Sujet Précédent Sujet Suivant

Infection Trojan Win32:Neredr [Drp]

amel95700 -  
Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   -
bonjour,

j'ai un gros problème avec mon PC,
j'ai un virus que avast n'arrive pas à supprimer:

nom fichier: C:\WINDOWS\Temp\wpv501248682155.exe\install.exe
nom logiciel malveillant : Win32:Neredr [Drp]
type logiciel malveillant : Dropper

j'ai téléchargé le logiciel RSIT,

voici le résultat des 2 fichiers:

log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by jamel at 2009-07-29 19:36:08
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 307 MB (2%) free of 16 GB
Total RAM: 1726 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:31, on 29/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
e:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
e:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\down111\dl chrome\RSIT.exe
C:\Program Files\trend micro\jamel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/french/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet2\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet2\getflash.dll
O3 - Toolbar: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\Program Files\FlashGet2\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O8 - Extra context menu item: &Point&&Go - C:\Program Files\Fichiers communs\Expert System\PGPlatform\PGPlatform.htm
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet2\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet2\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - e:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{63F17E50-DAE2-472E-A11D-D3EAB3FBDED9}: NameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{FC172901-2A9D-434D-BA2C-EA0C0F4D55E3}: NameServer = 192.168.1.254
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - e:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - e:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 11200 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Maintenance en 1 clic.job
C:\WINDOWS\tasks\Norton Security Scan for jamel.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3614266843-1320642227-489357617-1006Core.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-04-09 688128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
Flashget Catch Url Class - D:\Program Files\FlashGet2\jccatch.dll [2006-12-11 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - e:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-04 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-04 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\kb128\SearchSettings.dll [2009-04-09 1091584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
gFlash Class - D:\Program Files\FlashGet2\getflash.dll [2006-11-06 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{259F616C-A300-44F5-B04A-ED001A26C85C}
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet - D:\Program Files\FlashGet2\fgiebar.dll [2006-11-19 98304]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-04-09 688128]
{D0943516-5076-4020-A3B5-AEFAF26AB263} - Veoh Browser Plug-in - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll [2008-03-24 352256]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-05 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-05 455168]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-02-16 81920]
"LVCOMSX"=C:\WINDOWS\system32\LVCOMSX.EXE [2005-07-19 221184]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"avast!"=e:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SearchSettings"=C:\Program Files\Search Settings\SearchSettings.exe [2009-04-09 970240]
"SSBkgdUpdate"=C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2005-02-16 221184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AspireService]
C:\Program Files\Acer\Acer eMode Management\AspireService.exe [2006-01-19 110592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
d:\PROGRA~1\AVG\AVG8\avgtray.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent]
E:\Program Files\BitDefender\BitDefender 2009\bdagent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper]
E:\Program Files\BitDefender\BitDefender 2009\IEShow.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
D:\Program Files\D-Tools\daemon.exe [2003-12-15 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPGServiceTool]
C:\PROGRA~1\WINTV\EPG Services\System\EPGClient.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
C:\Acer\Empowering Technology\eRecovery\Monitor.exe [2005-11-16 397312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\jamel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2005-05-11 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-05 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
E:\Program Files\iTunes\iTunesHelper.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
C:\Program Files\Logitech\Video\ManifestEngine.exe [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaSync]
C:\Program Files\Acer\Acer eConsole\MediaSync.exe [2005-09-21 425984]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe [2005-05-11 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
d:\Program Files\Picasa2\PicasaMediaDetector.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RayV]
D:\Program Files\RayV.exe [2008-09-07 3708200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Real Desktop]
C:\Program Files\Real Desktop\Real Desktop.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe /startoptions []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2005-09-22 90112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe [2005-08-26 36975]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^AutoStart IR.lnk]
C:\PROGRA~1\WinTV\Ir.exe /QUIET []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jamel^Menu Démarrer^Programmes^Démarrage^Dragon NaturallySpeaking.lnk]
E:\PROGRA~1\Nuance\NATURA~1\Program\natspeak.exe [2007-05-14 2524776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^jamel^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^mous^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]
C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Apple Mobile Device"=2
"VSSERV"=2
"mysql"=2
"LIVESRV"=2
"iPod Service"=3
"HauppaugeTVServer"=3
"gusvc"=3
"FileZilla Server"=3
"Arrakis3"=3
"Apache2.2"=2

