trojan ???
Forum Sécurité - Virus : trojan ???
Bonjour,
depuis quelques heures j'ai des pages internet qui s'ouvrent de façon complètement anarchique.
j'ai scanné mon pc avec mon antivirus (avast) , ainsi qu'avec ad aware avec a squarred avec spyware doctor ....bref toujours rien !!!!
après m'etre baladé sur quelques forums j'ai chargé hijack this dont voici la rapport (du chinois pour moi biensûr !!!)
à l'aide !!!!!!!!!!!!!!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:26:43, on 09/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LSHPRN.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PrinterSecurityLayer] C:\WINDOWS\system32\LSHPRN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/too [...] ontrol.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FAH@C:+DOCUME~1+niko+LOCALS~1+Temp+IXP000.TMP+s.exe - Unknown owner - C:\DOCUME~1\niko\LOCALS~1\Temp\IXP000.TMP\s.exe (file missing)
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
Bonjour,
Je vais t'aider à résoudre ton problème. Merci de suivre à la lettre mes instructions et de ne pas prendre d'initiatives personnelles. Si tu as la moindre question, je suis à ton écoute.
Merci de prendre en compte que je suis bénévole et que j'ai une vie privée : je passe au moins une fois par jour.
Si tu penses avoir été oublié, envoie-moi un MP pour me le signaler.
1) Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
- Lance l'installation du programme en exécutant le fichier téléchargé.
- Double-clique maintenant sur le raccourci de Toolbar-S&D.
- Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
- Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
- Poste le rapport généré. (C:\TB.txt)
2) Télécharge Gmer.
- Dézippe-le dans un dossier dédié ou sur ton Bureau.
- Déconnecte toi d'Internet puis ferme tous les programmes.
- Double-clique sur Gmer.exe.
Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.
- Clique sur l'onglet Rootkit.
- A droite, coche tout.
- Clique maintenant sur Scan.
- Lorsque le scan est terminé, clique sur Copy.
- Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
- Le rapport doit alors apparaître.
- Enregistre le fichier sur ton Bureau et upload-le sur mediafire.
Uploader un fichier sur mediafire :
- Rends-toi sur ce lien : http://www.mediafire.com/
- Clique en haut sur "Upload files To Media fire". Choisis ensuite "I want to upload without an account"
- Une fenêtre de ton explorateur windows va s'ouvrir. Navigue jusqu'au rapport que je te demande d'uploader, sélectionne-le puis clique sur "ouvrir".
- Clique ensuite sur "Upload".
- A droite de l'écran, choisis : "upload to a new folder". Laisse le nom par défaut ( = la date )
- Valide et laisse l'upload se faire.
- Clique sur "Vieuw uploaded file" et copie-moi l'url ( = le lien ) du nouvel onglet ou de la nouvelle fenêtre qui va s'ouvrir dans ton prochain message. Ainsi, je pourrais télécharger le rapport demandé.
3) Télécharge DDS de sUBs et sauvegarde-le sur ton bureau.
- Désactive tout script bloquant, tel q'un antivirus, un logiciel comme ad-block, noscript etc.
- Double-clique sur dds.scr pour lancer l'outil. Ne double clique qu'une seule fois dessus, sois patient !
- Une fois le scan fini, un document texte, DDS.txt, va s'ouvrir .
- Clique Oui à la prochaine invite Optional Scan.
- Sauvegarde les deux rapports sur ton bureau et poste-moi uniquement le DDS.txt, garde l'autre sous la main si jamais je te le demande. Copie/colle le rapport sur le forum. N'uploade des fichiers sur mediafire que si j'en fais la demande explicite.
merci bcp pour ton aide
voici d'abord le rapport toolbar
-----------\\ ToolBar S&D 1.2.6 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5000+ )
BIOS : BIOS Date: 09/13/07 11:13:56 Ver: 08.00.12
USER : niko ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1296 [VPS 081209-0] 4.8.1296 (Activated)
Firewall : ActiveArmor Firewall 1.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:465 Go (Free:409 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (CD or DVD)
"C:\ToolBar SD" ( MAJ : 04-12-2008|20:40 )
Option : [1] ( 09/12/2008|23:16 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.orange.fr/"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOCUME~1\niko\Application Data\Azureus\torrents\Crack.Far-Cry.2_New-Serial-TeamFFF.rar.torrent
C:\DOCUME~1\niko\Application Data\Azureus\torrents\Far Cry 2 1.01 Patch crack keygen.torrent
C:\DOCUME~1\niko\Application Data\Azureus\torrents\Far Cry 2 crack Fully Working.rar.torrent
C:\DOCUME~1\niko\Application Data\Azureus\torrents\FARCRY_2_Keygen_1522047.torrent
C:\DOCUME~1\niko\Application Data\Microsoft\Office\Recent\Key serial Crack.doc.LNK
C:\DOCUME~1\niko\Mes documents\log install\Clone CD v5.0.3.1 + Crack.rar
C:\DOCUME~1\niko\Mes documents\log install\CloneCD_5.0.3.1_CrackFile.rar
C:\DOCUME~1\niko\Mes documents\log install\NTI cddvdmaker 7.5 + Fr + Keygen.zip
C:\DOCUME~1\niko\Mes documents\log install\Total Video Converter 3.11 Crack.rar
C:\DOCUME~1\niko\Mes documents\log install\Winiso v5.3 Fr Incl-Keygen.rar
C:\DOCUME~1\niko\Mes documents\log install\Winrar v3.71 Fr Keygen For Windows Xp & Vista.zip
C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\gps\Dvd Tomtom 6 Multilang Crack Poi Radar Fr 07-06.iso
C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\gps\Dvd Tomtom Navigator Europe 6.010 Fr Crack By Lu7.iso
C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\gps\Tomtom Maps Product Code Plus Keygen Updated-Fixed Release 06-2007.zip
C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\gps\Tomtom Navigator 6 Fr(Crack) Avec Plugin Today Carte De France Lisezmoi.rar
C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Crack
C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Crack.Far-Cry.2_New-Serial-TeamFFF.rar
C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Far Cry 2 1.01 Patch crack keygen
C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Far Cry 2 crack Fully Working.rar
C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Crack\Call of Duty 4 Serial.txt
C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Far Cry 2 1.01 Patch crack keygen\data.cab
C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Far Cry 2 1.01 Patch crack keygen\dbm.db
C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Far Cry 2 1.01 Patch crack keygen\Enviroment.dll
C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Far Cry 2 1.01 Patch crack keygen\settings.dll
C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Far Cry 2 1.01 Patch crack keygen\setup.exe
C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Far Cry 2 1.01 Patch crack keygen\windows.dll
1 - "C:\ToolBar SD\TB_1.txt" - 09/12/2008|23:17 - Option : [1]
-----------\\ Fin du rapport a 23:17:25,15
voici maintenant l'url mediafire:
http://www.mediafire.com/?sharekey [...] fc50680295
voici maintenant le DDS txt :
DDS (Version 1.0) - NTFSx86
Run by niko at 23:43:02,43 on 09/12/2008
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2559.1864 [GMT 1:00]
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LSHPRN.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\niko\Bureau\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.orange.fr/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\fichiers communs\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\fichiers communs\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [PrinterSecurityLayer] c:\windows\system32\LSHPRN.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\niko\menudm~1\progra~1\dmarra~1\pense-~1.lnk - c:\program files\pense-bete\pb79f.exe
IE: E&xporter vers Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli scecli
============= SERVICES / DRIVERS ===============
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2008-11-11 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-6-26 111184]
R2 a2free;a-squared Free Service;"c:\program files\a-squared free\a2service.exe" [2008-12-9 419448]
R2 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-5-12 611664]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-26 20560]
R2 avast! Antivirus;avast! Antivirus;"c:\program files\alwil software\avast4\ashServ.exe" [2008-6-26 155160]
R3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-12-9 40840]
R3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-12-9 66952]
R3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-12-9 81288]
S2 FAH@C:+DOCUME~1+niko+LOCALS~1+Temp+IXP000.TMP+s.exe;FAH@C:+DOCUME~1+niko+LOCALS~1+Temp+IXP000.TMP+s.exe;c:\docume~1\niko\locals~1\temp\ixp000.tmp\s.exe -svcstart []
S3 avast! Mail Scanner;avast! Mail Scanner;"c:\program files\alwil software\avast4\ashMaiSv.exe" /service [2008-6-26 254040]
S3 avast! Web Scanner;avast! Web Scanner;"c:\program files\alwil software\avast4\ashWebSv.exe" /service [2008-6-26 352920]
S3 NikeDrv;Pilote nike psa[play;c:\windows\system32\drivers\NikeDrv.sys [2001-8-17 12032]
S3 SaiHFF0D;SaiHFF0D;c:\windows\system32\drivers\SaiHFF0D.sys [2008-8-24 176000]
S3 SaiUFF0D;SaiUFF0D;c:\windows\system32\drivers\SaiUFF0D.sys [2008-8-24 27136]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-12-9 356920]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-12-9 1079176]
=============== Created Last 30 ================
2008-12-09 23:22 250 a------- c:\windows\gmer.ini
2008-12-09 23:15 <DIR> --d----- C:\ToolBar SD
2008-12-09 22:07 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2008-12-09 22:07 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2008-12-09 22:07 40,840 a------- c:\windows\system32\drivers\ikfilesec.sys
2008-12-09 22:07 29,576 a------- c:\windows\system32\drivers\kcom.sys
2008-12-09 22:07 <DIR> --d----- c:\program files\Spyware Doctor
2008-12-09 22:07 <DIR> --d----- c:\docume~1\niko\applic~1\PC Tools
2008-12-09 20:23 <DIR> --d----- c:\program files\a-squared Free
2008-12-09 20:03 <DIR> --d----- c:\program files\Trend Micro
2008-12-09 19:27 403 a------- c:\windows\iexplore.htm
2008-12-09 18:46 <DIR> --d----- c:\program files\Lavasoft
2008-12-05 08:39 25,600 a------- c:\windows\system32\LSHPRN.EXE
2008-12-05 08:39 255 a------- c:\windows\system32\44upd.dll
2008-12-05 08:39 255 a------- c:\windows\system32\43upd.dll
2008-12-05 08:39 256 a------- c:\windows\system32\46upd.dll
2008-12-05 08:39 25,600 a------- c:\windows\system32\upd46.exe
2008-11-27 21:53 <DIR> --d----- c:\windows\NV17002656.TMP
2008-11-27 21:31 24,576 a------- c:\windows\system32\LSGPRN.EXE
2008-11-27 21:31 255 a------- c:\windows\system32\45upd.dll
2008-11-27 21:31 24,576 a------- c:\windows\system32\upd42.exe
2008-11-27 21:31 25 a------- c:\windows\sc32.dll
2008-11-26 20:16 <DIR> --d----- c:\windows\Logs
2008-11-26 20:16 22,328 a------- c:\docume~1\niko\applic~1\PnkBstrK.sys
2008-11-25 10:23 <DIR> --d----- c:\program files\Pense-bete
2008-11-25 10:23 <DIR> --d----- c:\docume~1\niko\applic~1\Pense-bete
2008-11-23 22:12 319 a------- c:\windows\game.ini
2008-11-23 22:07 <DIR> --d----- c:\program files\Activision
2008-11-23 21:53 <DIR> --dsh--- c:\windows\ftpcache
2008-11-14 13:23 <DIR> --d-h--- c:\windows\PIF
2008-11-11 20:59 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 20:59 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-11-11 16:55 611,840 a------- c:\windows\system32\vobhw.dll
2008-11-11 16:55 153,088 a------- c:\windows\system32\IWUninstall.exe
2008-11-11 16:55 19,456 a------- c:\windows\system32\asapi.dll
2008-11-11 16:55 11,264 a------- c:\windows\system32\drivers\asapi.sys
2008-11-11 16:55 <DIR> --d----- c:\program files\VOB
2008-11-11 16:54 306,688 a------- c:\windows\IsUninst.exe
2008-11-11 16:53 <DIR> --d----- c:\documents and settings\niko\WINDOWS
2008-11-11 16:53 <DIR> --d----- c:\program files\Steinberg
==================== Find3M ====================
2008-12-09 22:09 511,154 a------- c:\windows\system32\perfh00C.dat
2008-12-09 22:09 85,058 a------- c:\windows\system32\perfc00C.dat
2008-11-27 21:47 355,584 a------- c:\windows\system32\TuneUpDefragService.exe
2008-11-27 07:49 109,249 a------- c:\program files\MSWINSCK.OCX
2008-11-26 20:17 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-11-06 16:04 86,331 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-24 12:21 455,296 -------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-09-15 16:26 1,846,528 -------- c:\windows\system32\win32k.sys
============= FINISH: 23:43:10,01 ===============
Message édité par nikodj40 le 09-12-2008 à 23:48:15
merci encore et bonne fin de soirée
Re,
1) Télécharge OTMoveIt3 (OldTimer). Sauvegarde-le sur ton Bureau.
