - HELPSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-07-15 h:\windows\Tasks\Google Software Updater.job
- h:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-02-10 07:59]

2009-07-15 h:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 23:19]

2009-07-15 h:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- h:\program files\Google\Update\GoogleUpdate.exe [2009-02-16 23:19]

2009-05-29 h:\windows\Tasks\Maintenance en 1 clic.job
- h:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 13:17]

2009-07-15 h:\windows\Tasks\MP Scheduled Scan.job
- h:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-06-26 h:\windows\Tasks\Norton Security Scan for Administrateur.job
- h:\program files\Norton Security Scan\Nss.exe [2008-09-19 19:20]

2009-07-06 h:\windows\Tasks\OGADaily.job
- h:\windows\system32\OGAVerify.exe [2008-12-31 16:04]

2009-07-15 h:\windows\Tasks\OGALogon.job
- h:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - h:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-SaveLinksOrder - (no file)
Toolbar-Locked - (no file)
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - h:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)
Toolbar-ITBar7Layout - (no file)
Toolbar-ITBar7Position - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - h:\program files\AskBarDis\bar\bin\askBar.dll
HKLM-Run-VisualTaskTips - c:\windows\System32\VisualTaskTips.exe
HKLM-Run-Vistadrv - c:\windows\system32\Vistadrive\vsdrv.exe
HKLM-Run-Regedit32 - h:\windows\system32\regedit.exe
HKU-Default-RunOnce-nltide3 - rundll32 advpack.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.fr/keyword/%s
uSearchURL,(Default) = hxxp://www.google.fr/keyword/%s
IE: &Winamp Toolbar Search - h:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - h:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Convertir les liens sélectionnés en fichier Adobe PDF - h:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: E&xporter vers Microsoft Excel - h:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - h:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ugbz6fsk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ig
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: h:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ugbz6fsk.default\extensions\{33a159b0-5d44-40b2-8b21-dc978d5786e0}\components\FFExternalAlert.dll
FF - component: h:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: h:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: h:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: h:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: h:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: h:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: h:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-15 23:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-682003330-1897051121-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{538327F9-2B6F-1BB2-9BD5-550A3D3D41E8}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iacffhecdcdpoifpdd"=hex:69,61,69,66,6f,62,6d,66,6b,6e,6c,66,69,61,6c,67,64,64,
00,00
"haaobbhomclapcod"=hex:69,61,69,66,6f,62,6d,66,6b,6e,6c,66,69,61,6c,67,64,64,
00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1124)
h:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(136)
h:\windows\system32\eappprxy.dll
h:\windows\system32\msls31.dll
h:\windows\system32\WPDShServiceObj.dll
h:\windows\system32\PortableDeviceTypes.dll
h:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
h:\program files\Lavasoft\Ad-Aware\aawservice.exe
h:\windows\system32\WgaTray.exe
h:\windows\system32\GEARSEC.EXE
h:\program files\Java\jre6\bin\jqs.exe
h:\program files\Microsoft LifeCam\MSCamS32.exe
h:\windows\system32\nvsvc32.exe
h:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
h:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-15 23:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-15 21:19

Pre-Run: 104 078 106 624 octets libres
Post-Run: 103 965 298 688 octets libres

333 --- E O F --- 2009-07-13 17:51
0
kefrens
15 juil. 2009 à 23:27
Voila, j'ai posté le dernier rapport, qu'en penses-tu?
0
Réponse 4 / 4
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790
15 juil. 2009 à 23:29
/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour kefrens, il n'est pas transposable sur un autre ordinateur !

• Télécharge ce dossier kefrens.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un autre dossier va apparaitre, prends le fichier CFScript.txt qui se trouve à l'intérieur et place le sur le Bureau.

• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme sur ce lien)
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt



Ensuite, fais redémarrer ton ordinateur et poste un nouveau rapport RSIT stp



Remarque : Je vais aller me coucher, et demain je travaille : j'analyserai donc le rapport demain en fin de journée, et je t'aiderai à finir la désinfection ;)

Merci de patienter et de revenir jusqu'au bout.

0
kefrens
15 juil. 2009 à 23:32
Franchement, merci beaucoup, je vais faire ce que tu me dis. Moi aussi je bosse demain. Comment faire pour qu'on ne se croise pas?
0
anthony5151 Messages postés 10573 Date d'inscription vendredi 27 juin 2008 Statut Contributeur sécurité Dernière intervention 2 mars 2015 790 > kefrens
16 juil. 2009 à 00:06
Poste ton rapport Combofix quand tu peux, et j'y répondrai quand je pourrai :)
Si on n'est pas sur le forum en même temps, ce n'est pas grave, on n'est pas pressé (de toute façon, on a quasiment terminé je pense)

0

Discussions similaires

comment faire si on a un mail delivery system
angeldu5954 -
angeldu5954 -

5 réponses
Code de réinitialisation mdp facebook sans le demander
Colonel_El_Moustachat -
Colonel_El_Moustachat -

4 réponses
Analyse de l'appli "AI SECURITY"
cl06 -
CCMBot -

1 réponse
Boîte mail piratée ?
mike the llama -
mike the llama -

4 réponses
Supprimer un fichier ouvert dans systeme.
kakashiles -
yly -

12 réponses