C:\Documents and Settings\jamel\Menu Démarrer\Programmes\Démarrage
ikowin32.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Acer\Acer eConsole\MediaSync.exe"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\Program Files\Acer\Acer eConsole\eConsole.exe"="C:\Program Files\Acer\Acer eConsole\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\Program Files\Acer\Acer eConsole\MediaServerService.exe"="C:\Program Files\Acer\Acer eConsole\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"E:\Program Files\Infogrames\Grand Prix 4\GP4.exe"="E:\Program Files\Infogrames\Grand Prix 4\GP4.exe:*:Enabled:GP4"
"E:\Program Files\ee\Empire Earth.exe"="E:\Program Files\ee\Empire Earth.exe:*:Enabled:Empire Earth"
"E:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE"="E:\Program Files\Microsoft Games\Motocross Madness 2\MCM2.EXE:*:Enabled:Microsoft® Motocross Madness 2"
"D:\Program Files\Warcraft III\Warcraft III.exe"="D:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\Program Files\EA GAMES\Battlefield 2\bf2_w32ded.exe"="D:\Program Files\EA GAMES\Battlefield 2\bf2_w32ded.exe:*:Enabled:bf2_w32ded"
"D:\Program Files\Counter-Strike Source\hl2.exe"="D:\Program Files\Counter-Strike Source\hl2.exe:*isabled:hl2"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Documents and Settings\JAMEL\Bureau\ntrconnect.exe"="C:\Documents and Settings\JAMEL\Bureau\ntrconnect.exe:*:Enabled:NTRconnect"
"C:\Program Files\TeamViewer3\TeamViewer.exe"="C:\Program Files\TeamViewer3\TeamViewer.exe:*:Enabled:Application de pilotage à distance TeamViewer"
"D:\xampp\apache\bin\apache.exe"="D:\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server"
"D:\Program Files\eMule\emule.exe"="D:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"D:\Program Files\SecondLife\SLVoice.exe"="D:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"D:\Program Files\ooVoo\ooVoo.exe"="D:\Program Files\ooVoo\ooVoo.exe:*:EnabledoVoo"
"D:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="D:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabledro Evolution Soccer 2009"
"C:\Documents and Settings\JAMEL\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\JAMEL\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\Documents and Settings\JAMEL\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\JAMEL\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"E:\Program Files\VideoLAN\VLC\vlc.exe"="E:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"E:\Program Files\Freeplayer\vlc\vlc.exe"="E:\Program Files\Freeplayer\vlc\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"D:\Program Files\Travian Assistant\Travian_Toolset.exe"="D:\Program Files\Travian Assistant\Travian_Toolset.exe:*:Enabled:Travian_Toolset"
"D:\Program Files\RayV.exe"="D:\Program Files\RayV.exe:*:Enabled:RayV"
"D:\Program Files\Zattoo\zattood.exe"="D:\Program Files\Zattoo\zattood.exe:*:Enabled:zattood"
"D:\Program Files\Zattoo\Zattoo2.exe"="D:\Program Files\Zattoo\Zattoo2.exe:*:Enabled: "
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{403ff094-05b6-11de-b755-00155839beb3}]
shell\AutoRun\command - J:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
shell\open\command - J:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7a51409-2dab-11dd-8aaf-00155839beb3}]
shell\AutoRun\command - Q:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe
shell\open\command - Q:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\Taquito.exe

======List of files/folders created in the last 1 months======

2009-07-29 19:36:09 ----D---- C:\Program Files\trend micro
2009-07-29 19:36:08 ----D---- C:\rsit
2009-07-28 08:36:03 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-15 17:07:01 ----HD---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-15 14:39:18 ----HD---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 14:39:10 ----A---- C:\WINDOWS\imsins.BAK
2009-07-15 14:38:58 ----HD---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-11 22:15:01 ----D---- C:\Program Files\Fichiers communs\ScanSoft Shared
2009-07-11 22:15:01 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2009-07-11 22:14:58 ----D---- C:\Program Files\Fichiers communs\Nuance
2009-07-11 20:05:58 ----N---- C:\WINDOWS\system32\iyvu9_32.dll
2009-07-11 16:20:39 ----A---- C:\WINDOWS\SIERRA.INI
2009-07-06 14:45:58 ----D---- C:\Program Files\Veoh Networks
2009-07-02 09:35:15 ----D---- C:\Program Files\McDonaldsDragons
2009-07-02 09:34:36 ----SHD---- C:\WINDOWS\ftpcache
2009-06-30 10:48:49 ----A---- C:\WINDOWS\system32\framedyn.dll
2009-06-30 10:25:57 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2009-06-30 10:25:53 ----D---- C:\Program Files\Samsung