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
:processes
|
Double clique sur OTMoveIt3.exe afin de le lancer.
Colle (ou Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
2) Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
- Double-clique sur RSIT.exe afin de lancer RSIT.
- Clique Continue à l'écran Disclaimer.
- Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
- NB : Les rapports sont sauvegardés dans le dossier C:\rsit
- Veille bien à me poster l'intégralité des rapports, vérifie qu'ils soient complets une fois que tu les as postés.
rapport otmoveit:
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\DOCUME~1\niko\Application Data\Azureus\torrents\Crack.Far-Cry.2_New-Serial-TeamFFF.rar.torrent moved successfully.
C:\DOCUME~1\niko\Application Data\Azureus\torrents\Far Cry 2 1.01 Patch crack keygen.torrent moved successfully.
C:\DOCUME~1\niko\Application Data\Azureus\torrents\Far Cry 2 crack Fully Working.rar.torrent moved successfully.
C:\DOCUME~1\niko\Application Data\Azureus\torrents\FARCRY_2_Keygen_1522047.torrent moved successfully.
C:\DOCUME~1\niko\Application Data\Microsoft\Office\Recent\Key serial Crack.doc.LNK moved successfully.
C:\DOCUME~1\niko\Mes documents\log install\Clone CD v5.0.3.1 + Crack.rar moved successfully.
C:\DOCUME~1\niko\Mes documents\log install\CloneCD_5.0.3.1_CrackFile.rar moved successfully.
C:\DOCUME~1\niko\Mes documents\log install\NTI cddvdmaker 7.5 + Fr + Keygen.zip moved successfully.
C:\DOCUME~1\niko\Mes documents\log install\Total Video Converter 3.11 Crack.rar moved successfully.
C:\DOCUME~1\niko\Mes documents\log install\Winiso v5.3 Fr Incl-Keygen.rar moved successfully.
C:\DOCUME~1\niko\Mes documents\log install\Winrar v3.71 Fr Keygen For Windows Xp & Vista.zip moved successfully.
File/Folder C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\gps\Dvd Tomtom 6 Multilang Crack Poi Radar Fr 07-06.iso not found.
File/Folder C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\gps\Dvd Tomtom Navigator Europe 6.010 Fr Crack By Lu7.iso not found.
File/Folder C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\gps\Tomtom Maps Product Code Plus Keygen Updated-Fixed Release 06-2007.zip not found.
File/Folder C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\gps\Tomtom Navigator 6 Fr(Crack) Avec Plugin Today Carte De France Lisezmoi.rar not found.
File/Folder C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Crack not found.
File/Folder C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Crack.Far-Cry.2_New-Serial-TeamFFF.rar not found.
File/Folder C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Far Cry 2 1.01 Patch crack keygen not found.
File/Folder C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Far Cry 2 crack Fully Working.rar not found.
File/Folder C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Crack\Call of Duty 4 Serial.txt not found.
File/Folder C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Far Cry 2 1.01 Patch crack keygen\data.cab not found.
File/Folder C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Far Cry 2 1.01 Patch crack keygen\dbm.db not found.
File/Folder C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Far Cry 2 1.01 Patch crack keygen\Enviroment.dll not found.
File/Folder C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Far Cry 2 1.01 Patch crack keygen\settings.dll not found.
File/Folder C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Far Cry 2 1.01 Patch crack keygen\setup.exe not found.
File/Folder C:\DOCUME~1\niko\Mes documents\t‚l‚charg‚\jeu\Far Cry 2 1.01 Patch crack keygen\windows.dll not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5d0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12102008_233953
Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_5d0.dat moved successfully.
voici le log.text
Logfile of random's system information tool 1.04 (written by random/random)
Run by niko at 2008-12-10 23:48:15
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 420 GB (88%) free of 477 GB
Total RAM: 2559 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:48:20, on 10/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\notepad.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LSHPRN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\niko\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\niko.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PrinterSecurityLayer] C:\WINDOWS\system32\LSHPRN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Pense-Bête 79f.lnk = C:\Program Files\Pense-bete\pb79f.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/too [...] ontrol.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 1005324125
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FAH@C:+DOCUME~1+niko+LOCALS~1+Temp+IXP000.TMP+s.exe - Unknown owner - C:\DOCUME~1\niko\LOCALS~1\Temp\IXP000.TMP\s.exe (file missing)
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8237 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Maintenance en 1 clic.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-02-23 370296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-01-22 2436160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll [2008-10-09 652784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-01-22 2436160]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"PrinterSecurityLayer"=C:\WINDOWS\system32\LSHPRN.EXE [2008-12-05 25600]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-22 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-09-03 111936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
C:\Program Files\ASUS\AASP\1.00.16\AsRunHelp.exe [2006-11-14 363008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [2004-09-02 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [2003-06-18 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2003-09-17 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\Program Files\Fichiers communs\InstallShield\UpdateService\isuspm.exe [2005-08-11 249856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe [2005-08-11 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe [2002-12-03 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
C:\Program Files\Analog Devices\Core\smax4pnp.exe [2006-12-18 868352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-01-22 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-02-23 185896]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
C:\PROGRA~1\Google\GOOGLE~1\GOOGLE~1.EXE [2008-10-09 161264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^niko^Menu Démarrer^Programmes^Démarrage^GIGABYTE VGA Utility.lnk]
C:\Documents and Settings\niko\Application Data\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe [2008-01-22 40960]
C:\Documents and Settings\niko\Menu Démarrer\Programmes\Démarrage
Pense-Bête 79f.lnk - C:\Program Files\Pense-bete\pb79f.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95000000
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Fichiers communs\NewTech Infosystems\LiveUpdate\LiveUpdate.exe"="C:\Program Files\Fichiers communs\NewTech Infosystems\LiveUpdate\LiveUpdate.exe:*:Enabled:LiveUpdate"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="C:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editeur"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
======List of files/folders created in the last 1 months======
2008-12-10 23:48:15 ----D---- C:\rsit
2008-12-10 23:39:53 ----D---- C:\_OTMoveIt
2008-12-10 11:13:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 11:12:45 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 11:12:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-10 11:12:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-09 23:22:59 ----A---- C:\WINDOWS\gmer.ini
2008-12-09 23:22:58 ----A---- C:\WINDOWS\gmer_uninstall.cmd
2008-12-09 23:22:58 ----A---- C:\WINDOWS\gmer.exe
2008-12-09 23:22:58 ----A---- C:\WINDOWS\gmer.dll
2008-12-09 23:16:32 ----A---- C:\TB.txt
2008-12-09 23:15:49 ----D---- C:\ToolBar SD
2008-12-09 22:07:29 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2008-12-09 20:23:52 ----D---- C:\Program Files\a-squared Free
2008-12-09 20:03:26 ----D---- C:\Program Files\Trend Micro
2008-12-09 18:46:21 ----D---- C:\Program Files\Lavasoft
2008-12-05 08:39:15 ----A---- C:\WINDOWS\system32\LSHPRN.EXE
2008-12-05 08:39:15 ----A---- C:\WINDOWS\system32\44upd.dll
2008-12-05 08:39:15 ----A---- C:\WINDOWS\system32\43upd.dll
2008-12-05 08:39:14 ----A---- C:\WINDOWS\system32\46upd.dll
2008-12-05 08:39:13 ----A---- C:\WINDOWS\system32\upd46.exe
2008-11-27 21:53:45 ----D---- C:\WINDOWS\NV17002656.TMP
2008-11-27 21:31:50 ----A---- C:\WINDOWS\system32\LSGPRN.EXE
2008-11-27 21:31:50 ----A---- C:\WINDOWS\system32\45upd.dll
2008-11-27 21:31:49 ----A---- C:\WINDOWS\system32\upd42.exe
2008-11-27 21:31:49 ----A---- C:\WINDOWS\sc32.dll
2008-11-26 20:42:15 ----RHD---- C:\Documents and Settings\niko\Application Data\SecuROM
2008-11-26 20:17:40 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2008-11-26 20:17:28 ----A---- C:\WINDOWS\system32\XAudio2_1.dll
2008-11-26 20:17:28 ----A---- C:\WINDOWS\system32\XAPOFX1_0.dll
2008-11-26 20:17:28 ----A---- C:\WINDOWS\system32\xactengine3_1.dll
2008-11-26 20:17:28 ----A---- C:\WINDOWS\system32\X3DAudio1_4.dll
2008-11-26 20:17:28 ----A---- C:\WINDOWS\system32\D3DCompiler_38.dll
2008-11-26 20:17:27 ----A---- C:\WINDOWS\system32\XAudio2_0.dll
2008-11-26 20:17:27 ----A---- C:\WINDOWS\system32\xactengine3_0.dll
2008-11-26 20:17:27 ----A---- C:\WINDOWS\system32\X3DAudio1_3.dll
2008-11-26 20:17:27 ----A---- C:\WINDOWS\system32\D3DX9_38.dll
2008-11-26 20:17:27 ----A---- C:\WINDOWS\system32\d3dx10_38.dll
2008-11-26 20:17:26 ----A---- C:\WINDOWS\system32\xactengine2_10.dll
2008-11-26 20:17:26 ----A---- C:\WINDOWS\system32\D3DX9_37.dll
2008-11-26 20:17:26 ----A---- C:\WINDOWS\system32\d3dx10_37.dll
2008-11-26 20:17:26 ----A---- C:\WINDOWS\system32\D3DCompiler_37.dll
2008-11-26 20:17:25 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2008-11-26 20:17:25 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2008-11-26 20:17:25 ----A---- C:\WINDOWS\system32\d3dx10_36.dll
2008-11-26 20:17:25 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2008-11-26 20:17:25 ----A---- C:\WINDOWS\system32\D3DCompiler_36.dll
2008-11-26 20:17:25 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2008-11-26 20:17:24 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2008-11-26 20:16:43 ----D---- C:\WINDOWS\Logs
2008-11-26 20:12:29 ----D---- C:\Program Files\Ubisoft
2008-11-25 10:23:53 ----D---- C:\Program Files\Pense-bete
2008-11-25 10:23:53 ----D---- C:\Documents and Settings\niko\Application Data\Pense-bete
2008-11-23 22:13:21 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2008-11-23 22:13:21 ----A---- C:\WINDOWS\system32\X3DAudio1_2.dll
