Page Publicitaire intempestive
Forum Sécurité - Virus : Page Publicitaire intempestive
Bonsoir à tous, voila mon problème.
Depuis quelques temps des fenêtres de pubs intempestives s'affichent quand je démarre internet. Sachant très peu d'ou peut provenir le problème, j'ai donc fais un rapport hijackthis, le voici:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:27, on 01/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\robin\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [CRBroadCasting] C:\Program Files\CardReader2.0\CRBroadCasting.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [a43d6a30] rundll32.exe "C:\WINDOWS\system32\xcxlshuh.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKCU\..\Run: [Settings second] C:\DOCUME~1\robin\APPLIC~1\EACHSU~1\Active mfcd.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O20 - AppInit_DLLs: sivqdq.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OTi Card Reader Service - Unknown owner - C:\Program Files\CardReader2.0\OTiReader.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 5800 bytes
Merci d'avance de me guider afin de supprimer ces pubs.
Salut,
Du Lop et du Vundo.
- Télécharge Lop S&D sur ton Bureau.
- Double-clique dessus pour lancer l'installation.
- Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau.
- Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).
- Patiente jusqu'à la fin du scan.
- Poste le rapport généré (C:\lopR.txt).
Bonjour,
Poste pour suivre.
Sécurité / Prévention
Répondre à Egwene
Voila le rapport:
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.40GHz )
BIOS : Default System BIOS
USER : robin ( Administrator )
BOOT : Normal boot
Antivirus : Bitdefender Antivirus 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:189 Go (Free:180 Go)
H:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [1] ( 01/11/2008|20:45 )
--------------------\\ Listing des dossiers dans APPLIC~1
[10/08/2008|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
[10/10/2008|22:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[28/10/2008|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[14/09/2008|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
[18/10/2008|08:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Find Browse New
[17/08/2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[10/08/2008|19:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[10/08/2008|19:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[11/08/2008|17:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
[19/10/2008|17:46] C:\DOCUME~1\NETWOR~1\APPLIC~1\each support bird
[19/10/2008|17:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
[10/08/2008|19:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[11/08/2008|17:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
[11/08/2008|19:04] C:\DOCUME~1\robin\APPLIC~1\Adobe
[10/08/2008|19:15] C:\DOCUME~1\robin\APPLIC~1\Bitdefender
[28/09/2008|14:31] C:\DOCUME~1\robin\APPLIC~1\dvdcss
[18/10/2008|08:17] C:\DOCUME~1\robin\APPLIC~1\each support bird
[10/08/2008|19:11] C:\DOCUME~1\robin\APPLIC~1\Identities
[11/08/2008|15:33] C:\DOCUME~1\robin\APPLIC~1\InterTrust
[11/08/2008|18:26] C:\DOCUME~1\robin\APPLIC~1\Macromedia
[12/10/2008|20:49] C:\DOCUME~1\robin\APPLIC~1\Microsoft
[25/10/2008|23:51] C:\DOCUME~1\robin\APPLIC~1\mIRC
[28/08/2008|07:55] C:\DOCUME~1\robin\APPLIC~1\Mozilla
[19/08/2008|09:31] C:\DOCUME~1\robin\APPLIC~1\RayV
[11/08/2008|17:01] C:\DOCUME~1\robin\APPLIC~1\Talkback
[27/10/2008|09:41] C:\DOCUME~1\robin\APPLIC~1\teamspeak2
[28/08/2008|07:55] C:\DOCUME~1\robin\APPLIC~1\Thunderbird
[18/08/2008|21:17] C:\DOCUME~1\robin\APPLIC~1\vlc
[23/08/2008|21:20] C:\DOCUME~1\robin\APPLIC~1\WinRAR
[01/11/2008|19:15] C:\DOCUME~1\robin\APPLIC~1\Xfire
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[01/11/2008 20:00][--ah-----] C:\WINDOWS\tasks\AB38D74E918B4D5E.job
[01/11/2008 19:13][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
( AB38D74E918B4D5E.job )=( c:\docume~1\robin\applic~1\eachsu~1\LoveDrvView.exe )
--------------------\\ Listing des dossiers dans C:\Program Files