======List of files/folders modified in the last 1 months======

2009-07-29 17:26:54 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-19 15:29:22 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 15:29:20 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-12 10:29:14 ----A---- C:\WINDOWS\win.ini
2009-07-07 17:10:56 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 43008]
R1 asuskbnt;Enhanced Display Driver Helper Service; C:\WINDOWS\system32\drivers\atkkbnt.sys [2005-10-18 11008]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 pctfw2;pctfw2; \??\C:\WINDOWS\system32\drivers\pctfw2.sys []
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 UBHelper;UBHelper; C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 13952]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-01-16 271360]
R2 EIO;EIO; \??\C:\WINDOWS\system32\drivers\EIO.sys []
R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-01-16 18048]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-09-02 15781]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2004-08-05 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2004-08-05 55936]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-09-22 3727680]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-05-27 22016]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2005-01-23 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-07-29 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-07-29 12928]
R3 QCMerced;Logitech QuickCam Communicate; C:\WINDOWS\system32\DRIVERS\LVCM.sys [2005-05-27 1317152]
R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2008-07-03 193696]
S1 wceusbsh;Pilote d'hôte USB série pour Windows CE; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 32128]
S2 spydetector;spydetector; \??\d:\Program Files\Spyware Process Detector\spydetector.sys []
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ATMELFVNETusb(505A_2958)(R);ATMEL FVNETusb(505A_2958)(R) Service for ATMEL USB FastVNET (505A); C:\WINDOWS\system32\DRIVERS\vnet5a8x.sys [2003-12-05 119936]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DMSKSSRh;DMSKSSRh; \??\C:\DOCUME~1\jamel\LOCALS~1\Temp\DMSKSSRh.sys []
S3 DSDrv4;DSDrv4; \??\D:\PROGRA~1\K!\K!TVXP~1\DSDrv4.sys []
S3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod; C:\WINDOWS\system32\drivers\hcw88bda.sys [2007-01-23 207872]
S3 hcw88rc5;Hauppauge WinTV 88x IR Decoder; C:\WINDOWS\System32\Drivers\hcw88rc5.sys [2007-01-23 11776]
S3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture; C:\WINDOWS\system32\drivers\hcw88tse.sys [2007-01-23 299776]
S3 hcw88vid;Hauppauge WinTV 88x Video; C:\WINDOWS\system32\drivers\hcw88vid.sys [2007-01-23 498176]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-03-08 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-03-08 21744]
S3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w200obex.sys [2006-11-07 86368]
S3 WlanUIG;Sagem 802.11g Wireless LAN USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-02 379456]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Acer Media Server;Acer Media Server; C:\Program Files\Acer\Acer eConsole\MediaServerService.exe [2005-09-21 438272]
R2 aswUpdSv;avast! iAVS4 Control Service; e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 ATKKeyboardService;ATK Keyboard Service; C:\WINDOWS\ATKKBService.exe [2005-10-18 241152]
R2 avast! Antivirus;avast! Antivirus; e:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-04 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2006-10-26 335872]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R3 avast! Mail Scanner;avast! Mail Scanner; e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; e:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe [2008-04-13 68096]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 Apache2.2;Apache2.2; D:\xampp\apache\bin\apache.exe -k runservice []
S4 FileZilla Server;FileZilla Server FTP server; d:\xampp\FileZillaFTP\FileZillaServer.exe []
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 182768]
S4 HauppaugeTVServer;HauppaugeTVServer; C:\PROGRA~1\WINTV\HCWTVS~1.EXE []
S4 mysql;mysql; D:\xampp\mysql\bin\mysqld-nt.exe --defaults-file=d:\xampp\mysql\bin\my.cnf mysql []