2008-11-23 22:13:21 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2008-11-23 22:13:21 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2008-11-23 22:13:20 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2008-11-23 22:13:20 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2008-11-23 22:13:19 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2008-11-23 22:13:19 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2008-11-23 22:13:19 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2008-11-23 22:13:17 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2008-11-23 22:13:17 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2008-11-23 22:13:17 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2008-11-23 22:13:17 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2008-11-23 22:13:16 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2008-11-23 22:13:16 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2008-11-23 22:13:16 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2008-11-23 22:13:16 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2008-11-23 22:13:16 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2008-11-23 22:13:16 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2008-11-23 22:13:15 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2008-11-23 22:13:15 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2008-11-23 22:13:10 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2008-11-23 22:13:09 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2008-11-23 22:13:09 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2008-11-23 22:13:09 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2008-11-23 22:13:09 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2008-11-23 22:13:08 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2008-11-23 22:13:08 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2008-11-23 22:13:08 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2008-11-23 22:13:08 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2008-11-23 22:13:07 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2008-11-23 22:12:55 ----A---- C:\WINDOWS\game.ini
2008-11-23 22:07:06 ----D---- C:\Program Files\Activision
2008-11-23 21:53:20 ----SHD---- C:\WINDOWS\ftpcache
2008-11-14 13:23:02 ----HD---- C:\WINDOWS\PIF
2008-11-11 21:07:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-11 21:07:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-11 21:07:05 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-11-11 16:55:04 ----D---- C:\Program Files\VOB
2008-11-11 16:55:04 ----A---- C:\WINDOWS\system32\vobhw.dll
2008-11-11 16:55:04 ----A---- C:\WINDOWS\system32\IWUninstall.exe
2008-11-11 16:55:04 ----A---- C:\WINDOWS\system32\asapi.dll
2008-11-11 16:54:30 ----A---- C:\WINDOWS\IsUninst.exe
2008-11-11 16:53:14 ----D---- C:\Program Files\Steinberg
======List of files/folders modified in the last 1 months======
2008-12-10 23:42:58 ----D---- C:\WINDOWS\Temp
2008-12-10 23:40:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-10 23:35:25 ----RD---- C:\Program Files
2008-12-10 23:35:23 ----D---- C:\WINDOWS\system32\drivers
2008-12-10 23:15:45 ----D---- C:\Documents and Settings
2008-12-10 11:18:57 ----D---- C:\WINDOWS
2008-12-10 11:18:38 ----D---- C:\WINDOWS\system32
2008-12-10 11:18:38 ----D---- C:\Program Files\Internet Explorer
2008-12-10 11:17:55 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-10 11:13:51 ----SHD---- C:\WINDOWS\Installer
2008-12-10 11:13:51 ----SHD---- C:\Config.Msi
2008-12-10 11:13:51 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-12-10 11:13:22 ----HD---- C:\WINDOWS\inf
2008-12-10 11:13:18 ----A---- C:\WINDOWS\imsins.BAK
2008-12-10 11:13:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-10 11:13:08 ----D---- C:\WINDOWS\ie7updates
2008-12-10 11:13:05 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-10 10:59:12 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-12-09 23:34:55 ----D---- C:\WINDOWS\Prefetch
2008-12-09 22:09:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-09 20:30:34 ----D---- C:\WINDOWS\system32\NtmsData
2008-12-09 19:56:48 ----A---- C:\WINDOWS\{00000001-00000000-0000000A-00001102-00000008-10011102}.BAK
2008-12-09 18:54:23 ----SHD---- C:\System Volume Information
2008-12-09 18:54:23 ----D---- C:\WINDOWS\system32\Restore
2008-12-09 18:46:21 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-09 18:45:51 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-12-09 18:34:30 ----D---- C:\WINDOWS\system32\config
2008-12-09 11:58:17 ----D---- C:\Program Files\Windows Live Safety Center
2008-12-07 19:07:36 ----D---- C:\Program Files\eMule
2008-11-28 00:06:52 ----D---- C:\Program Files\Fichiers communs\Adobe
2008-11-28 00:06:49 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-11-28 00:06:43 ----D---- C:\Program Files\Adobe
2008-11-27 21:58:45 ----D---- C:\WINDOWS\Help
2008-11-27 21:58:44 ----D---- C:\WINDOWS\nview
2008-11-27 21:53:16 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-11-27 21:47:48 ----D---- C:\Program Files\TuneUp Utilities 2008
2008-11-27 21:47:36 ----A---- C:\WINDOWS\system32\TuneUpDefragService.exe
2008-11-27 21:46:57 ----D---- C:\Documents and Settings\niko\Application Data\Azureus
2008-11-26 20:17:29 ----D---- C:\WINDOWS\system32\DirectX
2008-11-26 20:17:09 ----RSD---- C:\WINDOWS\assembly
2008-11-26 20:16:42 ----D---- C:\WINDOWS\WinSxS
2008-11-26 20:16:42 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2008-11-26 20:15:49 ----D---- C:\WINDOWS\system32\LogFiles
2008-11-26 20:12:29 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-11-26 20:12:29 ----HD---- C:\Program Files\InstallShield Installation Information
2008-11-26 18:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-26 13:27:50 ----D---- C:\Program Files\Azureus
2008-11-23 22:13:11 ----D---- C:\WINDOWS\Microsoft.NET
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43520]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-18 12664]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2004-07-21 9856]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\system32\drivers\PfModNT.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-01-16 293888]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2006-08-06 93952]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 COMMONFX.DLL;COMMONFX.DLL; C:\WINDOWS\system32\COMMONFX.DLL [2007-04-18 98600]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2007-04-10 511272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2007-04-10 520488]
R3 CTAUDFX.DLL;CTAUDFX.DLL; C:\WINDOWS\system32\CTAUDFX.DLL [2007-04-12 546048]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2007-04-10 14632]
R3 CTSBLFX.DLL;CTSBLFX.DLL; C:\WINDOWS\system32\CTSBLFX.DLL [2007-04-12 560384]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2007-04-10 157480]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2004-08-31 26240]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2007-04-10 92968]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2007-04-10 797992]
R3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2007-04-10 189736]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NTIDrvr;Upper Class Filter Driver; C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys [2008-01-23 6144]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2007-04-10 126760]
R3 QCDonner;Logitech QuickCam Express; C:\WINDOWS\system32\DRIVERS\OVCD.sys [2001-08-17 28032]
R3 SenFiltService;SenFilt Service; C:\WINDOWS\system32\drivers\Senfilt.sys [2006-03-17 392960]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CT20XUT.DLL;CT20XUT.DLL; C:\WINDOWS\system32\CT20XUT.DLL [2007-04-12 164608]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2007-04-10 347128]
S3 CTEAPSFX.DLL;CTEAPSFX.DLL; C:\WINDOWS\system32\CTEAPSFX.DLL [2007-04-12 168192]
S3 CTEDSPFX.DLL;CTEDSPFX.DLL; C:\WINDOWS\system32\CTEDSPFX.DLL [2007-04-12 280320]
S3 CTEDSPIO.DLL;CTEDSPIO.DLL; C:\WINDOWS\system32\CTEDSPIO.DLL [2007-04-12 128768]
S3 CTEDSPSY.DLL;CTEDSPSY.DLL; C:\WINDOWS\system32\CTEDSPSY.DLL [2007-04-12 323328]
S3 CTERFXFX.DLL;CTERFXFX.DLL; C:\WINDOWS\system32\CTERFXFX.DLL [2007-04-12 94976]
S3 CTEXFIFX.DLL;CTEXFIFX.DLL; C:\WINDOWS\system32\CTEXFIFX.DLL [2007-04-12 1317632]
S3 CTHWIUT.DLL;CTHWIUT.DLL; C:\WINDOWS\system32\CTHWIUT.DLL [2007-04-12 66816]
S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gmer.sys [2008-12-09 85969]
S3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2007-04-10 163112]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NikeDrv;Pilote nike psa[play; C:\WINDOWS\System32\Drivers\NikeDrv.sys [2006-03-02 12032]
S3 RIOUNIV;Rio universal USB driver; C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2003-07-02 16128]
S3 SaiHFF0D;SaiHFF0D; C:\WINDOWS\system32\DRIVERS\SaiHFF0D.sys [2005-07-22 176000]
S3 SaiUFF0D;SaiUFF0D; C:\WINDOWS\system32\DRIVERS\SaiUFF0D.sys [2005-07-22 27136]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2007-07-11 12416]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2007-07-11 19840]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2007-07-11 21632]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-12-09 611664]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2006-04-03 20543]
R2 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-09 168432]
R2 nSvcIp;ForceWare IP service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [2006-07-13 131131]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2006-07-13 65599]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-17 53520]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 FAH@C:+DOCUME~1+niko+LOCALS~1+Temp+IXP000.TMP+s.exe;FAH@C:+DOCUME~1+niko+LOCALS~1+Temp+IXP000.TMP+s.exe; C:\DOCUME~1\niko\LOCALS~1\Temp\IXP000.TMP\s.exe -svcstart []
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2008-11-27 355584]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]
-----------------EOF-----------------
et voici l'info.txt:
info.txt logfile of random's system information tool 1.04 2008-12-10 23:48:22
======Uninstall list======
-->"C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /W /U /S /L:FRN
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266F8C74-5DC6-4405-B79B-4EB82B2FC684}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266F8C74-5DC6-4405-B79B-4EB82B2FC684}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x40c /remove
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x40c /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ASAPI Update-->C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ASUSUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x40c
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Creative System Information-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x40c /remove
DAEMON Tools-->MsiExec.exe /I{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}
dBpowerAMP Music Converter-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
dMC Power Pack-->"C:\WINDOWS\system32\SpoonUninstall.exe" <uninstall>C:\WINDOWS\system32\SpoonUninstall-dMC Power Pack.dat
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON TWAIN 5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A3EABC0-CA06-11D4-BF77-00104B130C19}\setup.exe" -l0x40c UNINSTALL
Far Cry 2-->"C:\Program Files\InstallShield Installation Information\{F2835483-37F2-4123-B4FE-0E77D58447F2}\setup.exe" -runfromtemp -l0x040c -removeonly
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB888111-->C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.0 (KB932471)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {ECD292A0-0347-4244-8C24-5DBCE990FB40} /package {BAF78226-3200-4DB4-BE33-4D922A799840}
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
iPod for Windows 2006-06-28-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BD57EA4D-026E-4F08-9B93-080E282B81FE} /l1036
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 3.6.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LG PC Suite-->C:\Program Files\InstallShield Installation Information\{993960EE-CA4D-443F-8F88-E24260DD5FD2}\setup.exe -runfromtemp -l0x040c -removeonly
LG USB Modem driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\setup.exe" -l0x40c LG -removeonly
livebox-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
NTI CD & DVD-Maker 7 Platinum-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{95B87E45-CC33-49B6-9B4C-6570941FA90C} CDM7
NTI CD-Maker Platinum French Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{5AB1E5D8-82C2-47DE-9AA7-2D6234446C3C}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA ForceWare Network Access Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{1F6423DE-7959-4178-80E0-023C7EAA5347} /l1036
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Package de base Microsoft de service de chiffrement pour cartes à puce-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Panneau de configuration MobileMe-->MsiExec.exe /I{6DA9102E-199F-43A0-A36B-6EF48081A658}
PC Probe II-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}\setup.exe" -l0x40c
Pense-Bete 79f-->"C:\Program Files\Pense-bete\unins000.exe"
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2}
Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B}
Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Security Update for Visio 2007 (KB947590)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6BAD036C-261F-4BEF-96CF-C20678D07A41}
Sound Blaster Audigy 2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CECB9B3D-E681-4458-85F8-8D182941AF1D}\SETUP.EXE" -l0x40c
SoundMAX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe" -l0x40c -removeonly
Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Steinberg WaveLab 5.01b-->C:\PROGRA~1\STEINB~1\WaveLab\UNWISE.EXE C:\PROGRA~1\STEINB~1\WaveLab\INSTALL.LOG
Total Video Converter 3.11 070908-->"C:\Program Files\Total Video Converter\unins000.exe"
TuneUp Utilities 2008-->MsiExec.exe /I{5888428E-699C-4E71-BF71-94EE06B497DA}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302}
VGA Utility-->MsiExec.exe /I{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
======Security center information======
AV: avast! antivirus 4.8.1296 [VPS 081210-0]
FW: ActiveArmor Firewall (disabled)
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 107 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=6b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
Bonsoir,
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Il va te demander d'installer la console de récupération : accepte.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
voici le rapport combofix:
ComboFix 08-12-13.03 - niko 2008-12-14 14:46:03.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2559.2144 [GMT 1:00]
Lancé depuis: c:\documents and settings\niko\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\sc32.dll
c:\windows\system32\43upd.dll
c:\windows\system32\44upd.dll
c:\windows\system32\45upd.dll
c:\windows\system32\46upd.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-14 au 2008-12-14 ))))))))))))))))))))))))))))))))))))
.
2008-12-10 23:48 . 2008-12-10 23:48 <REP> d-------- C:\rsit
2008-12-10 23:39 . 2008-12-10 23:39 <REP> d-------- C:\_OTMoveIt
2008-12-09 23:22 . 2008-12-09 23:25 250 --a------ c:\windows\gmer.ini
2008-12-09 23:15 . 2008-12-09 23:17 <REP> d-------- C:\ToolBar SD
2008-12-09 22:07 . 2008-12-10 23:35 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-09 20:23 . 2008-12-10 23:35 <REP> d-------- c:\program files\a-squared Free
2008-12-09 20:03 . 2008-12-09 20:03 <REP> d-------- c:\program files\Trend Micro
2008-12-09 19:27 . 2008-12-14 14:46 403 --a------ c:\windows\iexplore.htm
2008-12-09 18:46 . 2008-12-09 18:46 <REP> d-------- c:\program files\Lavasoft
2008-12-05 08:39 . 2008-12-05 08:39 25,600 --a------ c:\windows\system32\upd46.exe
2008-12-05 08:39 . 2008-12-05 08:39 25,600 --a------ c:\windows\system32\LSHPRN.EXE
2008-11-27 21:53 . 2008-11-27 21:58 <REP> d-------- c:\windows\NV17002656.TMP
2008-11-27 21:31 . 2008-11-27 21:35 24,576 --a------ c:\windows\system32\upd42.exe
2008-11-27 21:31 . 2008-11-27 21:35 24,576 --a------ c:\windows\system32\LSGPRN.EXE
2008-11-26 20:42 . 2008-11-26 20:42 <REP> dr-h----- c:\documents and settings\niko\Application Data\SecuROM
2008-11-26 20:16 . 2008-11-26 20:16 <REP> d-------- c:\windows\Logs
2008-11-26 20:16 . 2008-11-26 20:16 22,328 --a------ c:\documents and settings\niko\Application Data\PnkBstrK.sys
2008-11-26 20:12 . 2008-11-26 20:12 <REP> d-------- c:\program files\Ubisoft
2008-11-25 10:23 . 2008-11-25 10:24 <REP> d-------- c:\program files\Pense-bete
2008-11-25 10:23 . 2008-12-12 10:11 <REP> d-------- c:\documents and settings\niko\Application Data\Pense-bete
2008-11-23 22:12 . 2008-11-23 22:12 319 --a------ c:\windows\game.ini
2008-11-23 22:07 . 2008-11-23 22:07 <REP> d-------- c:\program files\Activision
2008-11-23 21:53 . 2008-11-23 21:53 <REP> d--hs---- c:\windows\ftpcache
2008-11-14 13:23 . 2008-11-14 13:23 <REP> d--h----- c:\windows\PIF
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 22:28 --------- d-----w c:\program files\eMule
2008-12-12 22:27 --------- d-----w c:\documents and settings\niko\Application Data\Azureus
2008-12-12 09:24 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-10 10:13 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-09 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-09 17:45 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-09 10:58 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-27 23:06 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-27 20:47 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-11-27 06:49 109,249 ----a-w c:\program files\MSWINSCK.OCX
2008-11-26 19:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 12:27 --------- d-----w c:\program files\Azureus
2008-11-11 15:55 --------- d-----w c:\program files\VOB
2008-11-11 15:53 --------- d-----w c:\program files\Steinberg
2008-11-06 19:59 --------- d-----w c:\documents and settings\niko\Application Data\TuneUp Software
2008-11-06 19:59 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-11-06 15:06 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-10-24 11:21 455,296 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 10:32 --------- d-----w c:\program files\Microsoft Silverlight
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-22 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"PrinterSecurityLayer"="c:\windows\system32\LSHPRN.EXE" [2008-12-05 25600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-23 185896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\niko\Menu D‚marrer\Programmes\D‚marrage\
Pense-Bˆte 79f.lnk - c:\program files\Pense-bete\pb79f.exe [2008-11-25 2184192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe]
"Debugger"=0
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\taskmgr.exe]
"Debugger"=0
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^niko^Menu Démarrer^Programmes^Démarrage^GIGABYTE VGA Utility.lnk]
path=c:\documents and settings\niko\Menu Démarrer\Programmes\Démarrage\GIGABYTE VGA Utility.lnk
backup=c:\windows\pss\GIGABYTE VGA Utility.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
-ra--c--- 2006-11-14 07:25 363008 c:\program files\ASUS\AASP\1.00.16\AsRunHelp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a--c--- 2004-09-02 22:57 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--a--c--- 2003-06-18 01:00 45056 c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a--c--- 2003-09-17 10:43 57344 c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a--c--- 2004-08-22 16:05 81920 c:\program files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-08-11 09:30 249856 c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-08-11 09:30 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
--a--c--- 2002-12-03 18:06 45056 c:\program files\Creative\SB Drive Det\SBDrvDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
-----c--- 2006-07-13 07:12 729088 c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra--c--- 2006-12-18 14:34 868352 c:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-22 10:41 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-23 13:45 185896 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
-----c--- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2008-08-04 00:02 36352 c:\program files\Winamp\winampa.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"PrinterSecurityLayer"=c:\windows\system32\LSHPRN.EXE
"nwiz"=nwiz.exe /install
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"CTHelper"=CTHELPER.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Fichiers communs\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2008-11-11 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-26 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-06-26 20560]
S2 FAH@C:+DOCUME~1+niko+LOCALS~1+Temp+IXP000.TMP+s.exe;FAH@C:+DOCUME~1+niko+LOCALS~1+Temp+IXP000.TMP+s.exe;c:\docume~1\niko\LOCALS~1\Temp\IXP000.TMP\s.exe -svcstart []
S3 NikeDrv;Pilote nike psa[play;c:\windows\system32\Drivers\NikeDrv.sys [2001-08-17 22:24:44 12032]
S3 SaiHFF0D;SaiHFF0D;c:\windows\system32\DRIVERS\SaiHFF0D.sys [2008-08-24 176000]
S3 SaiUFF0D;SaiUFF0D;c:\windows\system32\DRIVERS\SaiUFF0D.sys [2008-08-24 27136]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-12-05 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 09:23]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
MSConfigStartUp-MSMSGS - c:\program files\Messenger\msmsgs.exe
MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDED4D.OSD
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-14 14:48:15
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FAH@C:+DOCUME~1+niko+LOCALS~1+Temp+IXP000.TMP+s.exe]
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-12-14 14:50:03 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-12-14 13:50:01
Avant-CF: 443 002 683 392 octets libres
Après-CF: 443,101,245,440 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect /usepmtimer
235 --- E O F --- 2008-12-12 09:40:59
Re,
D'abord je veux être sûr que tu puisses voir les fichiers/dossiers cachés :
[~]Aller dans poste de travail/outils/option des dossiers/affichage/afficher les fichiers et dossiers cachés/Appliquer - - > OK
[~]Aller dans poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d'exploitation./Appliquer - - > OK
Tu recocheras après.
[~] Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu./Appliquer - - > OK
Rends toi sur ce lien : Virus Total
- Clique sur Parcourir
- Rends toi jusque sur ce fichier si tu le trouves :
c:\windows\system32\LSHPRN.EXE
- Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
- Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
- Lorsque l'analyse est terminée ("Situation actuelle: terminé" ), clique sur Formaté
- Une nouvelle fenêtre de ton navigateur va apparaître
- Clique alors sur cette image :
- Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
- Enfin colle le résultat dans ta prochaine réponse.
Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.
Sécurité / Prévention
Répondre à Egwene
voici le résultat :
Fichier LSHPRN.EXE reçu le 2008.12.17 12:23:40 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.17.3 2008.12.17 -
AntiVir 7.9.0.45 2008.12.17 TR/Downloader.Gen
Authentium 5.1.0.4 2008.12.17 -
Avast 4.8.1281.0 2008.12.16 -
AVG 8.0.0.199 2008.12.17 -
BitDefender 7.2 2008.12.17 DeepScan:Generic.Malware.SYd!dld.3139AED9
CAT-QuickHeal 10.00 2008.12.17 -
ClamAV 0.94.1 2008.12.17 -
Comodo 771 2008.12.17 -
DrWeb 4.44.0.09170 2008.12.17 DLOADER.Trojan
eSafe 7.0.17.0 2008.12.16 -
eTrust-Vet 31.6.6265 2008.12.17 -
Ewido 4.0 2008.12.16 -
F-Prot 4.4.4.56 2008.12.17 -
F-Secure 8.0.14332.0 2008.12.17 -
Fortinet 3.117.0.0 2008.12.17 PossibleThreat
GData 19 2008.12.17 DeepScan:Generic.Malware.SYd!dld.3139AED9
Ikarus T3.1.1.45.0 2008.12.17 Trojan-Spy.Win32.Agent.DI
K7AntiVirus 7.10.555 2008.12.16 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.12.17 Heur.Trojan.Generic
McAfee 5466 2008.12.16 Generic.dx
McAfee+Artemis 5466 2008.12.16 Generic.dx
Microsoft 1.4205 2008.12.17 -
NOD32 3698 2008.12.17 probably unknown NewHeur_PE
Norman 5.80.02 2008.12.16 W32/DLoader.LTZX
Panda 9.0.0.4 2008.12.17 Generic Trojan
PCTools 4.4.2.0 2008.12.16 -
Prevx1 V2 2008.12.17 Malicious Software
Rising 21.08.22.00 2008.12.17 Packer.RyCrypt
SecureWeb-Gateway 6.7.6 2008.12.17 Trojan.Downloader.Gen
Sophos 4.36.0 2008.12.17 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.17 Trojan Horse
TheHacker 6.3.1.4.189 2008.12.16 -
TrendMicro 8.700.0.1004 2008.12.17 Possible_DLDER
VBA32 3.12.8.10 2008.12.16 suspected of MalwareScope.Trojan-PSW.Pinch.45 (paranoid heuristics)
ViRobot 2008.12.17.1523 2008.12.17 -
VirusBuster 4.5.11.0 2008.12.16 -
Information additionnelle
File size: 25600 bytes
MD5...: 58d73c2bf7fe1067f9bf3aef20c0882b
SHA1..: c8e8950883cb2722db94a524f4ff9c92ba507f8f
SHA256: df4fef1147e71d0fd9ae6c82a2aa355e7c64b5e6775a83e6ec0ca2d4c3934f8a
SHA512: 6dd7e5efc39bb91fd276f4c46fb7ea225b4a53a90728b9e905f0ad4fa626a415<BR>9574717016db0933cc07cc3a8186470dd425cd4d8f8165fb93ad39c6a7b55785<BR>
ssdeep: 192:zw9+dqVotTF6fOyf9LPl488NXdH0dHRdHwdHPH1SdHB18GtpbVu11Lre/8Pq<BR>nT3q:z2G2otjyfJl2NXqrmuJNmFvsRY<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>VXD Driver (0.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x401000<BR>timedatestamp.....: 0x493649d7 (Wed Dec 03 08:56:55 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 2 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x17cc 0x1800 5.86 c56fb08ba43c4f11555d17decdf5ccf2<BR>.data 0x3000 0x4a50 0x4a00 3.81 5e0e2c83b805315187742e190302e872<BR><BR>( 4 imports ) <BR>> kernel32.dll: Sleep, CreateMutexA, GetLastError, ExitProcess, GlobalAlloc, RtlZeroMemory, GlobalFree, CreateFileA, GetFileSize, ReadFile, CloseHandle, WriteFile, WinExec, GetSystemDirectoryA, GetWindowsDirectoryA, GetModuleFileNameA, OpenFile, FindFirstFileA, FindClose, FlushFileBuffers<BR>> advapi32.dll: RegCreateKeyA, RegSetValueExA, RegCloseKey, RegOpenKeyExA, RegCreateKeyExA, RegQueryValueExA<BR>> shell32.dll: ShellExecuteA, SHGetSpecialFolderPathA<BR>> wininet.dll: InternetOpenA, InternetOpenUrlA, InternetReadFile, InternetCloseHandle<BR><BR>( 0 exports ) <BR>
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=A8DF8D7300DF893564E500D9A29B6B00168AE4B3' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=A8DF8D7300DF893564E500D9A29B6B00168AE4B3</a>
packers (F-Prot): embedded
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=58d73c2bf7fe1067f9bf3aef20c0882b' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=58d73c2bf7fe1067f9bf3aef20c0882b</a>
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.17.3 2008.12.17 -
AntiVir 7.9.0.45 2008.12.17 TR/Downloader.Gen
Authentium 5.1.0.4 2008.12.17 -
Avast 4.8.1281.0 2008.12.16 -
AVG 8.0.0.199 2008.12.17 -
BitDefender 7.2 2008.12.17 DeepScan:Generic.Malware.SYd!dld.3139AED9
CAT-QuickHeal 10.00 2008.12.17 -
ClamAV 0.94.1 2008.12.17 -
Comodo 771 2008.12.17 -
DrWeb 4.44.0.09170 2008.12.17 DLOADER.Trojan
eSafe 7.0.17.0 2008.12.16 -
eTrust-Vet 31.6.6265 2008.12.17 -
Ewido 4.0 2008.12.16 -
F-Prot 4.4.4.56 2008.12.17 -
F-Secure 8.0.14332.0 2008.12.17 -
Fortinet 3.117.0.0 2008.12.17 PossibleThreat
GData 19 2008.12.17 DeepScan:Generic.Malware.SYd!dld.3139AED9
Ikarus T3.1.1.45.0 2008.12.17 Trojan-Spy.Win32.Agent.DI
K7AntiVirus 7.10.555 2008.12.16 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.12.17 Heur.Trojan.Generic
McAfee 5466 2008.12.16 Generic.dx
McAfee+Artemis 5466 2008.12.16 Generic.dx
Microsoft 1.4205 2008.12.17 -
NOD32 3698 2008.12.17 probably unknown NewHeur_PE
Norman 5.80.02 2008.12.16 W32/DLoader.LTZX
Panda 9.0.0.4 2008.12.17 Generic Trojan
PCTools 4.4.2.0 2008.12.16 -
Prevx1 V2 2008.12.17 Malicious Software
Rising 21.08.22.00 2008.12.17 Packer.RyCrypt
SecureWeb-Gateway 6.7.6 2008.12.17 Trojan.Downloader.Gen
Sophos 4.36.0 2008.12.17 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.17 Trojan Horse
TheHacker 6.3.1.4.189 2008.12.16 -
TrendMicro 8.700.0.1004 2008.12.17 Possible_DLDER
VBA32 3.12.8.10 2008.12.16 suspected of MalwareScope.Trojan-PSW.Pinch.45 (paranoid heuristics)
ViRobot 2008.12.17.1523 2008.12.17 -
VirusBuster 4.5.11.0 2008.12.16 -
Information additionnelle
File size: 25600 bytes
MD5...: 58d73c2bf7fe1067f9bf3aef20c0882b
SHA1..: c8e8950883cb2722db94a524f4ff9c92ba507f8f
SHA256: df4fef1147e71d0fd9ae6c82a2aa355e7c64b5e6775a83e6ec0ca2d4c3934f8a
SHA512: 6dd7e5efc39bb91fd276f4c46fb7ea225b4a53a90728b9e905f0ad4fa626a415<BR>9574717016db0933cc07cc3a8186470dd425cd4d8f8165fb93ad39c6a7b55785<BR>
ssdeep: 192:zw9+dqVotTF6fOyf9LPl488NXdH0dHRdHwdHPH1SdHB18GtpbVu11Lre/8Pq<BR>nT3q:z2G2otjyfJl2NXqrmuJNmFvsRY<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>VXD Driver (0.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x401000<BR>timedatestamp.....: 0x493649d7 (Wed Dec 03 08:56:55 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 2 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x17cc 0x1800 5.86 c56fb08ba43c4f11555d17decdf5ccf2<BR>.data 0x3000 0x4a50 0x4a00 3.81 5e0e2c83b805315187742e190302e872<BR><BR>( 4 imports ) <BR>> kernel32.dll: Sleep, CreateMutexA, GetLastError, ExitProcess, GlobalAlloc, RtlZeroMemory, GlobalFree, CreateFileA, GetFileSize, ReadFile, CloseHandle, WriteFile, WinExec, GetSystemDirectoryA, GetWindowsDirectoryA, GetModuleFileNameA, OpenFile, FindFirstFileA, FindClose, FlushFileBuffers<BR>> advapi32.dll: RegCreateKeyA, RegSetValueExA, RegCloseKey, RegOpenKeyExA, RegCreateKeyExA, RegQueryValueExA<BR>> shell32.dll: ShellExecuteA, SHGetSpecialFolderPathA<BR>> wininet.dll: InternetOpenA, InternetOpenUrlA, InternetReadFile, InternetCloseHandle<BR><BR>( 0 exports ) <BR>
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=A8DF8D7300DF893564E500D9A29B6B00168AE4B3' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=A8DF8D7300DF893564E500D9A29B6B00168AE4B3</a>
packers (F-Prot): embedded
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=58d73c2bf7fe1067f9bf3aef20c0882b' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=58d73c2bf7fe1067f9bf3aef20c0882b</a>
merci
Re,
Fais analyser ces deux-là aussi, histoire d'être sûr 
c:\windows\system32\upd42.exe
c:\windows\system32\LSGPRN.EXE
Sécurité / Prévention
Répondre à Egwene
voici le rapport pour upd42.exe (il me dit qu'il a déja été analyser)
Fichier upd42.exe reçu le 2008.11.27 18:18:41 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - TR/Crypt.XPACK.Gen
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - DeepScan:Generic.Malware.SYd!dld.A34684A2
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - DLOADER.Trojan
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - Suspicious:W32/Malware!Gemini
Fortinet - - -
GData - - DeepScan:Generic.Malware.SYd!dld.A34684A2
Ikarus - - Trojan-Spy.Win32.Agent.DI
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
McAfee+Artemis - - -
Microsoft - - TrojanDownloader:Win32/Small.gen!D
NOD32 - - probably unknown NewHeur_PE
Norman - - -
Panda - - Suspicious file
PCTools - - -
Prevx1 - - -
Rising - - Packer.RyCrypt
SecureWeb-Gateway - - Trojan.Crypt.XPACK.Gen
Sophos - - -
Sunbelt - - -
Symantec - - Trojan Horse
TheHacker - - -
TrendMicro - - Possible_DLDER
VBA32 - - suspected of MalwareScope.Trojan-PSW.Pinch.45 (paranoid heuristics)
ViRobot - - -
VirusBuster - - -
Information additionnelle
MD5: f46512e00751c531d69370c7593001f4
SHA1: dce1a85e753f04ad8cc39d7cc41d19683bccf60c
SHA256: 57a6aa6f2cd02ece47acc4ba416a0e1cbfb35a01f643213c8af3d1e2c5b370c1
SHA512: d3131b72ba8d3012c20112d30838fdf3b15dfa988bcdc973a21d74d5d4d6eca66558a2430a6a0993ca2b66a720797ae546f6c6139d8f4e5293f233bcb82f3a33
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - TR/Crypt.XPACK.Gen
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - DeepScan:Generic.Malware.SYd!dld.A34684A2
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - DLOADER.Trojan
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - Suspicious:W32/Malware!Gemini
Fortinet - - -
GData - - DeepScan:Generic.Malware.SYd!dld.A34684A2
Ikarus - - Trojan-Spy.Win32.Agent.DI
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
McAfee+Artemis - - -
Microsoft - - TrojanDownloader:Win32/Small.gen!D
NOD32 - - probably unknown NewHeur_PE
Norman - - -
Panda - - Suspicious file
PCTools - - -
Prevx1 - - -
Rising - - Packer.RyCrypt
SecureWeb-Gateway - - Trojan.Crypt.XPACK.Gen
Sophos - - -
Sunbelt - - -
Symantec - - Trojan Horse
TheHacker - - -
TrendMicro - - Possible_DLDER
VBA32 - - suspected of MalwareScope.Trojan-PSW.Pinch.45 (paranoid heuristics)
ViRobot - - -
VirusBuster - - -
Information additionnelle
MD5: f46512e00751c531d69370c7593001f4
SHA1: dce1a85e753f04ad8cc39d7cc41d19683bccf60c
SHA256: 57a6aa6f2cd02ece47acc4ba416a0e1cbfb35a01f643213c8af3d1e2c5b370c1
SHA512: d3131b72ba8d3012c20112d30838fdf3b15dfa988bcdc973a21d74d5d4d6eca66558a2430a6a0993ca2b66a720797ae546f6c6139d8f4e5293f233bcb82f3a33
du coup je l'ai re analyser :
Fichier upd42.exe reçu le 2008.12.19 13:28:50 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.19.3 2008.12.19 -
AntiVir 7.9.0.45 2008.12.19 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.18 -
AVG 8.0.0.199 2008.12.19 Generic12.RLE
BitDefender 7.2 2008.12.19 DeepScan:Generic.Malware.SYd!dld.A34684A2
CAT-QuickHeal 10.00 2008.12.19 -
ClamAV 0.94.1 2008.12.19 -
Comodo 781 2008.12.19 -
DrWeb 4.44.0.09170 2008.12.19 DLOADER.Trojan
eSafe 7.0.17.0 2008.12.18 -
eTrust-Vet 31.6.6268 2008.12.18 -
Ewido 4.0 2008.12.19 -
F-Prot 4.4.4.56 2008.12.18 -
F-Secure 8.0.14332.0 2008.12.19 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2008.12.19 W32/Heuri.E
GData 19 2008.12.19 DeepScan:Generic.Malware.SYd!dld.A34684A2
Ikarus T3.1.1.45.0 2008.12.19 Trojan-Spy.Win32.Agent.DI
K7AntiVirus 7.10.557 2008.12.18 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.12.19 -
McAfee 5468 2008.12.18 Generic Downloader.x
McAfee+Artemis 5468 2008.12.18 Generic Downloader.x
Microsoft 1.4205 2008.12.19 TrojanDownloader:Win32/Small.gen!D
NOD32 3705 2008.12.19 probably unknown NewHeur_PE
Norman 5.80.02 2008.12.18 W32/Smalltroj.IWBK
Panda 9.0.0.4 2008.12.19 Generic Trojan
PCTools 4.4.2.0 2008.12.19 -
Prevx1 V2 2008.12.19 Malicious Software
Rising 21.08.42.00 2008.12.19 -
SecureWeb-Gateway 6.7.6 2008.12.19 Trojan.Crypt.XPACK.Gen
Sophos 4.37.0 2008.12.19 Mal/Generic-A
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.19 Trojan Horse
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.19 Possible_DLDER
VBA32 3.12.8.10 2008.12.18 suspected of MalwareScope.Trojan-PSW.Pinch.45 (paranoid heuristics)
ViRobot 2008.12.19.1527 2008.12.19 -
VirusBuster 4.5.11.0 2008.12.18 -
Information additionnelle
File size: 24576 bytes
MD5...: f46512e00751c531d69370c7593001f4
SHA1..: dce1a85e753f04ad8cc39d7cc41d19683bccf60c
SHA256: 57a6aa6f2cd02ece47acc4ba416a0e1cbfb35a01f643213c8af3d1e2c5b370c1
SHA512: d3131b72ba8d3012c20112d30838fdf3b15dfa988bcdc973a21d74d5d4d6eca6<BR>6558a2430a6a0993ca2b66a720797ae546f6c6139d8f4e5293f233bcb82f3a33<BR>
ssdeep: 192:h1ct2/ccVZS+v643+dH0dHRdHwdHPH1SdHB18Givpu111e/WnT3fvBR:J/pv<BR>6G+qrmuJy0vBR<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>VXD Driver (0.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x401000<BR>timedatestamp.....: 0x492e684c (Thu Nov 27 09:28:44 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 2 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x167a 0x1800 5.62 be94cc5d886bf987f349fb45c1ce3528<BR>.data 0x3000 0x47d8 0x4600 3.83 ce7a0754c93e7fc24c6457c0972f8072<BR><BR>( 4 imports ) <BR>> kernel32.dll: Sleep, CreateMutexA, GetLastError, ExitProcess, CreateFileA, GetFileSize, GlobalAlloc, ReadFile, CloseHandle, GlobalFree, WriteFile, WinExec, GetSystemDirectoryA, GetWindowsDirectoryA, GetModuleFileNameA, OpenFile, FindFirstFileA, FindClose, FlushFileBuffers<BR>> advapi32.dll: RegCreateKeyA, RegSetValueExA, RegCloseKey, RegOpenKeyExA, RegCreateKeyExA, RegQueryValueExA<BR>> shell32.dll: ShellExecuteA, SHGetSpecialFolderPathA<BR>> urlmon.dll: URLDownloadToFileA<BR><BR>( 0 exports ) <BR>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f46512e00751c531d69370c7593001f4' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f46512e00751c531d69370c7593001f4</a>
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=A68FEB580022D4A260F700AE7BC9AD00CB8A286D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=A68FEB580022D4A260F700AE7BC9AD00CB8A286D</a>
packers (F-Prot): embedded
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.19.3 2008.12.19 -
AntiVir 7.9.0.45 2008.12.19 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.18 -
AVG 8.0.0.199 2008.12.19 Generic12.RLE
BitDefender 7.2 2008.12.19 DeepScan:Generic.Malware.SYd!dld.A34684A2
CAT-QuickHeal 10.00 2008.12.19 -
ClamAV 0.94.1 2008.12.19 -
Comodo 781 2008.12.19 -
DrWeb 4.44.0.09170 2008.12.19 DLOADER.Trojan
eSafe 7.0.17.0 2008.12.18 -
eTrust-Vet 31.6.6268 2008.12.18 -
Ewido 4.0 2008.12.19 -
F-Prot 4.4.4.56 2008.12.18 -
F-Secure 8.0.14332.0 2008.12.19 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2008.12.19 W32/Heuri.E
GData 19 2008.12.19 DeepScan:Generic.Malware.SYd!dld.A34684A2
Ikarus T3.1.1.45.0 2008.12.19 Trojan-Spy.Win32.Agent.DI
K7AntiVirus 7.10.557 2008.12.18 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2008.12.19 -
McAfee 5468 2008.12.18 Generic Downloader.x
McAfee+Artemis 5468 2008.12.18 Generic Downloader.x
Microsoft 1.4205 2008.12.19 TrojanDownloader:Win32/Small.gen!D
NOD32 3705 2008.12.19 probably unknown NewHeur_PE
Norman 5.80.02 2008.12.18 W32/Smalltroj.IWBK
Panda 9.0.0.4 2008.12.19 Generic Trojan
PCTools 4.4.2.0 2008.12.19 -
Prevx1 V2 2008.12.19 Malicious Software
Rising 21.08.42.00 2008.12.19 -
SecureWeb-Gateway 6.7.6 2008.12.19 Trojan.Crypt.XPACK.Gen
Sophos 4.37.0 2008.12.19 Mal/Generic-A
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.19 Trojan Horse
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.19 Possible_DLDER
VBA32 3.12.8.10 2008.12.18 suspected of MalwareScope.Trojan-PSW.Pinch.45 (paranoid heuristics)
ViRobot 2008.12.19.1527 2008.12.19 -
VirusBuster 4.5.11.0 2008.12.18 -
Information additionnelle
File size: 24576 bytes
MD5...: f46512e00751c531d69370c7593001f4
SHA1..: dce1a85e753f04ad8cc39d7cc41d19683bccf60c
SHA256: 57a6aa6f2cd02ece47acc4ba416a0e1cbfb35a01f643213c8af3d1e2c5b370c1
SHA512: d3131b72ba8d3012c20112d30838fdf3b15dfa988bcdc973a21d74d5d4d6eca6<BR>6558a2430a6a0993ca2b66a720797ae546f6c6139d8f4e5293f233bcb82f3a33<BR>
ssdeep: 192:h1ct2/ccVZS+v643+dH0dHRdHwdHPH1SdHB18Givpu111e/WnT3fvBR:J/pv<BR>6G+qrmuJy0vBR<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>VXD Driver (0.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x401000<BR>timedatestamp.....: 0x492e684c (Thu Nov 27 09:28:44 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 2 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x167a 0x1800 5.62 be94cc5d886bf987f349fb45c1ce3528<BR>.data 0x3000 0x47d8 0x4600 3.83 ce7a0754c93e7fc24c6457c0972f8072<BR><BR>( 4 imports ) <BR>> kernel32.dll: Sleep, CreateMutexA, GetLastError, ExitProcess, CreateFileA, GetFileSize, GlobalAlloc, ReadFile, CloseHandle, GlobalFree, WriteFile, WinExec, GetSystemDirectoryA, GetWindowsDirectoryA, GetModuleFileNameA, OpenFile, FindFirstFileA, FindClose, FlushFileBuffers<BR>> advapi32.dll: RegCreateKeyA, RegSetValueExA, RegCloseKey, RegOpenKeyExA, RegCreateKeyExA, RegQueryValueExA<BR>> shell32.dll: ShellExecuteA, SHGetSpecialFolderPathA<BR>> urlmon.dll: URLDownloadToFileA<BR><BR>( 0 exports ) <BR>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f46512e00751c531d69370c7593001f4' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=f46512e00751c531d69370c7593001f4</a>
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=A68FEB580022D4A260F700AE7BC9AD00CB8A286D' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=A68FEB580022D4A260F700AE7BC9AD00CB8A286D</a>
et voilà le rapport de LSGPRN.exe que j'ai fait ré analyser aussi :
Fichier LSGPRN.EXE reçu le 2008.12.19 13:34:30 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.19.3 2008.12.19 -
AntiVir 7.9.0.45 2008.12.19 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.18 -
AVG 8.0.0.199 2008.12.19 Generic12.RMR
BitDefender 7.2 2008.12.19 DeepScan:Generic.Malware.SYd!dld.4BCEE042
CAT-QuickHeal 10.00 2008.12.19 -
ClamAV 0.94.1 2008.12.19 -
Comodo 781 2008.12.19 -
DrWeb 4.44.0.09170 2008.12.19 DLOADER.Trojan
eSafe 7.0.17.0 2008.12.18 -
eTrust-Vet 31.6.6268 2008.12.18 -
Ewido 4.0 2008.12.19 -
F-Prot 4.4.4.56 2008.12.18 -
F-Secure 8.0.14332.0 2008.12.19 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2008.12.19 W32/Heuri.E
GData 19 2008.12.19 DeepScan:Generic.Malware.SYd!dld.4BCEE042
Ikarus T3.1.1.45.0 2008.12.19 Trojan-Spy.Win32.Agent.DI
K7AntiVirus 7.10.557 2008.12.18 -
Kaspersky 7.0.0.125 2008.12.19 Heur.Trojan.Generic
McAfee 5468 2008.12.18 Generic Downloader.x
McAfee+Artemis 5468 2008.12.18 Generic Downloader.x
Microsoft 1.4205 2008.12.19 TrojanDownloader:Win32/Small.gen!D
NOD32 3705 2008.12.19 probably unknown NewHeur_PE
Norman 5.80.02 2008.12.18 W32/Smalltroj.IWCM
Panda 9.0.0.4 2008.12.19 Generic Trojan
PCTools 4.4.2.0 2008.12.19 -
Prevx1 V2 2008.12.19 Malware Dropper
Rising 21.08.42.00 2008.12.19 -
SecureWeb-Gateway 6.7.6 2008.12.19 Trojan.Crypt.XPACK.Gen
Sophos 4.37.0 2008.12.19 Mal/Generic-A
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.19 Trojan Horse
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.19 Possible_DLDER
ViRobot 2008.12.19.1527 2008.12.19 -
VirusBuster 4.5.11.0 2008.12.18 -
Information additionnelle
File size: 24576 bytes
MD5...: 3c61aa786400574e17b61e4576f8de4f
SHA1..: c45860b683c421b4cdc1c43989c5dc59cd7b1257
SHA256: 29f15c1c54a280d8255b2ed3aa155c1ebf0370b3958e0d9fd28542d5670cf738
SHA512: fc20a5af06823588e9915853035898c72ffb89328a8a2bb7380565e07e388e44<BR>2bbaef61116d0893dbbdc071eb9b24ee6216557b125e9b48d760e80b45e2b30b<BR>
ssdeep: 192:rL10X2v6cVZS+v643+dH0dHRdHwdHPH1SdHB18Givpu111e/WnT3fvBR:rFv<BR>Dv6G+qrmuJy0vBR<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>VXD Driver (0.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x401000<BR>timedatestamp.....: 0x492e684c (Thu Nov 27 09:28:44 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 2 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x167a 0x1800 5.69 d4449c38c9b76a60a4297886a57cca3e<BR>.data 0x3000 0x47d8 0x4600 3.83 ce7a0754c93e7fc24c6457c0972f8072<BR><BR>( 4 imports ) <BR>> kernel32.dll: Sleep, CreateMutexA, GetLastError, ExitProcess, CreateFileA, GetFileSize, GlobalAlloc, ReadFile, CloseHandle, GlobalFree, WriteFile, WinExec, GetSystemDirectoryA, GetWindowsDirectoryA, GetModuleFileNameA, OpenFile, FindFirstFileA, FindClose, FlushFileBuffers<BR>> advapi32.dll: RegCreateKeyA, RegSetValueExA, RegCloseKey, RegOpenKeyExA, RegCreateKeyExA, RegQueryValueExA<BR>> shell32.dll: ShellExecuteA, SHGetSpecialFolderPathA<BR>> urlmon.dll: URLDownloadToFileA<BR><BR>( 0 exports ) <BR>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=3c61aa786400574e17b61e4576f8de4f' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=3c61aa786400574e17b61e4576f8de4f</a>
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=96D4E45C0022D4A260F700AE7BC9AD002BEEA085' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=96D4E45C0022D4A260F700AE7BC9AD002BEEA085</a>
packers (F-Prot): embedded
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.19.3 2008.12.19 -
AntiVir 7.9.0.45 2008.12.19 TR/Crypt.XPACK.Gen
Authentium 5.1.0.4 2008.12.18 -
Avast 4.8.1281.0 2008.12.18 -
AVG 8.0.0.199 2008.12.19 Generic12.RMR
BitDefender 7.2 2008.12.19 DeepScan:Generic.Malware.SYd!dld.4BCEE042
CAT-QuickHeal 10.00 2008.12.19 -
ClamAV 0.94.1 2008.12.19 -
Comodo 781 2008.12.19 -
DrWeb 4.44.0.09170 2008.12.19 DLOADER.Trojan
eSafe 7.0.17.0 2008.12.18 -
eTrust-Vet 31.6.6268 2008.12.18 -
Ewido 4.0 2008.12.19 -
F-Prot 4.4.4.56 2008.12.18 -
F-Secure 8.0.14332.0 2008.12.19 Suspicious:W32/Malware!Gemini
Fortinet 3.117.0.0 2008.12.19 W32/Heuri.E
GData 19 2008.12.19 DeepScan:Generic.Malware.SYd!dld.4BCEE042
Ikarus T3.1.1.45.0 2008.12.19 Trojan-Spy.Win32.Agent.DI
K7AntiVirus 7.10.557 2008.12.18 -
Kaspersky 7.0.0.125 2008.12.19 Heur.Trojan.Generic
McAfee 5468 2008.12.18 Generic Downloader.x
McAfee+Artemis 5468 2008.12.18 Generic Downloader.x
Microsoft 1.4205 2008.12.19 TrojanDownloader:Win32/Small.gen!D
NOD32 3705 2008.12.19 probably unknown NewHeur_PE
Norman 5.80.02 2008.12.18 W32/Smalltroj.IWCM
Panda 9.0.0.4 2008.12.19 Generic Trojan
PCTools 4.4.2.0 2008.12.19 -
Prevx1 V2 2008.12.19 Malware Dropper
Rising 21.08.42.00 2008.12.19 -
SecureWeb-Gateway 6.7.6 2008.12.19 Trojan.Crypt.XPACK.Gen
Sophos 4.37.0 2008.12.19 Mal/Generic-A
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.19 Trojan Horse
TheHacker 6.3.1.4.191 2008.12.17 -
TrendMicro 8.700.0.1004 2008.12.19 Possible_DLDER
ViRobot 2008.12.19.1527 2008.12.19 -
VirusBuster 4.5.11.0 2008.12.18 -
Information additionnelle
File size: 24576 bytes
MD5...: 3c61aa786400574e17b61e4576f8de4f
SHA1..: c45860b683c421b4cdc1c43989c5dc59cd7b1257
SHA256: 29f15c1c54a280d8255b2ed3aa155c1ebf0370b3958e0d9fd28542d5670cf738
SHA512: fc20a5af06823588e9915853035898c72ffb89328a8a2bb7380565e07e388e44<BR>2bbaef61116d0893dbbdc071eb9b24ee6216557b125e9b48d760e80b45e2b30b<BR>
ssdeep: 192:rL10X2v6cVZS+v643+dH0dHRdHwdHPH1SdHB18Givpu111e/WnT3fvBR:rFv<BR>Dv6G+qrmuJy0vBR<BR>
PEiD..: -
TrID..: File type identification<BR>Win32 Executable Generic (42.3%)<BR>Win32 Dynamic Link Library (generic) (37.6%)<BR>Generic Win/DOS Executable (9.9%)<BR>DOS Executable Generic (9.9%)<BR>VXD Driver (0.1%)
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x401000<BR>timedatestamp.....: 0x492e684c (Thu Nov 27 09:28:44 2008)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 2 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x167a 0x1800 5.69 d4449c38c9b76a60a4297886a57cca3e<BR>.data 0x3000 0x47d8 0x4600 3.83 ce7a0754c93e7fc24c6457c0972f8072<BR><BR>( 4 imports ) <BR>> kernel32.dll: Sleep, CreateMutexA, GetLastError, ExitProcess, CreateFileA, GetFileSize, GlobalAlloc, ReadFile, CloseHandle, GlobalFree, WriteFile, WinExec, GetSystemDirectoryA, GetWindowsDirectoryA, GetModuleFileNameA, OpenFile, FindFirstFileA, FindClose, FlushFileBuffers<BR>> advapi32.dll: RegCreateKeyA, RegSetValueExA, RegCloseKey, RegOpenKeyExA, RegCreateKeyExA, RegQueryValueExA<BR>> shell32.dll: ShellExecuteA, SHGetSpecialFolderPathA<BR>> urlmon.dll: URLDownloadToFileA<BR><BR>( 0 exports ) <BR>
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=3c61aa786400574e17b61e4576f8de4f' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=3c61aa786400574e17b61e4576f8de4f</a>
Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=96D4E45C0022D4A260F700AE7BC9AD002BEEA085' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=96D4E45C0022D4A260F700AE7BC9AD002BEEA085</a>
packers (F-Prot): embedded
Bonjour,
Cela confirme mes soupçons, je préférais m'en assurer.
Désactive toute protection résidente ( antivirus…) ! <------- Pense-y !
Copie le texte se situant dans le cadre ci-dessous : ( Ctrl + C )
File::
|
=> Ouvre le Bloc Notes : Démarrer > Tous les programmes > Accessoires > Bloc notes
- Colles y le texte (CTRL + V)
- Enregistre ce fichier dans : Bureau
- Nom du fichier : CFScript
- Type du fichier : tous les fichiers !!
- Clique sur Enregistrer
- Quitte le Bloc Notes
Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
* Cela va relancer Combofix : au message qui apparaît ( Type 1 to continue, or 2 to abort), tape 1 puis valide.
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
* Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Copie/Colle son contenue sur le forum.
Si le fichier ne s'ouvre pas, il se trouve ici : C:\ComboFix.txt
* Poste un nouveau rapport hijackthis.
Sécurité / Prévention
Répondre à Egwene
voici le rapport combo fix
ComboFix 08-12-13.03 - niko 2008-12-21 21:41:39.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2559.2128 [GMT 1:00]
Lancé depuis: c:\documents and settings\niko\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\niko\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
FILE ::
c:\windows\NV17002656.TMP
c:\windows\system32\LSGPRN.EXE
c:\windows\system32\LSHPRN.EXE
c:\windows\system32\upd42.exe
c:\windows\system32\upd46.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\sc32.dll
c:\windows\system32\43upd.dll
c:\windows\system32\44upd.dll
c:\windows\system32\45upd.dll
c:\windows\system32\46upd.dll
c:\windows\system32\LSGPRN.EXE
c:\windows\system32\LSHPRN.EXE
c:\windows\system32\upd42.exe
c:\windows\system32\upd46.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-21 au 2008-12-21 ))))))))))))))))))))))))))))))))))))
.
2008-12-15 23:04 . 2008-12-15 23:04 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-15 13:08 . 2008-12-21 21:40 364 --a------ c:\windows\iexplore.htm
2008-12-10 23:48 . 2008-12-10 23:48 <REP> d-------- C:\rsit
2008-12-10 23:39 . 2008-12-10 23:39 <REP> d-------- C:\_OTMoveIt
2008-12-09 23:22 . 2008-12-09 23:25 250 --a------ c:\windows\gmer.ini
2008-12-09 23:15 . 2008-12-09 23:17 <REP> d-------- C:\ToolBar SD
2008-12-09 22:07 . 2008-12-10 23:35 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-09 20:23 . 2008-12-10 23:35 <REP> d-------- c:\program files\a-squared Free
2008-12-09 20:03 . 2008-12-09 20:03 <REP> d-------- c:\program files\Trend Micro
2008-12-09 18:46 . 2008-12-09 18:46 <REP> d-------- c:\program files\Lavasoft
2008-11-27 21:53 . 2008-11-27 21:58 <REP> d-------- c:\windows\NV17002656.TMP
2008-11-26 20:42 . 2008-11-26 20:42 <REP> dr-h----- c:\documents and settings\niko\Application Data\SecuROM
2008-11-26 20:16 . 2008-11-26 20:16 <REP> d-------- c:\windows\Logs
2008-11-26 20:16 . 2008-11-26 20:16 22,328 --a------ c:\documents and settings\niko\Application Data\PnkBstrK.sys
2008-11-26 20:12 . 2008-11-26 20:12 <REP> d-------- c:\program files\Ubisoft
2008-11-25 10:23 . 2008-12-15 13:03 <REP> d-------- c:\program files\Pense-bete
2008-11-25 10:23 . 2008-12-15 13:03 <REP> d-------- c:\documents and settings\niko\Application Data\Pense-bete
2008-11-23 22:12 . 2008-11-23 22:12 319 --a------ c:\windows\game.ini
2008-11-23 22:07 . 2008-11-23 22:07 <REP> d-------- c:\program files\Activision
2008-11-23 21:53 . 2008-11-23 21:53 <REP> d--hs---- c:\windows\ftpcache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-21 20:25 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-15 22:04 --------- d-----w c:\program files\Java
2008-12-15 12:04 --------- d-----w c:\program files\Steinberg
2008-12-12 22:28 --------- d-----w c:\program files\eMule
2008-12-12 22:27 --------- d-----w c:\documents and settings\niko\Application Data\Azureus
2008-12-10 10:13 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-09 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-09 17:45 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-09 10:58 --------- d-----w c:\program files\Windows Live Safety Center
2008-11-27 23:06 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-27 20:47 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-11-27 20:47 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-11-27 06:49 109,249 ----a-w c:\program files\MSWINSCK.OCX
2008-11-26 19:17 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-26 19:12 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 12:27 --------- d-----w c:\program files\Azureus
2008-11-11 15:55 --------- d-----w c:\program files\VOB
2008-11-06 19:59 --------- d-----w c:\documents and settings\niko\Application Data\TuneUp Software
2008-11-06 19:59 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-11-06 15:06 --------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2008-10-24 11:21 455,296 ------w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 10:32 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((( snapshot@2008-12-14_14.49.42.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-17 00:48:40 3,593,216 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:34:38 216,800 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:35:47 394,976 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2008-04-14 02:33:26 81,920 -c--a-w c:\windows\system32\dllcache\ils.dll
- 2008-10-17 00:48:40 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:37:56 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-06-09 23:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2008-12-15 22:04:12 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-09 23:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2008-12-15 22:04:12 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 00:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2008-12-15 22:04:12 148,888 ----a-w c:\windows\system32\javaws.exe
- 2008-10-17 00:48:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:37:56 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-21 20:12:12 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_584.dat
- 2008-12-14 13:48:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5cc.dat
+ 2008-12-21 20:12:00 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5cc.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-22 68856]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil9f.exe" [2008-03-25 218496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-02-23 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-15 136600]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^niko^Menu Démarrer^Programmes^Démarrage^GIGABYTE VGA Utility.lnk]
path=c:\documents and settings\niko\Menu Démarrer\Programmes\Démarrage\GIGABYTE VGA Utility.lnk
backup=c:\windows\pss\GIGABYTE VGA Utility.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-09-03 19:12 111936 c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AsusStartupHelp]
-ra--c--- 2006-11-14 07:25 363008 c:\program files\ASUS\AASP\1.00.16\AsRunHelp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a--c--- 2004-09-02 22:57 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--a--c--- 2003-06-18 01:00 45056 c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDET.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a--c--- 2003-09-17 10:43 57344 c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a--c--- 2004-08-22 16:05 81920 c:\program files\D-Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a--c--- 2005-08-11 09:30 249856 c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a--c--- 2005-08-11 09:30 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
c:\program files\Messenger\msmsgs.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SBDrvDet]
--a--c--- 2002-12-03 18:06 45056 c:\program files\Creative\SB Drive Det\SBDrvDet.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
-----c--- 2006-07-13 07:12 729088 c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra--c--- 2006-12-18 14:34 868352 c:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-01-22 10:41 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-23 13:45 185896 c:\program files\Fichiers communs\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
-----c--- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2008-08-04 00:02 36352 c:\program files\Winamp\winampa.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
"PrinterSecurityLayer"=c:\windows\system32\LSHPRN.EXE
"nwiz"=nwiz.exe /install
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"CTHelper"=CTHELPER.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Fichiers communs\\NewTech Infosystems\\LiveUpdate\\LiveUpdate.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2008-11-11 11264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-06-26 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-06-26 20560]
S2 FAH@C:+DOCUME~1+niko+LOCALS~1+Temp+IXP000.TMP+s.exe;FAH@C:+DOCUME~1+niko+LOCALS~1+Temp+IXP000.TMP+s.exe;c:\docume~1\niko\LOCALS~1\Temp\IXP000.TMP\s.exe -svcstart []
S3 NikeDrv;Pilote nike psa[play;c:\windows\system32\Drivers\NikeDrv.sys [2001-08-17 22:24:44 12032]
S3 SaiHFF0D;SaiHFF0D;c:\windows\system32\DRIVERS\SaiHFF0D.sys [2008-08-24 176000]
S3 SaiUFF0D;SaiUFF0D;c:\windows\system32\DRIVERS\SaiUFF0D.sys [2008-08-24 27136]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contenu du dossier 'Tâches planifiées'
2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-12-05 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-06-20 09:23]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKLM-Run-PrinterSecurityLayer - c:\windows\system32\LSHPRN.EXE
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
c:\windows\Downloaded Program Files\OSDED4D.OSD
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 21:42:38
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FAH@C:+DOCUME~1+niko+LOCALS~1+Temp+IXP000.TMP+s.exe]
.
Heure de fin: 2008-12-21 21:43:17
ComboFix-quarantined-files.txt 2008-12-21 20:42:59
ComboFix2.txt 2008-12-14 13:50:04
Avant-CF: 443 100 106 752 octets libres
Après-CF: 443,104,935,936 octets libres
249 --- E O F --- 2008-12-19 12:38:40
et voici un nouveau rapport hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:46:20, on 21/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/too [...] ontrol.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 1005324125
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FAH@C:+DOCUME~1+niko+LOCALS~1+Temp+IXP000.TMP+s.exe - Unknown owner - C:\DOCUME~1\niko\LOCALS~1\Temp\IXP000.TMP\s.exe (file missing)
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8060 bytes
depuis la dernière manip , plus de soucis semble t il !!!
serait ce la victoire ?
si c'est le cas, un grand grand merci !!!!
ces simple se virus est tout simplement immortelle j'ai essayer 5 anti virus est rien 
le hai trojan!!!!???!!! T_T
A L'AIDE!!!
Il y a 2304 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