[11/08/2008|15:33] C:\Program Files\Adobe
[10/08/2008|19:14] C:\Program Files\BitDefender
[11/08/2008|15:36] C:\Program Files\CardReader2.0
[28/10/2008|01:10] C:\Program Files\Circle Developement
[11/08/2008|15:52] C:\Program Files\Common Files
[10/08/2008|18:57] C:\Program Files\ComPlus Applications
[11/08/2008|15:27] C:\Program Files\D-Link
[14/10/2008|17:48] C:\Program Files\Dofus
[18/10/2008|08:16] C:\Program Files\each support bird
[17/08/2008|20:32] C:\Program Files\Fichiers communs
[11/08/2008|15:55] C:\Program Files\InstallShield Installation Information
[12/10/2008|14:30] C:\Program Files\Internet Explorer
[10/09/2008|15:01] C:\Program Files\Messenger
[10/10/2008|22:31] C:\Program Files\Messenger Plus! Live
[10/09/2008|15:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[10/08/2008|19:02] C:\Program Files\microsoft frontpage
[25/10/2008|23:44] C:\Program Files\mIRC
[10/08/2008|18:58] C:\Program Files\Movie Maker
[01/11/2008|20:05] C:\Program Files\Mozilla Firefox
[19/10/2008|18:07] C:\Program Files\Mozilla Thunderbird
[11/08/2008|18:37] C:\Program Files\MSN
[10/08/2008|18:56] C:\Program Files\MSN Gaming Zone
[11/08/2008|18:46] C:\Program Files\MSN Toolbar
[10/08/2008|18:59] C:\Program Files\NetMeeting
[10/08/2008|18:56] C:\Program Files\Online Services
[10/08/2008|18:59] C:\Program Files\Outlook Express
[11/08/2008|18:26] C:\Program Files\RayV
[10/08/2008|19:00] C:\Program Files\Services en ligne
[11/08/2008|15:55] C:\Program Files\Sony
[01/11/2008|19:13] C:\Program Files\Steam
[11/08/2008|17:08] C:\Program Files\Teamspeak2_RC2
[28/10/2008|00:46] C:\Program Files\TeamSpeak3
[10/08/2008|19:11] C:\Program Files\Uninstall Information
[11/08/2008|18:28] C:\Program Files\VideoLAN
[17/10/2008|22:01] C:\Program Files\Wakfu
[17/08/2008|20:33] C:\Program Files\Windows Live
[24/10/2008|19:22] C:\Program Files\Windows Media Connect 2
[25/10/2008|09:17] C:\Program Files\Windows Media Player
[10/08/2008|18:56] C:\Program Files\Windows NT
[10/08/2008|19:00] C:\Program Files\WindowsUpdate
[23/08/2008|21:20] C:\Program Files\WinRAR
[27/10/2008|22:49] C:\Program Files\Wolfenstein - Enemy Territory
[10/08/2008|19:02] C:\Program Files\xerox
[01/11/2008|19:15] C:\Program Files\Xfire
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[11/08/2008|15:34] C:\Program Files\Fichiers communs\Adobe
[10/08/2008|19:15] C:\Program Files\Fichiers communs\BitDefender
[11/08/2008|15:55] C:\Program Files\Fichiers communs\InstallShield
[17/08/2008|20:33] C:\Program Files\Fichiers communs\Microsoft Shared
[10/08/2008|18:59] C:\Program Files\Fichiers communs\MSSoap
[10/08/2008|20:47] C:\Program Files\Fichiers communs\ODBC
[10/08/2008|18:59] C:\Program Files\Fichiers communs\Services
[11/08/2008|15:55] C:\Program Files\Fichiers communs\Sony Shared
[10/08/2008|20:47] C:\Program Files\Fichiers communs\SpeechEngines
[10/08/2008|18:58] C:\Program Files\Fichiers communs\System
[17/08/2008|20:33] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 35 Processes )
iexplore.exe ~ [PID:1864]
iexplore.exe ~ [PID:2348]
--------------------\\ Recherche avec S_Lop
C:\DOCUME~1\robin\LOCALS~1\Temp\bisB3.exe
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Find Browse New
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Find Browse New\Copy Up.exe
C:\DOCUME~1\NETWOR~1\APPLIC~1\eachsu~1
C:\DOCUME~1\NETWOR~1\APPLIC~1\eachsu~1\Active mfcd.exe
C:\DOCUME~1\robin\APPLIC~1\eachsu~1
C:\DOCUME~1\robin\APPLIC~1\eachsu~1\Active mfcd.exe
C:\DOCUME~1\robin\APPLIC~1\eachsu~1\bprzlprb.exe
C:\DOCUME~1\robin\APPLIC~1\eachsu~1\gnkadwgu.exe
C:\DOCUME~1\robin\APPLIC~1\eachsu~1\LoveDrvView.exe
C:\DOCUME~1\robin\APPLIC~1\eachsu~1\oxesmaqs.exe
C:\DOCUME~1\robin\APPLIC~1\eachsu~1\Real Comp Platform Nurb.exe
C:\Program Files\eachsu~1
C:\DOCUME~1\robin\LOCALS~1\Temp\nsa61.tmp
C:\DOCUME~1\robin\LOCALS~1\Temp\nsk5F.tmp
C:\DOCUME~1\robin\LOCALS~1\Temp\nsoBB.tmp
C:\DOCUME~1\robin\LOCALS~1\Temp\nsr1D.tmp
C:\DOCUME~1\robin\LOCALS~1\Temp\nsu2F.tmp
C:\DOCUME~1\robin\LOCALS~1\Temp\nsu5E.tmp
C:\DOCUME~1\robin\LOCALS~1\Temp\nsz5D.tmp