-----------------EOF-----------------

info.txt

info.txt logfile of random's system information tool 1.06 2009-07-29 19:36:35

======Uninstall list======

-->MsiExec /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3DVIA player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
7-Zip 4.57-->"d:\Program Files\7-Zip\Uninstall.exe"
AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe
Acer eConsole-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC028E6B-F3F1-4192-B63E-A7C97302ED5A}\setup.exe" -l0x40c
Acer eMode Management-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65CDEC30-4BF4-48FB-8059-9FC480E4E94F}\setup.exe" -l0x40c
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
AGEIA PhysX v7.07.09-->MsiExec.exe /X{65F1CF63-31E0-450B-96F3-4A88BE7361A6}
AIDA32 v3.93-->"C:\Program Files\AIDA32 - Personal System Information\unins000.exe"
Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ASUS Enhanced Display Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x40c -removeonly
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
avast! Antivirus-->e:\Program Files\Alwil Software\Avast4\aswRunDll.exe "e:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
AxCrypt (Désinstaller uniquement)-->"e:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
CCleaner (remove only)-->"d:\Program Files\CCleaner\uninst.exe"
Cheat Engine 5.3-->"d:\Program Files\Cheat Engine\unins000.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
DAEMON Tools-->MsiExec.exe /I{0EF160D7-B9C3-4778-93CC-B2379BA59FE5}
Dealio Toolbar v4.0-->MsiExec.exe /X{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}
Disc2Phone-->MsiExec.exe /I{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}
Dragon NaturallySpeaking 9-->MsiExec.exe /I{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}
DScaler 5 Mpeg Decoders-->"C:\Program Files\DScaler5\unins000.exe"
Empire Earth - The Art of Conquest-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B49C924C-A651-4378-94F6-5D9BF44A959F}\Setup.exe" -l0x40c
Empire Earth Patch 1.0.4.0-->E:\Sierra\EMPIRE~1\UNWISE.EXE E:\Sierra\EMPIRE~1\INSTALL.LOG
Empire Earth-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2447500B-22D7-47BD-9B13-1A927F43A267}\Setup.exe" -l0x40c
eMule-->"d:\Program Files\eMule\Uninstall.exe"
Expert System Point&Go Platform-->"C:\Program Files\Fichiers communs\Expert System\PGPlatform\unins000.exe"
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
FlashGet(Jetcar) 1.80-->D:\PROGRA~1\FLASHG~1\_UNWISE.EXE
Free Easy Burner V 3.8-->"C:\Program Files\Free Easy Burner\unins000.exe"
Free Video to Mp3 Converter version 2.5-->"d:\Program Files\DVDVIDEOSOFT\Free Video to Mp3 Converter\unins000.exe"
Freeplayer-->e:\Program Files\Freeplayer\Uninstall.exe
Google Talk (remove only)-->"C:\Program Files\Google\Google Talk\uninstall.exe"
Google Talk Plugin-->MsiExec.exe /I{F6B1D53B-2A68-377D-AC39-C8FD359FF6F1}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
HP Extended Capabilities 5.3-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone Express-->MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP PSC & OfficeJet 5.3.B-->"C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update-->MsiExec.exe /X{15EE79F4-4ED1-4267-9B0F-351009325D7D}
