A voir également:
- VIRUS: ANTIVIRUS PRO 2009
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Altruistic virus ✓ - Forum Antivirus
88 réponses
Excuse moi Cyril mais je n avais plus de tes nouvelles alors j ai pris l aide que l on a bien voulu me donner.
Je m'excuse pour tout le malaise que cela creer entre vous :S
Je m'excuse pour tout le malaise que cela creer entre vous :S
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bon moi je bosse demain donc je laisse la place a cyril je vais dormir je viendré voir comment sait demain ^^ bonne fin de soiré a vous 2
voici le rapport:
vous me tenez au courant s il vous plait :)
ComboFix 08-11-10.01 - The Heart 2008-11-11 22:52:20.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.540 [GMT 1:00]
Lancé depuis: c:\documents and settings\The Heart\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\The Heart\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-11 au 2008-11-11 ))))))))))))))))))))))))))))))))))))
.
2008-11-11 21:22 . 2008-11-11 21:22 2,291 --a------ C:\GenProc.html
2008-11-11 20:06 . 2008-11-11 20:07 <REP> d-------- c:\windows\ERUNT
2008-11-11 13:23 . 2008-11-11 17:47 36,182 --a------ c:\windows\Sysvxd.exe
2008-11-11 11:20 . 2008-11-11 14:08 <REP> d-------- c:\program files\FindyKill
2008-11-11 10:56 . 2008-11-11 10:59 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-11 10:56 . 2008-11-11 10:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-11 10:56 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-11 10:56 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-10 16:56 . 2008-11-10 17:00 <REP> d-------- c:\program files\Opera
2008-11-10 13:26 . 2008-11-10 16:26 <REP> d-------- c:\program files\Google
2008-11-10 12:55 . 2008-11-10 12:55 3,072,054 --a------ c:\windows\BricoPack Wallpaper.bmp
2008-11-10 12:55 . 2008-11-10 12:55 65,109 --a------ c:\windows\BricoPackUninst.cmd
2008-11-10 12:53 . 2008-11-10 12:53 <REP> d-------- c:\windows\BricoPacks
2008-11-10 12:53 . 2008-11-10 12:55 6,120 --a------ c:\windows\BricoPackFoldersDelete.cmd
2008-11-10 11:05 . 2008-11-10 11:05 2,560 --a------ c:\windows\_MSRSTRT.EXE
2008-11-10 10:58 . 2008-11-10 10:58 0 --------- c:\windows\WB.ini
2008-11-10 10:56 . 2008-11-10 10:56 <REP> d-------- c:\program files\Stardock
2008-11-10 10:56 . 2007-05-26 12:34 42,672 --------- c:\windows\system32\wbsys.dll
2008-11-10 09:39 . 2004-08-05 13:00 131,584 --a--c--- c:\windows\system32\dllcache\pmxviceo.dll
2008-11-10 09:39 . 2004-08-05 13:00 111,104 --a--c--- c:\windows\system32\dllcache\mtstocom.exe
2008-11-10 09:39 . 2004-08-05 13:00 92,416 --a--c--- c:\windows\system32\dllcache\mga.sys
2008-11-10 09:39 . 2004-08-05 13:00 92,032 --a--c--- c:\windows\system32\dllcache\mga.dll
2008-11-10 09:39 . 2001-08-23 17:47 38,912 --a--c--- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2008-11-10 09:39 . 2001-08-23 17:47 23,040 --a--c--- c:\windows\system32\dllcache\EXCH_regtrace.exe
2008-11-10 09:39 . 2004-08-05 13:00 20,736 --a--c--- c:\windows\system32\dllcache\ramdisk.sys
2008-11-10 09:39 . 2004-08-05 13:00 16,896 --a--c--- c:\windows\system32\dllcache\quser.exe
2008-11-10 09:39 . 2004-08-05 13:00 15,360 --a--c--- c:\windows\system32\dllcache\register.exe
2008-11-10 09:39 . 2004-08-05 13:00 11,264 --a--c--- c:\windows\system32\dllcache\pmxmcro.dll
2008-11-10 09:39 . 2004-08-05 13:00 10,240 --a--c--- c:\windows\system32\dllcache\query.exe
2008-11-10 09:39 . 2004-08-05 13:00 7,680 --a--c--- c:\windows\system32\dllcache\migregdb.exe
2008-11-10 09:39 . 2004-08-05 13:00 6,144 --a--c--- c:\windows\system32\dllcache\pmxgl.dll
2008-11-10 09:37 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll
2008-11-10 09:35 . 2008-11-10 09:35 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-11-10 09:34 . 2004-08-05 13:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2008-11-10 09:34 . 2008-11-10 09:34 749 -rah----- c:\windows\WindowsShell.Manifest
2008-11-10 09:34 . 2008-11-10 09:34 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-11-10 09:34 . 2008-11-10 09:34 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-11-10 09:34 . 2008-11-10 09:34 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-11-10 09:21 . 2004-08-05 13:00 1,897,552 --a--c--- c:\windows\system32\dllcache\NT5.CAT
2008-11-09 21:42 . 2008-11-09 21:42 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-07 21:28 . 2008-11-07 22:09 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-11-07 20:35 . 2008-11-07 20:35 <REP> d-------- c:\windows\l2schemas
2008-11-07 20:32 . 2008-11-07 20:32 <REP> d-------- c:\windows\ServicePackFiles
2008-11-03 23:27 . 2008-11-03 23:27 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-03 23:27 . 2008-11-03 23:27 1,409 --a------ c:\windows\QTFont.for
2008-10-24 23:19 . 2008-10-24 23:19 268 --ah----- C:\sqmdata15.sqm
2008-10-24 23:19 . 2008-10-24 23:19 244 --ah----- C:\sqmnoopt15.sqm
2008-10-15 21:33 . 2008-10-15 21:33 <REP> d-------- c:\documents and settings\The Heart\Application Data\vlc
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 09:49 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-11-11 08:14 --------- d-----w c:\documents and settings\The Heart\Application Data\AVG7