C:\Program Files\Circle Developement
C:\DOCUME~1\robin\Cookies\robin@adin.bigpoint[1].txt
C:\DOCUME~1\robin\Cookies\robin@bigpoint[2].txt
C:\DOCUME~1\robin\Cookies\robin@fr.seafight.bigpoint[1].txt
C:\DOCUME~1\robin\Cookies\robin@fr.xblaster.bigpoint[1].txt
C:\DOCUME~1\robin\Cookies\robin@adopt.euroclick[2].txt
C:\DOCUME~1\robin\Cookies\robin@pacificpoker[1].txt
C:\DOCUME~1\robin\Cookies\robin@fr.seafight.bigpoint[1].txt
C:\WINDOWS\Tasks\AB38D74E918B4D5E.job
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Settings second"="C:\\DOCUME~1\\robin\\APPLIC~1\\EACHSU~1\\Active mfcd.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-01 21:01:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
C:\WINDOWS\system32\NWyIRqss.ini
C:\WINDOWS\system32\NWyIRqss.ini2
C:\WINDOWS\system32\ssqRIyWN.dll
==> VUNDO <==
[F:996][D:95]-> C:\DOCUME~1\robin\LOCALS~1\Temp
[F:115][D:0]-> C:\DOCUME~1\robin\Cookies
[F:2715][D:4]-> C:\DOCUME~1\robin\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 01/11/2008|21:06 - Option : [1]
--------------------\\ Fin du rapport a 21:06:27
- Relance Lop S&D.
- Choisis cette fois-ci l'option 2 (Suppression).
- Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré (C:\lopR.txt).
Voila le rapport (désolé de cette réponse tardive j'avais un petit soucis de connexion)
--------------------\\ Lop S&D 4.2.4-9c XP/Vista
Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.40GHz )
BIOS : Default System BIOS
USER : robin ( Administrator )
BOOT : Normal boot
Antivirus : Bitdefender Antivirus 8.0 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:189 Go (Free:175 Go)
H:\ (CD or DVD)
"C:\Lop SD" ( MAJ : 01-11-2008|16:30 )
Option : [2] ( 02/11/2008|20:57 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Find Browse New\Copy Up.exe
Supprime! - C:\DOCUME~1\NETWOR~1\APPLIC~1\eachsu~1\Active mfcd.exe
Supprime! - C:\DOCUME~1\robin\APPLIC~1\eachsu~1\Active mfcd.exe
Supprime! - C:\DOCUME~1\robin\APPLIC~1\eachsu~1\bprzlprb.exe
Supprime! - C:\DOCUME~1\robin\APPLIC~1\eachsu~1\gnkadwgu.exe
Supprime! - C:\DOCUME~1\robin\APPLIC~1\eachsu~1\LoveDrvView.exe
Supprime! - C:\DOCUME~1\robin\APPLIC~1\eachsu~1\oxesmaqs.exe
Supprime! - C:\DOCUME~1\robin\APPLIC~1\eachsu~1\Real Comp Platform Nurb.exe
Supprime! - C:\DOCUME~1\robin\LOCALS~1\Temp\nsa61.tmp
Supprime! - C:\DOCUME~1\robin\LOCALS~1\Temp\nsk5F.tmp
Supprime! - C:\DOCUME~1\robin\LOCALS~1\Temp\nsoBB.tmp
Supprime! - C:\DOCUME~1\robin\LOCALS~1\Temp\nsr1D.tmp
Supprime! - C:\DOCUME~1\robin\LOCALS~1\Temp\nsu2F.tmp
Supprime! - C:\DOCUME~1\robin\LOCALS~1\Temp\nsu5E.tmp
Supprime! - C:\DOCUME~1\robin\LOCALS~1\Temp\nsz5D.tmp
Supprime! - C:\DOCUME~1\robin\Cookies\robin@adin.bigpoint[1].txt
Supprime! - C:\DOCUME~1\robin\Cookies\robin@bigpoint[2].txt
Supprime! - C:\DOCUME~1\robin\Cookies\robin@fr.seafight.bigpoint[1].txt
Supprime! - C:\DOCUME~1\robin\Cookies\robin@fr.xblaster.bigpoint[1].txt
Supprime! - C:\DOCUME~1\robin\Cookies\robin@adopt.euroclick[2].txt
Supprime! - C:\DOCUME~1\robin\Cookies\robin@pacificpoker[1].txt
Supprime! - C:\WINDOWS\Tasks\AB38D74E918B4D5E.job
Supprime! - C:\DOCUME~1\robin\LOCALS~1\Temp\bisB3.exe
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Wait Find Browse New
Supprime! - C:\DOCUME~1\NETWOR~1\APPLIC~1\eachsu~1
Supprime! - C:\DOCUME~1\robin\APPLIC~1\eachsu~1
Supprime! - C:\Program Files\eachsu~1
Supprime! - C:\Program Files\Circle Developement
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[10/08/2008|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
[10/10/2008|22:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[28/10/2008|19:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[14/09/2008|18:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\pixelStorm
[17/08/2008|20:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[10/08/2008|19:02] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[10/08/2008|19:02] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[11/08/2008|17:44] C:\DOCUME~1\LOCALS~1\APPLIC~1\Xfire
[19/10/2008|17:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
[10/08/2008|19:02] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[11/08/2008|17:45] C:\DOCUME~1\NETWOR~1\APPLIC~1\Xfire
[11/08/2008|19:04] C:\DOCUME~1\robin\APPLIC~1\Adobe
[10/08/2008|19:15] C:\DOCUME~1\robin\APPLIC~1\Bitdefender
[28/09/2008|14:31] C:\DOCUME~1\robin\APPLIC~1\dvdcss
[10/08/2008|19:11] C:\DOCUME~1\robin\APPLIC~1\Identities
[11/08/2008|15:33] C:\DOCUME~1\robin\APPLIC~1\InterTrust
[11/08/2008|18:26] C:\DOCUME~1\robin\APPLIC~1\Macromedia
[12/10/2008|20:49] C:\DOCUME~1\robin\APPLIC~1\Microsoft
[25/10/2008|23:51] C:\DOCUME~1\robin\APPLIC~1\mIRC
[28/08/2008|07:55] C:\DOCUME~1\robin\APPLIC~1\Mozilla
[19/08/2008|09:31] C:\DOCUME~1\robin\APPLIC~1\RayV
[11/08/2008|17:01] C:\DOCUME~1\robin\APPLIC~1\Talkback
[27/10/2008|09:41] C:\DOCUME~1\robin\APPLIC~1\teamspeak2
[28/08/2008|07:55] C:\DOCUME~1\robin\APPLIC~1\Thunderbird
[18/08/2008|21:17] C:\DOCUME~1\robin\APPLIC~1\vlc
[23/08/2008|21:20] C:\DOCUME~1\robin\APPLIC~1\WinRAR
[02/11/2008|20:57] C:\DOCUME~1\robin\APPLIC~1\Xfire
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[02/11/2008 20:33][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 13:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[11/08/2008|15:33] C:\Program Files\Adobe
[10/08/2008|19:14] C:\Program Files\BitDefender
[11/08/2008|15:36] C:\Program Files\CardReader2.0
[11/08/2008|15:52] C:\Program Files\Common Files
[10/08/2008|18:57] C:\Program Files\ComPlus Applications
[11/08/2008|15:27] C:\Program Files\D-Link
[14/10/2008|17:48] C:\Program Files\Dofus
[17/08/2008|20:32] C:\Program Files\Fichiers communs
[11/08/2008|15:55] C:\Program Files\InstallShield Installation Information
[12/10/2008|14:30] C:\Program Files\Internet Explorer
[10/09/2008|15:01] C:\Program Files\Messenger
[10/10/2008|22:31] C:\Program Files\Messenger Plus! Live
[10/09/2008|15:01] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[10/08/2008|19:02] C:\Program Files\microsoft frontpage
[25/10/2008|23:44] C:\Program Files\mIRC
[10/08/2008|18:58] C:\Program Files\Movie Maker
[02/11/2008|20:47] C:\Program Files\Mozilla Firefox
[19/10/2008|18:07] C:\Program Files\Mozilla Thunderbird
[11/08/2008|18:37] C:\Program Files\MSN
[10/08/2008|18:56] C:\Program Files\MSN Gaming Zone
[11/08/2008|18:46] C:\Program Files\MSN Toolbar
[10/08/2008|18:59] C:\Program Files\NetMeeting
[10/08/2008|18:56] C:\Program Files\Online Services
[10/08/2008|18:59] C:\Program Files\Outlook Express
[11/08/2008|18:26] C:\Program Files\RayV
[10/08/2008|19:00] C:\Program Files\Services en ligne
[11/08/2008|15:55] C:\Program Files\Sony
[02/11/2008|20:35] C:\Program Files\Steam
[11/08/2008|17:08] C:\Program Files\Teamspeak2_RC2
[28/10/2008|00:46] C:\Program Files\TeamSpeak3
[10/08/2008|19:11] C:\Program Files\Uninstall Information
[11/08/2008|18:28] C:\Program Files\VideoLAN
[17/10/2008|22:01] C:\Program Files\Wakfu
[17/08/2008|20:33] C:\Program Files\Windows Live
[24/10/2008|19:22] C:\Program Files\Windows Media Connect 2
[25/10/2008|09:17] C:\Program Files\Windows Media Player
[10/08/2008|18:56] C:\Program Files\Windows NT
[10/08/2008|19:00] C:\Program Files\WindowsUpdate
[23/08/2008|21:20] C:\Program Files\WinRAR
[27/10/2008|22:49] C:\Program Files\Wolfenstein - Enemy Territory
[10/08/2008|19:02] C:\Program Files\xerox
[01/11/2008|19:15] C:\Program Files\Xfire
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[11/08/2008|15:34] C:\Program Files\Fichiers communs\Adobe
[10/08/2008|19:15] C:\Program Files\Fichiers communs\BitDefender
[11/08/2008|15:55] C:\Program Files\Fichiers communs\InstallShield
[17/08/2008|20:33] C:\Program Files\Fichiers communs\Microsoft Shared
[10/08/2008|18:59] C:\Program Files\Fichiers communs\MSSoap
[10/08/2008|20:47] C:\Program Files\Fichiers communs\ODBC
[10/08/2008|18:59] C:\Program Files\Fichiers communs\Services
[11/08/2008|15:55] C:\Program Files\Fichiers communs\Sony Shared
[10/08/2008|20:47] C:\Program Files\Fichiers communs\SpeechEngines
[10/08/2008|18:58] C:\Program Files\Fichiers communs\System
[17/08/2008|20:33] C:\Program Files\Fichiers communs\WindowsLiveInstaller
--------------------\\ Process