HP Solution Center & Imaging Support Tools 5.3-->C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Internet Digital Radio Tuner 2.3.1-->"e:\Program Files\Internet Digital Radio Tuner\unins000.exe"
InterVideo FilterSDK for Hauppauge-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2227E1FA-01F5-483C-AB0E-2A308E900B3D}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
KeyGen-->MsiExec.exe /I{0154A15D-D8C4-11D4-AC6B-444553540001}
K-Lite Codec Pack 3.1.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Kubuntu-->I:\ubuntu\Uninstall-Kubuntu.exe
Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c
MappySynchro v2.1-->"C:\Program Files\MappySynchro\unins000.exe"
McDonald's Dragons-->C:\Program Files\McDonaldsDragons\uninstall.exe
Messenger Plus! Live-->"e:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Mozilla Firefox (3.5.1)-->D:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.17)-->E:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Norton Security Scan (Symantec Corporation)-->"C:\Program Files\Fichiers communs\Symantec Shared\NSSSetup\{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C}_2_0_0\NSSSetup.exe" /X
Norton Security Scan-->MsiExec.exe /X{E579F5FB-D9C9-43A6-8DCF-67B9573C2E7C}
NTI CD & DVD-Maker-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1036 CDM7
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U
Opera 9.26-->MsiExec.exe /X{FB706A00-C234-4716-AB1F-27DCB192C664}
Opera-->E:\PROGRA~1\Opera\uninst\unwise.exe E:\PROGRA~1\Opera\uninst\install.log
PDFCreator-->d:\Program Files\PDFCreator\unins000.exe
Picasa 3-->"d:\Program Files\Google\Picasa3\Uninstall.exe"
Programme de gestion Camera de Logitech®-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Rail Simulator-->MsiExec.exe /X{0824EE6D-137F-4B83-9628-8E7B000BEBA6}
RayV-->D:\Program Files\uninstall.exe
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
Sagem - Utilitaire réseau pour Clé USB Wi-Fi 802.11g-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E691604-B328-4B4A-8F17-C9D6395075C5}\Setup.exe" -l0x40c
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Search Settings 1.2.1-->MsiExec.exe /X{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Simulateur de conduite 3D-->"e:\program files\Simulateur de conduite 3D\uninstall.exe"
Sony Ericsson PC Suite-->MsiExec.exe /I{B56B1487-9A26-4AFD-A1FD-949C40F5F2BC}
SpeedFan (remove only)-->"D:\Program Files\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"e:\Program Files\Spybot - Search & Destroy\unins000.exe"
Stronghold-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}\setup.exe"
StuffPlug 3-->C:\Program Files\StuffPlug3\Uninstall.exe
TeamViewer 4-->C:\Program Files\TeamViewer\Version4\uninstall.exe
TeLL me More-->"E:\TELL ME MORE NV\BIN\unsetup.exe" -file "E:\TELL ME MORE NV\unsetup.aui"
Tests de QI et Mémoire-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A164036A-722E-41CB-A1C1-3C3825A575D6}\Setup.exe" -l0x40c
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB934391)--
A voir également:

12 réponses

Réponse 1 / 12
Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   572
 
Salut,

- Télécharges ToolbarSD et enregistres le sur ton bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

- Désactives la garde résidente de ton antivirus et la garde de ton antispyware

- Lances l'installation en exécutant le fichier téléchargé
- Fermes toutes les applications en cours et double-clique sur Toolbarsd.exe
- Sélectionnes la langue et presse la touche ENTREE
- Sélectionnes l'option1 au menu et patientes le temps de la recherche
- A la fin de la recherche, un rapport s'affichera, postes son contenu
.
0
Réponse 2 / 12
plopus Messages postés 6113 Statut Contributeur sécurité 293
 
salut

edit : j'ai tellement mit de temps a repondre ^^

bonne continuation
0
Réponse 3 / 12
amel95700
 
j'ai installé toolbar,

voici le résultat:

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : amel ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090728-0] 4.8.1335 (Activated)
C:\ (Local Disk) - FAT32 - Total:16 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:5 Go)
E:\ (Local Disk) - NTFS - Total:114 Go (Free:6 Go)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:155 Go (Free:4 Go)
H:\ (Local Disk) - FAT32 - Total:5 Go (Free:5 Go)
I:\ (Local Disk) - NTFS - Total:24 Go (Free:2 Go)
K:\ (CD or DVD)
M:\ (USB)
N:\ (USB)
O:\ (USB)
P:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 29/07/2009|20:38 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\amel\APPLIC~1\Dealio
C:\DOCUME~1\amel\APPLIC~1\Dealio\temp
C:\DOCUME~1\amel\APPLIC~1\Dealio\res
C:\DOCUME~1\amel\APPLIC~1\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
C:\DOCUME~1\amel\APPLIC~1\Dealio\res\widgets.xml
C:\DOCUME~1\us\APPLIC~1\Dealio
C:\DOCUME~1\us\APPLIC~1\Dealio\temp
C:\DOCUME~1\us\APPLIC~1\Dealio\res
C:\DOCUME~1\us\APPLIC~1\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
C:\DOCUME~1\us\APPLIC~1\Dealio\res\widgets.xml
C:\DOCUME~1\el\APPLIC~1\Dealio
C:\DOCUME~1\el\APPLIC~1\Dealio\temp
C:\DOCUME~1\el\APPLIC~1\Dealio\res
C:\DOCUME~1\el\APPLIC~1\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
C:\DOCUME~1\el\APPLIC~1\Dealio\res\widgets.xml
C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
C:\DOCUME~1\amel\APPLIC~1\Search Settings
C:\DOCUME~1\amel\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\amel\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\amel\APPLIC~1\Search Settings\kb128\temp\ws-14451.log
C:\DOCUME~1\amel\APPLIC~1\Search Settings\kb128\temp\ws-14452.log
C:\DOCUME~1\amel\APPLIC~1\Search Settings\kb128\temp\ws-14453.log
C:\DOCUME~1\amel\APPLIC~1\Search Settings\kb128\temp\ws-14454.log
C:\DOCUME~1\us\APPLIC~1\Search Settings
C:\DOCUME~1\us\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\us\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\us\APPLIC~1\Search Settings\kb128\temp\ws-14446.log
C:\DOCUME~1\us\APPLIC~1\Search Settings\kb128\temp\ws-14447.log
C:\DOCUME~1\us\APPLIC~1\Search Settings\kb128\temp\ws-14448.log
C:\DOCUME~1\us\APPLIC~1\Search Settings\kb128\temp\ws-14449.log
C:\DOCUME~1\el\APPLIC~1\Search Settings
C:\DOCUME~1\el\APPLIC~1\Search Settings\kb128
C:\DOCUME~1\el\APPLIC~1\Search Settings\kb128\temp
C:\DOCUME~1\el\APPLIC~1\Search Settings\kb128\temp\ws-14453.log
C:\DOCUME~1\el\APPLIC~1\Search Settings\kb128\temp\ws-14454.log
C:\Program Files\Search Settings
C:\Program Files\Search Settings\kb128
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\Search Settings\kb128\res
C:\Program Files\Search Settings\kb128\temp
C:\Program Files\Search Settings\kb128\SearchSettings.dll
C:\Program Files\Search Settings\kb128\SearchSettingsRes409.dll

-----------\\ Extensions

(jamel) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(jamel) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(jamel) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus

(mous) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://mystart.incredimail.com/french/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"

--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\drivers\downld
[b]==> BAGLE <==/b

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\jamel\Menu D‚marrer\JLC softwares\Crypt2secur\KeyGen.lnk
C:\DOCUME~1\jamel\Menu D‚marrer\JLC softwares\Crypt2secur\VB6 KeyGen project.lnk

1 - "C:\ToolBar SD\TB_1.txt" - 29/07/2009|20:37 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 29/07/2009|20:39 - Option : [1]

-----------\\ Fin du rapport a 20:39:16.43
0
Réponse 4 / 12
PopCorN
 
--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\jamel\Menu D‚marrer\JLC softwares\Crypt2secur\KeyGen.lnk
C:\DOCUME~1\jamel\Menu D‚marrer\JLC softwares\Crypt2secur\VB6 KeyGen project.lnk

C'est quoi sa ? sa veut dire que tu utilise un Cracks de Crypt2Secur et C'est illegale
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   572
 
---> Relances ToolbarSD et choisis l'option2
---> Laisses l'outil travailler et patientes jusqu'à la fin du scan
---> Un rapport TB.txt sera généré, postes son contenu

Note : le rapport TB.txt est également à la racine du disqueC

------------------------------

Télécharges FindyKill de Chiquitine29 :

->Enregistres le sur ton bureau et pas ailleurs !

!! Déconnectes toi et fermes toute applications en cours !!

-> Double-clic sur "FindyKill.exe" pour lancer l'installe de l'outil . Ne touche surtout pas aux paramètres d'installation.

--> Double-cliquesur le raccourci " FindyKill " qui est sur ton bureau .
-->choisis l'option 1 ( recherche ) . Puis laisses travailler l'outil sans rien toucher ...

Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
0
Réponse 6 / 12
amel95700
 
bonjour,

j'ai lancé toolbar puis cliquer sur l'option 2

voici le résultat:

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ )
BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
USER : amel ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1335 [VPS 090728-0] 4.8.1335 (Activated)
C:\ (Local Disk) - FAT32 - Total:16 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:97 Go (Free:5 Go)
E:\ (Local Disk) - NTFS - Total:114 Go (Free:6 Go)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:155 Go (Free:4 Go)
H:\ (Local Disk) - FAT32 - Total:5 Go (Free:5 Go)
I:\ (Local Disk) - NTFS - Total:24 Go (Free:2 Go)
K:\ (CD or DVD)
M:\ (USB)
N:\ (USB)
O:\ (USB)
P:\ (USB)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 29/07/2009|20:53 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\amel\APPLIC~1\Dealio\temp
Supprime! - C:\DOCUME~1\amel\APPLIC~1\Dealio\res
Supprime! - C:\DOCUME~1\us\APPLIC~1\Dealio\temp
Supprime! - C:\DOCUME~1\us\APPLIC~1\Dealio\res
Supprime! - C:\DOCUME~1\el\APPLIC~1\Dealio\temp
Supprime! - C:\DOCUME~1\el\APPLIC~1\Dealio\res
Supprime! - C:\WINDOWS\Prefetch\SEARCHSETTINGS.EXE-30EFBC20.pf
Supprime! - C:\DOCUME~1\amel\APPLIC~1\Search Settings\kb128
Supprime! - C:\DOCUME~1\us\APPLIC~1\Search Settings\kb128
Supprime! - C:\DOCUME~1\el\APPLIC~1\Search Settings\kb128
Supprime! - C:\Program Files\Search Settings\kb128
Supprime! - C:\Program Files\Search Settings\SearchSettings.exe
Supprime! - C:\DOCUME~1\amel\APPLIC~1\Dealio
Supprime! - C:\DOCUME~1\us\APPLIC~1\Dealio
Supprime! - C:\DOCUME~1\el\APPLIC~1\Dealio
Supprime! - C:\DOCUME~1\amel\APPLIC~1\Search Settings
Supprime! - C:\DOCUME~1\us\APPLIC~1\Search Settings
Supprime! - C:\DOCUME~1\el\APPLIC~1\Search Settings
Supprime! - C:\Program Files\Search Settings

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(amel) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar
(amel) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper
(amel) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus

(us) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://mystart.incredimail.com/french/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\drivers\downld
[b]==> BAGLE <==/b

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\amel\Menu D‚marrer\JLC softwares\Crypt2secur\KeyGen.lnk
C:\DOCUME~1\amel\Menu D‚marrer\JLC softwares\Crypt2secur\VB6 KeyGen project.lnk

1 - "C:\ToolBar SD\TB_1.txt" - 29/07/2009|20:37 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 29/07/2009|20:39 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 29/07/2009|20:54 - Option : [2]

-----------\\ Fin du rapport a 20:54:19.37
0
Réponse 7 / 12
amel95700
 
j'ai installé findykill,
et appuyé sur l'option 1

voici le résultat:

############################## | FindyKill V5.005 |

# User : amel (Administrateurs) # ACER-9DEB84EBB9
# Update on 27/07/09 by Chiquitine29
# Start at: 21:01:46 | 29/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090728-0] 4.8.1335 [ Enabled | Updated ]

# C:\ # Disque fixe local # 16.09 Go (283.39 Mo free) [ACER] # FAT32
# D:\ # Disque fixe local # 97.66 Go (5.09 Go free) # NTFS
# E:\ # Disque fixe local # 114.25 Go (6.12 Go free) [ACERDATA] # NTFS
# F:\ # Disque CD-ROM
# G:\ # Disque fixe local # 155.89 Go (4.68 Go free) [PRESARIO] # NTFS
# H:\ # Disque fixe local # 5.99 Go (5.99 Go free) [PRESARIO2] # FAT32
# I:\ # Disque fixe local # 24.42 Go (2.95 Go free) # NTFS
# K:\ # Disque CD-ROM
# M:\ # Disque amovible
# N:\ # Disque amovible
# O:\ # Disque amovible
# P:\ # Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
e:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
e:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\amel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | C: |

################## | C:\WINDOWS |

################## | C:\WINDOWS\system32 |

################## | C:\WINDOWS\system32\drivers |

Présent ! C:\WINDOWS\system32\drivers\downld

################## | C:\Documents and Settings\amel\Application Data |

################## | C:\Documents and Settings\amel\Temporary Internet Files |

################## | Registre / Clés infectieuses |

Présent ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify" 0x1
Présent ! [HKLM\software\microsoft\security center] "FirewallDisableNotify" 0x1

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK

# Mode sans echec : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | Cracks / Keygens / Serials |

################## | ! Fin du rapport # FindyKill V5.005 ! |
0
Réponse 8 / 12
Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   572
 
Avant de lancer l'option2, il va falloir supprimer les cracks et Keygens responsable de l'infection

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) sans les ouvrir

--> Double-clique sur le raccourci " FindyKill " qui est sur ton bureau .