2008-11-10 20:35 --------- d-----w c:\documents and settings\The Heart\Application Data\OpenOffice.org2
2008-11-10 12:45 --------- d-----w c:\program files\Windows Live
2008-11-10 11:44 --------- d-----w c:\program files\Emoticons-plus.com
2008-10-29 19:51 --------- d-----w c:\program files\eMule
2008-10-21 19:21 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-07 19:45 --------- d-----w c:\program files\Microsoft Works
2008-09-30 09:09 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-09-30 09:06 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-29 22:56 --------- d-----w c:\documents and settings\The Heart\Application Data\Sonic
2008-09-29 22:55 --------- d-----w c:\documents and settings\The Heart\Application Data\Leadertech
2008-09-21 19:05 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-08-09 13:20 400 ----a-w c:\documents and settings\The Heart\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-03-05 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-29 98304]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2006-12-15 139264]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-02-29 219136]
c:\documents and settings\The Heart\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2004-12-23 569405]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
--a------ 2007-12-17 11:12 243240 c:\program files\Windows Live\Contrôle parental\fssui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-07-24 13:22 243072 c:\program files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-10-13 16:04 278528 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2008-02-29 16:54 32768 c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2005-12-07 10:26 489472 c:\program files\Logitech\Video\CameraAssistant.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\[Emoticons-plus.com] Winkaa 2.0.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
R2 fsssvc;Windows Live OneCare Contrôle parental;c:\program files\Windows Live\Contrôle parental\fsssvc.exe [2007-12-17 523816]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]
R3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2005-11-19 20096]
.
Contenu du dossier 'Tâches planifiées'
2008-11-11 c:\windows\Tasks\User_Feed_Synchronization-{CE31D3A2-9077-454F-8BED-84C587ADF3F5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Glass2k - c:\program files\Glass2k\Glass2k.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O8 -: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 22:57:44
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?4?5?6??`???? ???B?????????????hLC? ??????
Recherche de fichiers cachés ...
c:\documents and settings\The Heart\Application Data\HP\CRMLogs\CrmCM.htm
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\WIDCOMM\Logiciel Bluetooth\BTStackServer.exe
c:\program files\MessengerDiscovery\MessengerDiscovery Live.exe
c:\program files\Hp\Digital Imaging\bin\hpqste08.exe
c:\program files\HPQ\shared\hpqwmi.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-11-11 23:01:59 - La machine a redémarré [The Heart]
ComboFix-quarantined-files.txt 2008-11-11 22:01:55
Avant-CF: 85 901 328 384 octets libres
Après-CF: 85,850,259,456 octets libres
228 --- E O F --- 2008-10-23 20:14:10
vous me tenez au courant s il vous plait :)
ComboFix 08-11-10.01 - The Heart 2008-11-11 22:52:20.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.540 [GMT 1:00]
Lancé depuis: c:\documents and settings\The Heart\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\The Heart\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-11 au 2008-11-11 ))))))))))))))))))))))))))))))))))))
.
2008-11-11 21:22 . 2008-11-11 21:22 2,291 --a------ C:\GenProc.html
2008-11-11 20:06 . 2008-11-11 20:07 <REP> d-------- c:\windows\ERUNT
2008-11-11 13:23 . 2008-11-11 17:47 36,182 --a------ c:\windows\Sysvxd.exe
2008-11-11 11:20 . 2008-11-11 14:08 <REP> d-------- c:\program files\FindyKill
2008-11-11 10:56 . 2008-11-11 10:59 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-11 10:56 . 2008-11-11 10:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-11 10:56 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-11 10:56 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-10 16:56 . 2008-11-10 17:00 <REP> d-------- c:\program files\Opera
2008-11-10 13:26 . 2008-11-10 16:26 <REP> d-------- c:\program files\Google
2008-11-10 12:55 . 2008-11-10 12:55 3,072,054 --a------ c:\windows\BricoPack Wallpaper.bmp
2008-11-10 12:55 . 2008-11-10 12:55 65,109 --a------ c:\windows\BricoPackUninst.cmd
2008-11-10 12:53 . 2008-11-10 12:53 <REP> d-------- c:\windows\BricoPacks
2008-11-10 12:53 . 2008-11-10 12:55 6,120 --a------ c:\windows\BricoPackFoldersDelete.cmd
2008-11-10 11:05 . 2008-11-10 11:05 2,560 --a------ c:\windows\_MSRSTRT.EXE
2008-11-10 10:58 . 2008-11-10 10:58 0 --------- c:\windows\WB.ini
2008-11-10 10:56 . 2008-11-10 10:56 <REP> d-------- c:\program files\Stardock
2008-11-10 10:56 . 2007-05-26 12:34 42,672 --------- c:\windows\system32\wbsys.dll
2008-11-10 09:39 . 2004-08-05 13:00 131,584 --a--c--- c:\windows\system32\dllcache\pmxviceo.dll
2008-11-10 09:39 . 2004-08-05 13:00 111,104 --a--c--- c:\windows\system32\dllcache\mtstocom.exe
2008-11-10 09:39 . 2004-08-05 13:00 92,416 --a--c--- c:\windows\system32\dllcache\mga.sys
2008-11-10 09:39 . 2004-08-05 13:00 92,032 --a--c--- c:\windows\system32\dllcache\mga.dll
2008-11-10 09:39 . 2001-08-23 17:47 38,912 --a--c--- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2008-11-10 09:39 . 2001-08-23 17:47 23,040 --a--c--- c:\windows\system32\dllcache\EXCH_regtrace.exe
2008-11-10 09:39 . 2004-08-05 13:00 20,736 --a--c--- c:\windows\system32\dllcache\ramdisk.sys
2008-11-10 09:39 . 2004-08-05 13:00 16,896 --a--c--- c:\windows\system32\dllcache\quser.exe
2008-11-10 09:39 . 2004-08-05 13:00 15,360 --a--c--- c:\windows\system32\dllcache\register.exe
2008-11-10 09:39 . 2004-08-05 13:00 11,264 --a--c--- c:\windows\system32\dllcache\pmxmcro.dll
2008-11-10 09:39 . 2004-08-05 13:00 10,240 --a--c--- c:\windows\system32\dllcache\query.exe
2008-11-10 09:39 . 2004-08-05 13:00 7,680 --a--c--- c:\windows\system32\dllcache\migregdb.exe
2008-11-10 09:39 . 2004-08-05 13:00 6,144 --a--c--- c:\windows\system32\dllcache\pmxgl.dll
2008-11-10 09:37 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll
2008-11-10 09:35 . 2008-11-10 09:35 488 -rah----- c:\windows\system32\logonui.exe.manifest
2008-11-10 09:34 . 2004-08-05 13:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2008-11-10 09:34 . 2008-11-10 09:34 749 -rah----- c:\windows\WindowsShell.Manifest
2008-11-10 09:34 . 2008-11-10 09:34 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2008-11-10 09:34 . 2008-11-10 09:34 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2008-11-10 09:34 . 2008-11-10 09:34 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2008-11-10 09:21 . 2004-08-05 13:00 1,897,552 --a--c--- c:\windows\system32\dllcache\NT5.CAT
2008-11-09 21:42 . 2008-11-09 21:42 664 --a------ c:\windows\system32\d3d9caps.dat
2008-11-07 21:28 . 2008-11-07 22:09 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-11-07 20:35 . 2008-11-07 20:35 <REP> d-------- c:\windows\l2schemas
2008-11-07 20:32 . 2008-11-07 20:32 <REP> d-------- c:\windows\ServicePackFiles
2008-11-03 23:27 . 2008-11-03 23:27 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-03 23:27 . 2008-11-03 23:27 1,409 --a------ c:\windows\QTFont.for
2008-10-24 23:19 . 2008-10-24 23:19 268 --ah----- C:\sqmdata15.sqm
2008-10-24 23:19 . 2008-10-24 23:19 244 --ah----- C:\sqmnoopt15.sqm
2008-10-15 21:33 . 2008-10-15 21:33 <REP> d-------- c:\documents and settings\The Heart\Application Data\vlc
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 09:49 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-11-11 08:14 --------- d-----w c:\documents and settings\The Heart\Application Data\AVG7
2008-11-10 20:35 --------- d-----w c:\documents and settings\The Heart\Application Data\OpenOffice.org2
2008-11-10 12:45 --------- d-----w c:\program files\Windows Live
2008-11-10 11:44 --------- d-----w c:\program files\Emoticons-plus.com
2008-10-29 19:51 --------- d-----w c:\program files\eMule
2008-10-21 19:21 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-07 19:45 --------- d-----w c:\program files\Microsoft Works
2008-09-30 09:09 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-09-30 09:06 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-29 22:56 --------- d-----w c:\documents and settings\The Heart\Application Data\Sonic
2008-09-29 22:55 --------- d-----w c:\documents and settings\The Heart\Application Data\Leadertech
2008-09-21 19:05 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-08-09 13:20 400 ----a-w c:\documents and settings\The Heart\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-03-05 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-29 98304]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-02-02 692316]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [2005-12-07 10:33 73728]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2006-12-15 139264]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-02-29 219136]
c:\documents and settings\The Heart\Menu D‚marrer\Programmes\D‚marrage\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Logiciel Bluetooth\BTTray.exe [2004-12-23 569405]
HP Digital Imaging Monitor.lnk - c:\program files\Hp\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
--a------ 2007-12-17 11:12 243240 c:\program files\Windows Live\Contrôle parental\fssui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-07-24 13:22 243072 c:\program files\IncrediMail\bin\IncMail.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-10-13 16:04 278528 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2008-02-29 16:54 32768 c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
--a------ 2005-12-07 10:26 489472 c:\program files\Logitech\Video\CameraAssistant.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\[Emoticons-plus.com] Winkaa 2.0.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"c:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImLc.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2007-10-17 43816]
R2 fsssvc;Windows Live OneCare Contrôle parental;c:\program files\Windows Live\Contrôle parental\fsssvc.exe [2007-12-17 523816]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-03-22 200192]
R3 PCASp50;PCASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\PCASp50.sys [2005-11-19 20096]
.
Contenu du dossier 'Tâches planifiées'
2008-11-11 c:\windows\Tasks\User_Feed_Synchronization-{CE31D3A2-9077-454F-8BED-84C587ADF3F5}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:36]
.
- - - - ORPHELINS SUPPRIMES - - - -
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-Glass2k - c:\program files\Glass2k\Glass2k.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O8 -: Envoyer à &Bluetooth - c:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-11 22:57:44
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?4?5?6??`???? ???B?????????????hLC? ??????
Recherche de fichiers cachés ...
c:\documents and settings\The Heart\Application Data\HP\CRMLogs\CrmCM.htm
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\ati2evxx.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\WIDCOMM\Logiciel Bluetooth\BTStackServer.exe
c:\program files\MessengerDiscovery\MessengerDiscovery Live.exe
c:\program files\Hp\Digital Imaging\bin\hpqste08.exe
c:\program files\HPQ\shared\hpqwmi.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-11-11 23:01:59 - La machine a redémarré [The Heart]
ComboFix-quarantined-files.txt 2008-11-11 22:01:55
Avant-CF: 85 901 328 384 octets libres
Après-CF: 85,850,259,456 octets libres
228 --- E O F --- 2008-10-23 20:14:10
Il n y a plus personne pour m'aider du coup...
:(
Si une personne à l'Âme charitable qui veut bien m'aider à terminer je pourrai ainsi dormir sur mes deux oreilles ...
lol...
:)
:(
Si une personne à l'Âme charitable qui veut bien m'aider à terminer je pourrai ainsi dormir sur mes deux oreilles ...
lol...
:)
Bon, je vais allée au dodo moi aussi....
Et je reviendrai demain....
Encore Merci pour votre aide*
:)
Et je reviendrai demain....
Encore Merci pour votre aide*
:)
bonjour j ai eu le meme probleme que vous
j ai essayer avast , adware spyware rien n y a fait
j ai installe malwarebytes 1.30
il a tourné pendant 15 minutes a trouver tous mes trojans cheval de troie et antivirus 2009
j ai redemarre l ordi le virus a disparu
j ai essayer avast , adware spyware rien n y a fait
j ai installe malwarebytes 1.30
il a tourné pendant 15 minutes a trouver tous mes trojans cheval de troie et antivirus 2009
j ai redemarre l ordi le virus a disparu
Bonjour,
Oui, mais moi il m'empeché d'ouvrir la plupart des logiciel !!!
J' ai essayé de l'installer aussi suite aux conseils du forum, mais il m'empeché de l'ouvrir.
:)
Oui, mais moi il m'empeché d'ouvrir la plupart des logiciel !!!
J' ai essayé de l'installer aussi suite aux conseils du forum, mais il m'empeché de l'ouvrir.
:)
Peux tu nous dire ce qui te rend si heureuse ?? La désinfection n'est pas terminé a ce que je sache ?
bonjours à tous je vois que je ne suis pas le seul à avoir ce foutu virus...
Enfin bon j'ai suivit les inscrtuctions de certains et voici le rapport :
Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrateur at 2008-11-12 21:00:30
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 17 GB (22%) free of 78 GB
Total RAM: 511 MB (41% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\system32\msdxm.ocx [2004-08-04 848922]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2002-05-27 86016]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-09-13 286720]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SVCHOST.EXE"=C:\WINDOWS\system32\drivers\svchost.exe [2008-11-03 35328]
"brastk"=C:\WINDOWS\system32\brastk.exe [2008-11-04 5120]
"kava"=C:\WINDOWS\system32\kavo.exe [2008-07-06 128411]
C:\Documents and Settings\Administrateur.TITANIUM\Menu Démarrer\Programmes\Démarrage
PowerReg Scheduler.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\World of Warcraft\WoW-2.1.0-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.1.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b597ebe-853c-11dc-b19d-5050506f4531}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{162a9f91-ac31-11dd-9496-5050506f4531}]
shell\AutoRun\command - E:\ipy.cmd
shell\explore\command - E:\ipy.cmd
shell\open\command - E:\ipy.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1759b5e4-8438-11dc-b19c-5050506f4531}]
shell\AutoRun\command - E:\ipy.cmd
shell\explore\command - E:\ipy.cmd
shell\open\command - E:\ipy.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ede6370-a813-11dc-b1d7-5050506f4531}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f517c0b4-9527-11dd-946f-5050506f4531}]
shell\AutoRun\command - ipy.cmd
shell\explore\command - ipy.cmd
shell\open\command - ipy.cmd
======List of files/folders created in the last 3 months======
2008-11-12 21:00:36 ----D---- C:\Program Files\trend micro
2008-11-12 21:00:30 ----D---- C:\rsit
2008-11-09 03:41:13 ----A---- C:\WINDOWS\Sysvxd.exe
2008-11-06 00:51:03 ----RSH---- C:\ipy.cmd
2008-11-06 00:50:35 ----RSH---- C:\WINDOWS\system32\kavo0.dll
2008-11-06 00:50:35 ----RSH---- C:\WINDOWS\system32\kavo.exe
2008-11-05 15:43:11 ----A---- C:\rollback.ini
2008-11-04 18:49:33 ----A---- C:\WINDOWS\system32\wini10841.exe
2008-11-03 23:17:15 ----A---- C:\WINDOWS\tewosaw.vbs
2008-11-03 23:17:15 ----A---- C:\WINDOWS\ajukaviwa.com
2008-11-03 23:17:15 ----A---- C:\Program Files\Fichiers communs\ysiqanocah.vbs
2008-11-03 23:17:15 ----A---- C:\Program Files\Fichiers communs\ysibaryk.vbs
2008-11-03 23:17:15 ----A---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\cobumetor.bat
2008-11-03 21:51:12 ----A---- C:\WINDOWS\system32\lalufor.com
2008-11-03 21:51:12 ----A---- C:\WINDOWS\oruzowy.com
2008-11-03 21:51:12 ----A---- C:\WINDOWS\hikogimi.vbs
2008-11-03 16:25:26 ----A---- C:\WINDOWS\brastk.exe
2008-11-03 16:24:04 ----A---- C:\WINDOWS\system32\brastk.exe
2008-10-22 16:42:07 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard
2008-10-05 19:30:07 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Vso
2008-10-05 19:27:44 ----D---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\Vso
2008-10-05 19:27:44 ----A---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\inst.exe
2008-10-05 19:27:29 ----D---- C:\Program Files\VSO
2008-08-20 19:20:17 ----D---- C:\Program Files\Sun
2008-08-20 19:20:02 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-20 19:20:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-20 19:20:02 ----A---- C:\WINDOWS\system32\java.exe
2008-08-15 18:43:02 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2008-08-15 18:42:40 ----A---- C:\WINDOWS\zllsputility_loc040c.dll
2008-08-15 18:42:40 ----A---- C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-08-15 18:42:40 ----A---- C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-08-15 18:42:39 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll
2008-08-15 18:42:36 ----A---- C:\WINDOWS\zllsputility.exe
2008-08-15 18:42:35 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-08-15 18:42:14 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-08-15 18:42:14 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-08-15 18:42:12 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-08-15 18:42:12 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-08-15 18:42:06 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-08-15 18:42:04 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-08-15 18:42:04 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-08-15 18:42:04 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-08-15 18:42:03 ----D---- C:\Program Files\Zone Labs
2008-08-15 18:42:03 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-08-15 18:42:03 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-08-15 18:41:32 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-08-15 18:41:32 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-08-15 18:41:31 ----D---- C:\WINDOWS\Internet Logs
2008-08-15 18:41:31 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-08-15 18:36:14 ----D---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\LimeWire
2008-08-15 18:35:52 ----D---- C:\Program Files\LimeWire
======List of files/folders modified in the last 3 months======
2008-11-12 21:00:44 ----D---- C:\WINDOWS\Prefetch
2008-11-12 21:00:36 ----RD---- C:\Program Files
2008-11-12 20:57:10 ----D---- C:\WINDOWS
2008-11-12 20:24:52 ----D---- C:\Program Files\eMule
2008-11-12 14:27:03 ----D---- C:\WINDOWS\Temp
2008-11-12 12:46:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-12 12:46:53 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-12 12:46:38 ----D---- C:\WINDOWS\system32
2008-11-12 01:15:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-10 20:55:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-09 02:17:22 ----D---- C:\Program Files\World of Warcraft
2008-11-04 19:59:33 ----D---- C:\Downloads
2008-11-04 19:14:10 ----D---- C:\Program Files\Mozilla Firefox
2008-11-04 13:56:42 ----D---- C:\WINDOWS\system32\drivers
2008-11-03 23:17:15 ----D---- C:\Program Files\Fichiers communs
2008-10-28 21:56:43 ----D---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\teamspeak2
2008-10-27 12:32:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-16 21:44:58 ----D---- C:\Program Files\FlashGet
2008-10-08 13:16:14 ----HD---- C:\WINDOWS\inf
2008-10-05 19:23:35 ----D---- C:\Program Files\Elaborate Bytes
2008-09-02 19:18:23 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-02 19:16:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-08-28 19:00:01 ----D---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\Mozilla
2008-08-20 19:21:17 ----SHD---- C:\WINDOWS\Installer
2008-08-20 19:20:01 ----D---- C:\Program Files\Java
2008-08-16 12:06:00 ----A---- C:\WINDOWS\NeroDigital.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 41600]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-05 47360]
R3 PPPoEWin;PPPoEWin Miniport; C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2004-01-20 106407]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-24 5888]
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 GMSIPCI;GMSIPCI; \??\I:\INSTALL\GMSIPCI.SYS []
S3 KLIF;KLIF; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 krdpdre;krdpdre; \??\C:\DOCUME~1\ADMINI~1.TIT\LOCALS~1\Temp\krdpdre.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PRISM_A02;802.11g USB 2.0 adapter; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2005-02-01 348640]
S3 QV2KUX;Appareil photo numérique Casio; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Et le second :
info.txt logfile of random's system information tool 1.04 2008-11-12 21:00:53
======Uninstall list======
-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-aware SE - Traduction FR-->C:\Program Files\Lavasoft\Ad-Aware SE Professional\uninst-trad.exe
Ad-Aware SE Professional-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
BroadbandAccess-->C:\WINDOWS\AppRun.exe C:\PROGRA~1\Friendly Technologies\BroadbandAccess
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EVEREST Ultimate Edition v4.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FlashGet(JetCar)-->C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
Friendly PPPoE v3.0.0.26-->C:\WINDOWS\AppRun.exe C:\PROGRA~1\Friendly Technologies\BroadbandAccess
FriendlyPPPoEDriver-->C:\WINDOWS\AppRun.exe C:\PROGRA~1\Friendly Technologies\FriendlyPPPoEDriver
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
Messager Wanadoo-->C:\PROGRA~1\Messager Wanadoo\UNWISE.EXE C:\PROGRA~1\Messager Wanadoo\INSTALL.LOG
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
Samsung PC Studio 3-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
Satsuki Decoder Pack-->C:\Program Files\Satsuki Decodeur Pack\Uninstall.exe
Shockwave-->C:\WINDOWS\system32\Macromed\Shockwave 8\UNWISE.EXE C:\WINDOWS\system32\Macromed\Shockwave 8\Install.log
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VSO CopyToDVD 4-->"C:\Program Files\VSO\unins000.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
WinISO 5.3-->"C:\Program Files\WinISO\unins000.exe"
World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
YesMessenger 2.2.10-->"C:\Program Files\YesMessenger\unins000.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
======Hosts File======
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
======Security center information======
AV: ZoneAlarm Security Suite Antivirus
FW: ZoneAlarm Security Suite Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEVMGR_SHOW_DETAILS"=1
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip
"tvdumpflags"=8
-----------------EOF-----------------
Que dois je faire maintenant svp?
Enfin bon j'ai suivit les inscrtuctions de certains et voici le rapport :
Logfile of random's system information tool 1.04 (written by random/random)
Run by Administrateur at 2008-11-12 21:00:30
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 17 GB (22%) free of 78 GB
Total RAM: 511 MB (41% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\system32\msdxm.ocx [2004-08-04 848922]
{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar - C:\PROGRA~1\FlashGet\fgiebar.dll [2002-05-27 86016]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-09-13 286720]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2008-07-09 919016]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"SVCHOST.EXE"=C:\WINDOWS\system32\drivers\svchost.exe [2008-11-03 35328]
"brastk"=C:\WINDOWS\system32\brastk.exe [2008-11-04 5120]
"kava"=C:\WINDOWS\system32\kavo.exe [2008-07-06 128411]
C:\Documents and Settings\Administrateur.TITANIUM\Menu Démarrer\Programmes\Démarrage
PowerReg Scheduler.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="karna.dat"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"ForceClassicControlPanel"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\World of Warcraft\WoW-2.1.0-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-2.1.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b597ebe-853c-11dc-b19d-5050506f4531}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{162a9f91-ac31-11dd-9496-5050506f4531}]
shell\AutoRun\command - E:\ipy.cmd
shell\explore\command - E:\ipy.cmd
shell\open\command - E:\ipy.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1759b5e4-8438-11dc-b19c-5050506f4531}]
shell\AutoRun\command - E:\ipy.cmd
shell\explore\command - E:\ipy.cmd
shell\open\command - E:\ipy.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5ede6370-a813-11dc-b1d7-5050506f4531}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f517c0b4-9527-11dd-946f-5050506f4531}]
shell\AutoRun\command - ipy.cmd
shell\explore\command - ipy.cmd
shell\open\command - ipy.cmd
======List of files/folders created in the last 3 months======
2008-11-12 21:00:36 ----D---- C:\Program Files\trend micro
2008-11-12 21:00:30 ----D---- C:\rsit
2008-11-09 03:41:13 ----A---- C:\WINDOWS\Sysvxd.exe
2008-11-06 00:51:03 ----RSH---- C:\ipy.cmd
2008-11-06 00:50:35 ----RSH---- C:\WINDOWS\system32\kavo0.dll
2008-11-06 00:50:35 ----RSH---- C:\WINDOWS\system32\kavo.exe
2008-11-05 15:43:11 ----A---- C:\rollback.ini
2008-11-04 18:49:33 ----A---- C:\WINDOWS\system32\wini10841.exe
2008-11-03 23:17:15 ----A---- C:\WINDOWS\tewosaw.vbs
2008-11-03 23:17:15 ----A---- C:\WINDOWS\ajukaviwa.com
2008-11-03 23:17:15 ----A---- C:\Program Files\Fichiers communs\ysiqanocah.vbs
2008-11-03 23:17:15 ----A---- C:\Program Files\Fichiers communs\ysibaryk.vbs
2008-11-03 23:17:15 ----A---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\cobumetor.bat
2008-11-03 21:51:12 ----A---- C:\WINDOWS\system32\lalufor.com
2008-11-03 21:51:12 ----A---- C:\WINDOWS\oruzowy.com
2008-11-03 21:51:12 ----A---- C:\WINDOWS\hikogimi.vbs
2008-11-03 16:25:26 ----A---- C:\WINDOWS\brastk.exe
2008-11-03 16:24:04 ----A---- C:\WINDOWS\system32\brastk.exe
2008-10-22 16:42:07 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Blizzard
2008-10-05 19:30:07 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Vso
2008-10-05 19:27:44 ----D---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\Vso
2008-10-05 19:27:44 ----A---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\inst.exe
2008-10-05 19:27:29 ----D---- C:\Program Files\VSO
2008-08-20 19:20:17 ----D---- C:\Program Files\Sun
2008-08-20 19:20:02 ----A---- C:\WINDOWS\system32\javaws.exe
2008-08-20 19:20:02 ----A---- C:\WINDOWS\system32\javaw.exe
2008-08-20 19:20:02 ----A---- C:\WINDOWS\system32\java.exe
2008-08-15 18:43:02 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\MailFrontier
2008-08-15 18:42:40 ----A---- C:\WINDOWS\zllsputility_loc040c.dll
2008-08-15 18:42:40 ----A---- C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-08-15 18:42:40 ----A---- C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-08-15 18:42:39 ----A---- C:\WINDOWS\system32\vsutil_loc040c.dll
2008-08-15 18:42:36 ----A---- C:\WINDOWS\zllsputility.exe
2008-08-15 18:42:35 ----A---- C:\WINDOWS\system32\SpOrder.dll
2008-08-15 18:42:14 ----A---- C:\WINDOWS\system32\vsregexp.dll
2008-08-15 18:42:14 ----A---- C:\WINDOWS\system32\libeay32_0.9.6l.dll
2008-08-15 18:42:12 ----A---- C:\WINDOWS\system32\zlcommdb.dll
2008-08-15 18:42:12 ----A---- C:\WINDOWS\system32\zlcomm.dll
2008-08-15 18:42:06 ----A---- C:\WINDOWS\system32\vswmi.dll
2008-08-15 18:42:04 ----D---- C:\WINDOWS\system32\ZoneLabs
2008-08-15 18:42:04 ----A---- C:\WINDOWS\system32\zpeng24.dll
2008-08-15 18:42:04 ----A---- C:\WINDOWS\system32\vsxml.dll
2008-08-15 18:42:03 ----D---- C:\Program Files\Zone Labs
2008-08-15 18:42:03 ----A---- C:\WINDOWS\system32\vspubapi.dll
2008-08-15 18:42:03 ----A---- C:\WINDOWS\system32\vsmonapi.dll
2008-08-15 18:41:32 ----A---- C:\WINDOWS\system32\vsinit.dll
2008-08-15 18:41:32 ----A---- C:\WINDOWS\system32\vsdata.dll
2008-08-15 18:41:31 ----D---- C:\WINDOWS\Internet Logs
2008-08-15 18:41:31 ----A---- C:\WINDOWS\system32\vsutil.dll
2008-08-15 18:36:14 ----D---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\LimeWire
2008-08-15 18:35:52 ----D---- C:\Program Files\LimeWire
======List of files/folders modified in the last 3 months======
2008-11-12 21:00:44 ----D---- C:\WINDOWS\Prefetch
2008-11-12 21:00:36 ----RD---- C:\Program Files
2008-11-12 20:57:10 ----D---- C:\WINDOWS
2008-11-12 20:24:52 ----D---- C:\Program Files\eMule
2008-11-12 14:27:03 ----D---- C:\WINDOWS\Temp
2008-11-12 12:46:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-11-12 12:46:53 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-12 12:46:38 ----D---- C:\WINDOWS\system32
2008-11-12 01:15:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-10 20:55:11 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-11-09 02:17:22 ----D---- C:\Program Files\World of Warcraft
2008-11-04 19:59:33 ----D---- C:\Downloads
2008-11-04 19:14:10 ----D---- C:\Program Files\Mozilla Firefox
2008-11-04 13:56:42 ----D---- C:\WINDOWS\system32\drivers
2008-11-03 23:17:15 ----D---- C:\Program Files\Fichiers communs
2008-10-28 21:56:43 ----D---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\teamspeak2
2008-10-27 12:32:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-16 21:44:58 ----D---- C:\Program Files\FlashGet
2008-10-08 13:16:14 ----HD---- C:\WINDOWS\inf
2008-10-05 19:23:35 ----D---- C:\Program Files\Elaborate Bytes
2008-09-02 19:18:23 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-09-02 19:16:26 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-08-28 19:00:01 ----D---- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\Mozilla
2008-08-20 19:21:17 ----SHD---- C:\WINDOWS\Installer
2008-08-20 19:20:01 ----D---- C:\Program Files\Java
2008-08-16 12:06:00 ----A---- C:\WINDOWS\NeroDigital.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-04 41600]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2007-08-07 25160]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ElbyDelay;ElbyDelay; C:\WINDOWS\System32\Drivers\ElbyDelay.sys [2007-02-16 11984]
R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-05 47360]
R3 PPPoEWin;PPPoEWin Miniport; C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS [2004-01-20 106407]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-24 5888]
R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 GMSIPCI;GMSIPCI; \??\I:\INSTALL\GMSIPCI.SYS []
S3 KLIF;KLIF; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 krdpdre;krdpdre; \??\C:\DOCUME~1\ADMINI~1.TIT\LOCALS~1\Temp\krdpdre.sys []
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 PRISM_A02;802.11g USB 2.0 adapter; C:\WINDOWS\system32\DRIVERS\PRISMA02.sys [2005-02-01 348640]
S3 QV2KUX;Appareil photo numérique Casio; C:\WINDOWS\system32\DRIVERS\qv2kux.sys [2001-08-17 3328]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 TSP;TSP; \??\C:\WINDOWS\system32\drivers\klif.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Et le second :
info.txt logfile of random's system information tool 1.04 2008-11-12 21:00:53
======Uninstall list======
-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-aware SE - Traduction FR-->C:\Program Files\Lavasoft\Ad-Aware SE Professional\uninst-trad.exe
Ad-Aware SE Professional-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Apple Software Update-->MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
BroadbandAccess-->C:\WINDOWS\AppRun.exe C:\PROGRA~1\Friendly Technologies\BroadbandAccess
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EVEREST Ultimate Edition v4.00-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FlashGet(JetCar)-->C:\PROGRA~1\FlashGet\UNWISE.EXE C:\PROGRA~1\FlashGet\INSTALL.LOG
Friendly PPPoE v3.0.0.26-->C:\WINDOWS\AppRun.exe C:\PROGRA~1\Friendly Technologies\BroadbandAccess
FriendlyPPPoEDriver-->C:\WINDOWS\AppRun.exe C:\PROGRA~1\Friendly Technologies\FriendlyPPPoEDriver
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
LimeWire 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
Messager Wanadoo-->C:\PROGRA~1\Messager Wanadoo\UNWISE.EXE C:\PROGRA~1\Messager Wanadoo\INSTALL.LOG
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Mozilla Firefox (3.0.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
Samsung PC Studio 3-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
Satsuki Decoder Pack-->C:\Program Files\Satsuki Decodeur Pack\Uninstall.exe
Shockwave-->C:\WINDOWS\system32\Macromed\Shockwave 8\UNWISE.EXE C:\WINDOWS\system32\Macromed\Shockwave 8\Install.log
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VSO CopyToDVD 4-->"C:\Program Files\VSO\unins000.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
WinISO 5.3-->"C:\Program Files\WinISO\unins000.exe"
World of Warcraft-->C:\Program Files\Fichiers communs\Blizzard Entertainment\World of Warcraft\Uninstall.exe
Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
YesMessenger 2.2.10-->"C:\Program Files\YesMessenger\unins000.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
======Hosts File======
127.0.0.1 007guard.com
127.0.0.1 www.007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com
127.0.0.1 www.008k.com
127.0.0.1 00hq.com
127.0.0.1 www.00hq.com
127.0.0.1 010402.com
127.0.0.1 032439.com
127.0.0.1 www.032439.com
======Security center information======
AV: ZoneAlarm Security Suite Antivirus
FW: ZoneAlarm Security Suite Firewall
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEVMGR_SHOW_DETAILS"=1
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_05\lib\ext\QTJava.zip
"tvdumpflags"=8
-----------------EOF-----------------
Que dois je faire maintenant svp?
Bonsoir JFK,
Effectivement, ce n est pas fini !!!
Voici le rapport de ce que m as demandé plus haut:
A noté que ce matin, j ai fait AVG, AVG AntSpy et MalewareBytes, et il en avait énormément.
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/
Generated 11/12/2008 at 07:47 P
Application Version : 4.21.1004
Core Rules Database Version : 3634
Trace Rules Database Version: 1617
Scan type : Complete Scan
Total Scan Time : 00:52:39
Memory items scanned : 468
Memory threats detected : 0
Registry items scanned : 5773
Registry threats detected : 0
File items scanned : 65258
File threats detected : 21
Adware.Tracking Cookie
C:\Documents and Settings\The Heart\Cookies\the heart@doubleclick[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@xiti[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@adopt.euroclick[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@fl01.ct2.comclick[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@advertising[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@revsci[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@fastclick[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@cetelem.solution.weborama[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@mediaplex[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@ads.ratiatum[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@adviva[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@apmebf[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@bluestreak[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@specificclick[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@wysistat[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@atdmt[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@tradedoubler[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@smartadserver[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@weborama[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@yourmedia[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@1070847646[1].txt
Effectivement, ce n est pas fini !!!
Voici le rapport de ce que m as demandé plus haut:
A noté que ce matin, j ai fait AVG, AVG AntSpy et MalewareBytes, et il en avait énormément.
SUPERAntiSpyware Scan Log
https://www.superantispyware.com/
Generated 11/12/2008 at 07:47 P
Application Version : 4.21.1004
Core Rules Database Version : 3634
Trace Rules Database Version: 1617
Scan type : Complete Scan
Total Scan Time : 00:52:39
Memory items scanned : 468
Memory threats detected : 0
Registry items scanned : 5773
Registry threats detected : 0
File items scanned : 65258
File threats detected : 21
Adware.Tracking Cookie
C:\Documents and Settings\The Heart\Cookies\the heart@doubleclick[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@xiti[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@adopt.euroclick[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@fl01.ct2.comclick[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@advertising[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@revsci[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@fastclick[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@cetelem.solution.weborama[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@mediaplex[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@ads.ratiatum[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@adviva[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@apmebf[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@bluestreak[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@specificclick[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@wysistat[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@atdmt[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@tradedoubler[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@smartadserver[2].txt
C:\Documents and Settings\The Heart\Cookies\the heart@weborama[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@yourmedia[1].txt
C:\Documents and Settings\The Heart\Cookies\the heart@1070847646[1].txt