( 36 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOCUME~1\robin\Cookies\robin@banner.cotedazurpalace[2].txt
C:\DOCUME~1\robin\Cookies\robin@cotedazurpalace[2].txt
C:\DOCUME~1\robin\Cookies\robin@www.cotedazurpalace[1].txt
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 21:13:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
C:\WINDOWS\system32\NWyIRqss.ini
C:\WINDOWS\system32\NWyIRqss.ini2
C:\WINDOWS\system32\ssqRIyWN.dll
==> VUNDO <==
[F:1009][D:98]-> C:\DOCUME~1\robin\LOCALS~1\Temp
[F:128][D:0]-> C:\DOCUME~1\robin\Cookies
[F:155][D:4]-> C:\DOCUME~1\robin\LOCALS~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 01/11/2008|21:06 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 02/11/2008|21:18 - Option : [2]
--------------------\\ Fin du rapport a 21:18:13
Ok bien, on va s'occuper de Vundo.
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
- Double-clique sur RSIT.exe afin de lancer le programme.
- Clique sur Continue à l'écran Disclaimer.
- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparait à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : Les rapports sont sauvegardés dans le dossier C:\rsit
Voila le rapport log.txt:
Logfile of random's system information tool 1.04 (written by random/random)
Run by robin at 2008-11-03 13:16:35
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 180 GB (92%) free of 194 GB
Total RAM: 1023 MB (46% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:16:57, on 03/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CardReader2.0\OTiReader.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\CardReader2.0\CRBroadCasting.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Dofus\dofus.dll
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Documents and Settings\robin\Bureau\RSIT.exe
C:\Documents and Settings\robin\Bureau\robin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {584AA69A-F2AB-4155-A7EB-EC5DCB011B14} - C:\WINDOWS\system32\ssqRIyWN.dll
O2 - BHO: (no name) - {62D1390B-75E8-445C-A99D-3340E08FD4C5} - C:\WINDOWS\system32\xxyawtTj.dll (file missing)
O2 - BHO: {c12a5960-7a26-13d8-a764-0850eb24df97} - {79fd42be-0580-467a-8d31-62a70695a21c} - C:\WINDOWS\system32\mwaxzr.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [CRBroadCasting] C:\Program Files\CardReader2.0\CRBroadCasting.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [RayV] C:\Program Files\RayV\RayV\RayV.exe /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O20 - AppInit_DLLs: mwaxzr.dll
O20 - Winlogon Notify: xxyawtTj - xxyawtTj.dll (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OTi Card Reader Service - Unknown owner - C:\Program Files\CardReader2.0\OTiReader.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 6717 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-03-02 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{584AA69A-F2AB-4155-A7EB-EC5DCB011B14}]
C:\WINDOWS\system32\ssqRIyWN.dll [2008-10-24 317440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62D1390B-75E8-445C-A99D-3340E08FD4C5}]
C:\WINDOWS\system32\xxyawtTj.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79fd42be-0580-467a-8d31-62a70695a21c}]
C:\WINDOWS\system32\mwaxzr.dll [2008-11-02 123904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll [2008-08-11 86016]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Barre d'outils MSN - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll [2005-02-07 203464]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe [2008-09-16 368640]
"CRBroadCasting"=C:\Program Files\CardReader2.0\CRBroadCasting.exe [2004-02-26 24576]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-08-02 7110656]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-08-02 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"Steam"=C:\Program Files\Steam\Steam.exe [2008-10-11 1410296]
"RayV"=C:\Program Files\RayV\RayV\RayV.exe [2008-08-31 3708200]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
D-Link AirPlus G+ Wireless Adapter Utility.lnk - C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Documents and Settings\robin\Menu Démarrer\Programmes\Démarrage
Xfire.lnk - C:\Program Files\Xfire\xfire.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="mwaxzr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyawtTj]
xxyawtTj.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{62D1390B-75E8-445C-A99D-3340E08FD4C5}"=C:\WINDOWS\system32\xxyawtTj.dll []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\ssqRIyWN
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\Program Files\RayV\RayV\RayV.exe"="C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
======List of files/folders created in the last 1 months======
2008-11-03 13:16:35 ----D---- C:\rsit
2008-11-02 20:37:46 ----SH---- C:\WINDOWS\system32\sdttiikk.ini
2008-11-02 20:37:45 ----A---- C:\WINDOWS\system32\kkiittds.dll
2008-11-02 20:36:41 ----A---- C:\WINDOWS\system32\mwaxzr.dll
2008-11-02 20:36:36 ----A---- C:\WINDOWS\system32\nhxyeffj.dll
2008-11-02 19:18:57 ----A---- C:\WINDOWS\system32\xnpqws.dll
2008-11-02 19:18:57 ----A---- C:\WINDOWS\system32\tueadcox.dll
2008-11-02 19:15:57 ----SH---- C:\WINDOWS\system32\tnwljugl.ini
2008-11-01 20:44:08 ----A---- C:\lopR.txt
2008-11-01 20:42:09 ----D---- C:\Lop SD
2008-11-01 19:16:06 ----A---- C:\WINDOWS\system32\ujtioepm.dll
2008-11-01 19:16:06 ----A---- C:\WINDOWS\system32\sivqdq.dll
2008-11-01 19:14:40 ----SH---- C:\WINDOWS\system32\huhslxcx.ini
2008-10-28 19:16:21 ----A---- C:\WINDOWS\system32\qeiule.dll
2008-10-28 19:16:21 ----A---- C:\WINDOWS\system32\lqvynxox.dll
2008-10-28 16:18:09 ----A---- C:\WINDOWS\system32\gphlkowk.exe
2008-10-28 16:16:47 ----SH---- C:\WINDOWS\system32\vxflcjxc.ini
2008-10-28 16:16:39 ----A---- C:\WINDOWS\system32\cxjclfxv.dll
2008-10-28 14:46:06 ----SH---- C:\WINDOWS\system32\euciswfg.ini
2008-10-28 14:43:02 ----A---- C:\WINDOWS\system32\xqfslrnx.dll
2008-10-28 14:43:02 ----A---- C:\WINDOWS\system32\qjpdmv.dll
2008-10-28 14:40:00 ----A---- C:\WINDOWS\system32\ofahejoa.exe
2008-10-28 00:46:10 ----D---- C:\Program Files\TeamSpeak3
2008-10-27 14:45:55 ----SH---- C:\WINDOWS\system32\xsgatdoa.ini
2008-10-27 14:45:45 ----A---- C:\WINDOWS\system32\aodtagsx.dll
2008-10-27 14:38:29 ----A---- C:\WINDOWS\system32\ghzous.dll
2008-10-27 14:38:25 ----A---- C:\WINDOWS\system32\uuggvghq.dll
2008-10-27 10:01:36 ----SH---- C:\WINDOWS\system32\grhlodrs.ini
2008-10-27 10:01:36 ----A---- C:\WINDOWS\system32\srdolhrg.dll
2008-10-27 09:58:35 ----A---- C:\WINDOWS\system32\rkncabll.exe
2008-10-27 09:55:36 ----A---- C:\WINDOWS\system32\uqfgiohc.dll
2008-10-27 09:55:36 ----A---- C:\WINDOWS\system32\dvyhwj.dll
2008-10-26 09:57:59 ----A---- C:\WINDOWS\system32\tgamjhru.exe
2008-10-26 09:55:19 ----SH---- C:\WINDOWS\system32\rpkiptdw.ini
2008-10-26 09:53:28 ----A---- C:\WINDOWS\system32\btcwoo.dll
2008-10-26 09:53:26 ----A---- C:\WINDOWS\system32\rvbdhisg.dll
2008-10-25 09:26:37 ----SH---- C:\WINDOWS\system32\fkghaktt.ini
2008-10-25 09:26:37 ----A---- C:\WINDOWS\system32\ttkahgkf.dll
2008-10-25 09:23:39 ----A---- C:\WINDOWS\system32\fljmex.dll
2008-10-25 09:23:38 ----A---- C:\WINDOWS\system32\kvakwagy.dll
2008-10-24 23:23:40 ----SH---- C:\WINDOWS\system32\gsixibcj.ini
2008-10-24 23:21:53 ----A---- C:\WINDOWS\system32\yheinfgh.dll
2008-10-24 23:21:53 ----A---- C:\WINDOWS\system32\qvhbej.dll
2008-10-24 23:21:23 ----A---- C:\WINDOWS\system32\af1eae4e-.txt
2008-10-24 23:20:36 ----ASH---- C:\WINDOWS\system32\NWyIRqss.ini2
2008-10-24 23:20:36 ----ASH---- C:\WINDOWS\system32\NWyIRqss.ini
2008-10-24 23:20:31 ----A---- C:\WINDOWS\system32\ssqRIyWN.dll
2008-10-24 23:15:23 ----A---- C:\WINDOWS\system32\~.exe
2008-10-24 19:23:35 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2008-10-24 19:23:06 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-10-24 19:23:05 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2008-10-24 19:22:36 ----D---- C:\Program Files\Windows Media Connect 2
2008-10-24 19:21:50 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2008-10-24 19:17:36 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2008-10-24 19:16:16 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$
2008-10-14 18:05:31 ----D---- C:\WINDOWS\system32\CatRoot_bak
2008-10-10 23:11:50 ----D---- C:\Program Files\Wakfu
2008-10-10 22:32:51 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-10-10 22:31:32 ----D---- C:\Program Files\Messenger Plus! Live
2008-10-09 01:47:12 ----A---- C:\WINDOWS\system32\xfcodec.dll
2008-10-04 08:18:39 ----D---- C:\WINDOWS\ie7updates
2008-10-04 08:17:30 ----D---- C:\WINDOWS\WBEM
2008-10-04 08:17:27 ----D---- C:\WINDOWS\system32\fr-fr
2008-10-04 08:14:19 ----HDC---- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
2008-10-04 08:13:59 ----HDC---- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
2008-10-04 08:13:06 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-10-04 08:13:03 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-10-04 08:10:55 ----A---- C:\WINDOWS\system32\MRT.exe
2008-10-04 08:10:40 ----D---- C:\WINDOWS\network diagnostic
2008-10-04 08:10:39 ----HDC---- C:\WINDOWS\$NtUninstallKB914440$
2008-10-04 08:10:18 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
======List of files/folders modified in the last 1 months======
2008-11-03 13:16:35 ----D---- C:\WINDOWS\Prefetch
2008-11-03 13:15:59 ----D---- C:\WINDOWS\Temp
2008-11-03 13:13:22 ----D---- C:\Program Files\Mozilla Firefox
2008-11-03 12:32:50 ----D---- C:\WINDOWS\system32
2008-11-03 11:02:16 ----D---- C:\Program Files\Steam
2008-11-02 23:03:28 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-11-02 23:03:14 ----A---- C:\WINDOWS\bdagent.INI
2008-11-02 20:58:31 ----RD---- C:\Program Files
2008-11-02 20:58:26 ----SD---- C:\WINDOWS\Tasks
2008-11-02 20:57:10 ----D---- C:\Documents and Settings\robin\Application Data\Xfire
2008-11-02 20:52:38 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2008-11-02 15:42:26 ----D---- C:\WINDOWS\system32\CatRoot2
2008-11-01 19:15:23 ----SD---- C:\Program Files\Xfire
2008-10-28 19:58:46 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-10-28 19:58:04 ----HD---- C:\WINDOWS\inf
2008-10-27 22:49:30 ----D---- C:\Program Files\Wolfenstein - Enemy Territory
2008-10-27 09:41:47 ----D---- C:\Documents and Settings\robin\Application Data\teamspeak2
2008-10-26 09:54:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-25 23:51:15 ----D---- C:\Documents and Settings\robin\Application Data\mIRC
2008-10-25 23:44:14 ----D---- C:\Program Files\mIRC
2008-10-25 09:17:50 ----D---- C:\WINDOWS
2008-10-25 09:17:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-10-25 09:17:04 ----D---- C:\WINDOWS\AppPatch
2008-10-25 09:17:04 ----D---- C:\Program Files\Windows Media Player
2008-10-24 19:23:11 ----A---- C:\WINDOWS\imsins.BAK
2008-10-24 19:22:49 ----A---- C:\WINDOWS\win.ini
2008-10-24 19:22:14 ----D---- C:\WINDOWS\Help
2008-10-24 19:18:17 ----D---- C:\WINDOWS\system32\drivers
2008-10-24 19:16:25 ----D---- C:\WINDOWS\system32\LogFiles
2008-10-19 18:07:45 ----D---- C:\Program Files\Mozilla Thunderbird
2008-10-14 18:31:10 ----D---- C:\WINDOWS\system32\CatRoot
2008-10-14 18:05:31 ----D---- C:\WINDOWS\Debug
2008-10-14 17:48:24 ----D---- C:\Program Files\Dofus
2008-10-12 20:49:04 ----SD---- C:\Documents and Settings\robin\Application Data\Microsoft
2008-10-12 14:30:51 ----D---- C:\Program Files\Internet Explorer
2008-10-12 10:13:04 ----D---- C:\WINDOWS\Media
2008-10-04 08:18:22 ----HD---- C:\WINDOWS\$hf_mig$
2008-10-04 08:17:37 ----D---- C:\WINDOWS\system32\config
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-05 40320]
R2 nvcap;nVidia WDM Video Capture (universal); C:\WINDOWS\system32\DRIVERS\nvcap.sys [2002-06-27 106044]
R2 nvTUNEP;nVidia WDM TVTuner; C:\WINDOWS\system32\DRIVERS\nvtunep.sys [2002-06-27 16064]
R2 nvtvSND;nVidia WDM TVAudio Crossbar; C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys [2002-06-27 14048]
R2 NVXBAR;nVidia WDM A/V Crossbar; C:\WINDOWS\system32\DRIVERS\NVxbar.sys [2002-06-27 10398]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 bdfsfltr;bdfsfltr; 730079007300740065006D00330032005C0044005200490056004500520053005C00620064006600730066006C00740072002E007300790073000000 []
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2008\bdselfpr.sys []
R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-08-02 3199328]
R3 odysseyIM3;Odyssey Network Services Miniport; C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys [2004-08-20 62865]
R3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
R3 TNET1130;D-Link AirPlus G+ Wireless Adapter; C:\WINDOWS\system32\DRIVERS\GPlus.sys [2004-05-21 283392]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe [2008-08-11 1155072]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-08-02 127043]
R2 OTi Card Reader Service;OTi Card Reader Service; C:\Program Files\CardReader2.0\OTiReader.exe [2004-03-04 131177]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-08-11 66872]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe [2008-09-15 1261568]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336]
R2 XCOMM;BitDefender Communicator; C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe [2008-08-11 86016]
R3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2004-08-05 14336]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe [2006-12-14 45056]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe [2006-12-14 57344]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe [2006-12-14 69632]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
Voila le rapport info.txt:
info.txt logfile of random's system information tool 1.04 2008-11-03 13:17:00
======Uninstall list======
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Barre d'outils MSN-->C:\Program Files\MSN Toolbar\01.01.2607.0\fr\mtbs.exe c
BitDefender Antivirus 2008-->MsiExec.exe /I{2B8F0284-D162-4F6A-B5CB-4ACD0B251457}
Correctif pour Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
D-Link AirPlus G+ Wireless Adapter Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2F67EA3-0721-4E0D-A7B9-AE8F321303AF}\Setup.exe" -l0x9
Dofus 1.24.0-->C:\Program Files\Dofus\uninstall.exe
Dofus 1.25.0-->C:\Program Files\Dofus\uninstall.exe
HijackThis 2.0.2-->"C:\Documents and Settings\robin\Bureau\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.17)-->C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.16)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
NVIDIA WDM Drivers-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B023185F-F1EF-4F97-B0BD-AE6D802226D1}\Setup.exe"
OpenMG Secure Module 4.7.00-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe /M{CCD663AE-610D-4BDF-AAB0-E914B044527D} UNINSTALL
OTiCardReader -->C:\Program Files\CardReader2.0\AdvDrvIns.exe -u "C:\Program Files\CardReader2.0"
RayV-->C:\Program Files\RayV\RayV\uninstall.exe
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TeamSpeak Client-->"C:\Program Files\TeamSpeak3\unins000.exe"
VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Wakfu-->C:\Program Files\Wakfu\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Wolfenstein - Enemy Territory-->C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
======Security center information======
AV: Bitdefender Antivirus
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
Je te réponds un peu plus tard
Merci de visiter ce lien pour savoir comment installer et exécuter ComboFix :
http://www.bleepingcomputer.com/co [...] r-combofix
Cela inclut l'installation de la console de récupération windows si jamais elle n'est pas déjà été installée sur le PC. Il est vivement recommandé d'installer la console de récupération windows, car elle permet d'avoir accès à un très grand nombre de fonctionnalités dans le cas où le PC ne redémarrerait plus. C'est une sécurité supplémentaire en quelque sorte.
Une fois la console de récupération installée, vous aurez le choix au démarrage entre votre windows habituel et la console de récupération. Lancez votre windows habituel, puisque nous n'avons pas besoin d'utiliser la console de récupération, qui ne sert qu'en cas de problèmes. Par défaut, votre OS est sélectionné et il se lance automatiquement au bout de deux secondes. C'est normal 
Merci de me poster dans ta prochaine réponse le rapport de combofix.
Il y a 1546 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