-->choisis l'option 2( suppression ) . Puis laisses travailler l'outil sans rien toucher ...

Il y aura redémarrage, c'est normal

Une fois terminé, postes le rapport FindyKill.txt qui est généré ...

( Note : le rapport est sauvegardé à la racine du disque -> C:\FindyKill.txt )
0
Réponse 9 / 12
Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   572
 
;-))
0
Réponse 10 / 12
amel95700
 
bonjour,

j'ai mis l'option 2 avec FINDYKILL
l'ordi a redémarré (ca a duré longtemp)

et au redémarrage je me retrouve avec un nouveau cheval de troie: Win32:Fraudo [Trj]

est-ce normal?

merci de votre aide en tout cas,
mais je crois que je vais formater
tanpis pour moi
0
Réponse 11 / 12
amel95700
 
voici le résultat de findykilly:

############################## | FindyKill V5.005 |

# User : amel (Administrateurs) # ACER-9DEB84EBB9
# Update on 27/07/09 by Chiquitine29
# Start at: 21:27:43 | 29/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# AV : avast! antivirus 4.8.1335 [VPS 090729-0] 4.8.1335 [ Enabled | Updated ]

# C:\ # Disque fixe local # 16.09 Go (279.83 Mo free) [ACER] # FAT32
# D:\ # Disque fixe local # 97.66 Go (5.1 Go free) # NTFS
# E:\ # Disque fixe local # 114.25 Go (6.12 Go free) [ACERDATA] # NTFS
# F:\ # Disque CD-ROM
# G:\ # Disque fixe local # 155.89 Go (4.68 Go free) [PRESARIO] # NTFS
# H:\ # Disque fixe local # 5.99 Go (5.99 Go free) [PRESARIO2] # FAT32
# I:\ # Disque fixe local # 24.42 Go (2.95 Go free) # NTFS
# J:\ # Disque amovible # 1.91 Go (1.89 Go free) [JULIA'S KEY] # FAT
# K:\ # Disque CD-ROM
# M:\ # Disque amovible
# N:\ # Disque amovible
# O:\ # Disque amovible
# P:\ # Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
e:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
e:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
e:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
e:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | C: |

################## | C:\WINDOWS |

################## | C:\WINDOWS\system32 |

################## | C:\WINDOWS\system32\drivers |

Supprimé ! C:\WINDOWS\system32\drivers\downld

################## | C:\Documents and Settings\amel\Application Data |

################## | Autres ... |

################## | Temporary Internet Files |

Supprimé ! C:\DOCUME~1\amel\LOCALS~1\Temp\AutoRun.exe

################## | Registre / Clés infectieuses |

Value ! [HKLM\software\microsoft\security center] "AntiVirusDisableNotify" -> Reset sucessfully !
Value ! [HKLM\software\microsoft\security center] "FirewallDisableNotify" -> Reset sucessfully !

################## | Etat / Services / Informations |

# Mode sans echec : OK

# Affichage des fichiers cachés : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH ... |

################## | Cracks / Keygens / Serials |

################## | ! Fin du rapport # FindyKill V5.005 ! |
0
Réponse 12 / 12
Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   572
 
Salut,

- Si tu n'as toujours pas formaté et que tu décides de désinfecter le pc :

Télécharge Combofix et enregistre le sur ton bureau

/!\ Désactive la garde ton antivirus et celle de ton antispyware ( si tu en as un) /!\

- Déconnecte toi et fermes toutes les applications en cours

- Double clic sur Combofix.exe >> un message apparait > réponds " oui "

- ( Il est conseillé d'installer la console de récupérations)

- Sélectionne la langue et presse la touche 1 ( yes) pour lancer le scan

/!\ Ne touche ni à la souris, ni au clavier durant le scan, cela pourrait figer l'ordi /!\

- A la fin du scan, Combofix aura besoin de redémarrer pour finir la désinfection, laisse le faire

- Une fois terminé, un rapport s'affiche, poste son contenu que tu peux aussi trouver à c:\combofix.txt
0

Discussions similaires

C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses