Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Avast C:\WINDOWS\SYSTEM32\nmdfgds0.dll

Dernière réponse le 7 jun 2009 à 21:25:37 narjessch, le 2 mar 2009 à 10:52:36

Signaler ce message aux modérateurs

Bonjour,
avast afficher C:\WINDOWS\SYSTEM32\nmdfgds0.dll
et me conseille de l'ignorer mais moi je l'ai supprimé. je ne sais pas ce qui s'est passé. mais depuis le PC fonctionne à 100%UC. et je n'arrive plus à travailler avec.
aider moi SVP. tous mon travail est sur ce poste.
Merci.

Configuration: Windows XP
Firefox 3.0.6

Meilleures réponses pour « avast C:\WINDOWS\SYSTEM32\nmdfgds0.dll » dans :

C:\WINDOWS\System32\ATPartners.dll ??? (Résolu) Voir

C:\WINDOWS\system32\IfHelper.dll (Résolu) Voir

C\windows\system32\config\system Voir

C:\windows\system32\config\system. Voir

Erreur c:windows\system32\gzmrotate.dll Voir

C:\Windows\system32\NvCpl.dll Voir

Posez votre question Répondre

jlpjlp, le 2 mar 2009 à 11:12:29

Slt

c'est ceci: http://www.prevx.com/filenames/X1342468636794208142-X1/NMDFGDS02EDLL.html

_______________

pour voir

scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:

http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

Répondre à jlpjlp

narjessch, le 2 mar 2009 à 12:21:55

Slt,
merci jlpjlp. je viens de télécharger les différents liens. je vous tiens au courant des résultats.
merci.

Répondre à narjessch

jlpjlp, le 2 mar 2009 à 12:25:20

Ok colle bien les rapports

a plus

Répondre à jlpjlp

narjessch, le 2 mar 2009 à 13:02:48

Bonjour,
je viens de lancer le scan avec Prevx CSI. il a détecté 7 infections . mais la licence est exigée pour le nettoyage.
que devrais-je faire?
merci.

Répondre à narjessch

narjessch, le 2 mar 2009 à 13:15:59

Les infections sont:
c:\i6g6x.cmd
c:\windows\system32\olhrwef.exe
\REGISTRY\Users8S-1-5-21-1645522239-261478967-682003...
c:\windows\system32\nmdfgds0.dll
c:\windows\temp\sig3.tmp
c:\windows\temp\sig2d.tmp
c:\windows\system32\nmdfgds1.dll

Répondre à narjessch

jlpjlp, le 2 mar 2009 à 13:20:23

Colle moi les rapports demandés et on les virera!!!!

Répondre à jlpjlp

narjessch, le 2 mar 2009 à 14:46:28

Bonjour,
tout à l'heure je parlais des infections que Prevx CSI a détecté. et puisque je n'est pas de licence je ne pouvais pas les supprimer. j'espère qu'avec le rapport de Malwarebytes on va y arriver.

voici le rapport

Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1814
Windows 5.1.2600 Service Pack 2

02/03/2009 14:42:11
mbam-log-2009-03-02 (14-42-01).txt

Type de recherche: Examen complet (C:\|G:\|)
Eléments examinés: 258443
Temps écoulé: 1 hour(s), 10 minute(s), 40 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\BitDownload (Trojan.Lop) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cdoosoft (Spyware.OnlineGames) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> No action taken.

Répondre à narjessch

jlpjlp, le 2 mar 2009 à 14:52:09

Vire tout ce qui a été trouvé!!!

puis mets les rapport de RSIt

et on va y arriver!

Répondre à jlpjlp

narjessch, le 3 mar 2009 à 08:50:21

Bonjour;
hier j'ai eu un problème de connexion internet. voilà les rapports RSIT

rapport info

info.txt logfile of random's system information tool 1.05 2009-03-02 14:48:34

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0E43DFBD-71CF-4F61-B341-7C128FBC6AC2}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E47302B-8081-46D3-9FEA-BEB2E5F5C3EC}\setup.exe" -l0x40c anything
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ABAQUS 6.5 HTML Documentation-->"C:\ABAQUS\Documentation\installation_info\v6.5\html_uninstaller\Uninstall ABAQUS 6.5 HTML Documentation.exe"
ABAQUS 6.5-1-->"C:\ABAQUS\6.5-1\installation_info\uninstaller\Uninstall ABAQUS 6.5-1.exe"
ABAQUS FLEXlm License Server-->"C:\ABAQUS\License\installation_info\uninstaller\Uninstall ABAQUS Licensing.exe"
ACDSee 9 Gestionnaire de photos-->MsiExec.exe /I{91A06334-CB8D-422A-9699-251217674FD4}
Adobe Acrobat 8.1.3 Professional-->msiexec /I {AC76BA86-1033-F400-7760-000000000003}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Advanced Registry Tracer-->C:\Program Files\ElcomSoft\Advanced Registry Tracer\uninstall.exe
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Audio Editor Pro 2.80-->"C:\Program Files\Mightsoft\Audio Editor Pro\unins000.exe"
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bluesoleil 5.2.221.0-->MsiExec.exe /X{442C38A7-4639-4DEB-8656-5D11E173C0C0}
CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DJ Mix Lite-->C:\Program Files\DJ Mix Lite\uninstall.exe
File Recover 6.0-->"C:\Program Files\File Recover\unins000.exe"
FlashFXP v3-->"C:\Program Files\FlashFXP\Uninstall.exe" "C:\Program Files\FlashFXP\install.log" -u
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HashTab Shell Extension 1.11 for x32-->C:\Program Files\HashTab Shell Extension\uninst.exe
HiYo -->MsiExec.exe /X{8F3A13FC-DFDA-4001-A6C3-030495A1E66E} ARPVAL="UnInst" /qf /L*V "%temp%\HiYoUninstallLog.log"
HiYo-->MsiExec.exe /X{8F3A13FC-DFDA-4001-A6C3-030495A1E66E}
HP BatteryCheck 1.00 A7-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{69DAC00A-7665-4E9B-B441-093D40736429}\setup.exe" -l0x9 -removeonly uninst
HP Wireless Assistant 2.00 G2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}\Setup.exe" -l0x40c hpquninst
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Java 2 Runtime Environment, SE v1.4.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CD0159C9-17FB-11D6-A76A-00B0D079AF64}\Setup.exe"
Java 2 SDK, SE v1.4.1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0BAEE73-17FB-11D6-A76A-00B0D079AF64}\setup.exe" Anytext
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JCreator Pro 2.00-->"C:\Program Files\Xinox Software\JCreator Pro\unins000.exe"
JMP 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{06FDB581-76F1-4228-BA39-34E9A8FD53FD}\setup.exe" -l0x9
K-Lite Codec Pack 4.3.1 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Ma-Config.com-->MsiExec.exe /X{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1}
Macromedia Flash MX-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}\Setup.exe" -l0x40c UNINSTALL
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MathType 5-->"C:\Program Files\MathType\Setup.exe" -R
Media Player Classic fr-->"C:\Program Files\Media Player Classic\uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 with Security Updates-->MsiExec.exe /X{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Groove MUI (French) 2007-->MsiExec.exe /X{90120000-00BA-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007-->MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mininova-Vuze Toolbar-->C:\PROGRA~1\MININO~1\UNWISE.EXE C:\PROGRA~1\MININO~1\INSTALL.LOG
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour Encarta_Les Indispensables Éducation-->RunDll32.exe advpack.dll, LaunchINFSectionEx C:\Program Files\Learning Essentials\1.0\fr\FR\WBEncarta\Uninstall\Uninstall.inf,Uninstall,,,N
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.4)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{025B7033-5D4A-4B72-A1C2-84BE4BE2F72F}
MyPlayCity Toolbar-->C:\PROGRA~1\MYPLAY~1\UNWISE.EXE C:\PROGRA~1\MYPLAY~1\INSTALL.LOG
Nero 7 Lite 7.7.5.1-->"C:\Program Files\Nero\unins000.exe"
OmniPage SE-->MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
Origin 6.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microcal\Origin 6.0\Uninst.isu"
PDF2Word v1.1-->"C:\Program Files\PDF2Word v1.1\unins000.exe"
Pekka Kana 2-->C:\Program Files\Pekka Kana 2\Uninstal.exe
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
Prélude ERP 7.0.1-->"C:\Program Files\Prélude ERP\uninstall.exe"
Prevx CSI-->"C:\Program Files\Prevx\prevx.exe" /prop UNINSTALL=Y
Python 2.4.3-->MsiExec.exe /I{75E71ADD-042C-4F30-BFAC-A9EC42351313}
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
QuickTime Alternative 1.81-->"C:\Program Files\QuickTime Alternative\unins000.exe"
Real Alternative 1.52 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Recover My Files-->"C:\Program Files\GetData\Recover My Files\unins000.exe"
Right Click Image Converter-->"C:\Program Files\Kristanix\Right Click Image Converter\uninstall.exe"
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
Security Update for Excel 2007 (KB934670)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CD098537-8857-4065-B4B6-AC023CB2C48E}
Security Update for Office 2007 (KB934062)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update pour Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update pour Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Shockwave Player-->MsiExec.exe /X{103906AD-C60E-4E65-BC84-CE980D19CE41}
SYSTRAN-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4C94F105-81D0-4AFC-8F0A-38949DC07F65} /l1036
UltraMixer 2.3.5.1-->"C:\Program Files\UltraMixer\unins000.exe"
Unlocker 1.8.5-->C:\Program Files\Unlocker\uninst.exe
Update for Office 2007 (KB932080)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB933688)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F6E692F1-63C2-4760-94C6-C689DCD053F1}
Update for Office 2007 (KB934391)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {B3091818-7C56-4C45-BE7D-CA23027A5EA5}
Update for Office 2007 (KB934393)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {92FBAD46-E7F6-49FA-89B5-C39FC5BFAD15}
Update for Outlook 2007 (KB933493)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {23F2FF76-ABCD-421D-9860-0D0B2999D028}
Update for Outlook 2007 Junk Email Filter (KB934655)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {F7185592-E40D-476E-9BC4-38DF96EE176B}
Update for Word 2007 (KB934173)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C6A89125-5473-45E3-B413-ED8186437475}
Visual Fortran 6.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Microsoft Visual Studio\DF98\DFUNINST.ISU"
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WeFi 3.3.6.5-->C:\Program Files\WeFi\uninst.exe
Winamp AudioPlayer-->MsiExec.exe /I{6F7A8810-465E-4E2C-AD5C-986046016CD1}
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
WinHTTrack Website Copier 3.40-2-->"C:\Program Files\WinHTTrack\unins000.exe"
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Securitycenter WMI appears to be broken

System event log

Computer Name: NARJESS
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service FLEXnet Licensing Service.

Record Number: 14212
Source Name: Service Control Manager
Time Written: 20090204094651.000000+060
Event Type: Informations
User: NARJESS\Administrateur

Computer Name: NARJESS
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 14211
Source Name: Service Control Manager
Time Written: 20090204094647.000000+060
Event Type: Informations
User:

Computer Name: NARJESS
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 14210
Source Name: Service Control Manager
Time Written: 20090204094647.000000+060
Event Type: Informations
User: NARJESS\Administrateur

Computer Name: NARJESS
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.

Record Number: 14209
Source Name: Service Control Manager
Time Written: 20090204094647.000000+060
Event Type: Informations
User:

Computer Name: NARJESS
Event Code: 7036
Message: Le service Acquisition d'image Windows (WIA) est entré dans l'état : en cours d'exécution.

Record Number: 14208
Source Name: Service Control Manager
Time Written: 20090204094647.000000+060
Event Type: Informations
User:

Application event log

Computer Name: NARJESS
Event Code: 2002
Message:
Record Number: 3212
Source Name: EAPOL
Time Written: 20090127104048.000000+060
Event Type: Informations
User:

Computer Name: NARJESS
Event Code: 2003
Message:
Record Number: 3211
Source Name: EAPOL
Time Written: 20090127104048.000000+060
Event Type: Informations
User:

Computer Name: NARJESS
Event Code: 1000
Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été chargés.
Les données d'enregistrement contiennent les nouvelles valeurs d'index
assignées à ce service.

Record Number: 3210
Source Name: LoadPerf
Time Written: 20090127065212.000000+060
Event Type: Informations
User:

Computer Name: NARJESS
Event Code: 1001
Message: Les compteurs de performances pour le service WmiApRpl (WmiApRpl) ont été supprimés.
Les données d'enregistrement contiennent les nouvelles valeurs du dernier compteur système
et les dernières entrées du registre d'aide.

Record Number: 3209
Source Name: LoadPerf
Time Written: 20090127065212.000000+060
Event Type: Informations
User:

Computer Name: NARJESS
Event Code: 1
Message:
Record Number: 3208
Source Name: MBAMService
Time Written: 20090127064838.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\ABAQUS\Commands;C:\Program Files\Samsung\Samsung PC Studio 3
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

rapport log

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-03-02 14:47:59
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 9 GB (9%) free of 108 GB
Total RAM: 1014 MB (25% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\PCConfidential.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-22 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
MyPlayCity Toolbar - C:\Program Files\MyPlayCity\tbMyP0.dll [2008-08-05 1610264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 501400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
Mininova-Vuze Toolbar - C:\Program Files\Mininova-Vuze\tbMin0.dll [2008-09-15 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A1691B-D188-4419-AD02-90002030B8EE}]
FlashFXP Helper for Internet Explorer - C:\PROGRA~1\FlashFXP\IEFlash.dll [2006-03-31 191096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{95daa571-4def-4a6d-97d8-98a346672a24} - SYSTRAN Toolbar - C:\WINDOWS\system32\mscoree.dll [2005-09-23 270848]
{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - MyPlayCity Toolbar - C:\Program Files\MyPlayCity\tbMyP0.dll [2008-08-05 1610264]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{d51d388b-f5dc-471a-a1ce-5e2d671091c0} - Mininova-Vuze Toolbar - C:\Program Files\Mininova-Vuze\tbMin0.dll [2008-09-15 1784856]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-06-13 16377344]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2006-09-07 15872]
"DAEMON Tools"=C:\Program Files\DAEMON Tools\daemon.exe [2007-04-03 165784]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2006-12-06 69216]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2006-12-05 54832]
"CopernicPerUserTaskMgr"=C:\WINDOWS\system32\CopernicPerUserTaskMgr.exe [2002-02-01 69632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"hpWirelessAssistant"=C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-03 458752]
"ISUSPM"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [2006-03-20 213936]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-04 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"HiYo"=C:\Program Files\HiYo\bin\HiYo.exe [2008-10-23 300336]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2008-11-22 185872]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]
""= []
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-03-17 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-03-17 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-03-17 131072]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712]
"BtTray"=C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2008-04-16 229888]
"Omnipage"=C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [2002-06-03 49152]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe [2007-08-23 455968]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2008-11-05 4347120]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"msnmsgr"=C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]
"wefi"=C:\Program Files\WeFi\WeFi.exe [2008-12-01 427008]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2008-12-25 342848]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe []
"cdoosoft"=C:\WINDOWS\system32\olhrwef.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2008-10-05 235936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-03-17 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-06-26 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"ForceClassicControlPanel"=1
"ForceStartMenuLogoff"=0
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoInstrumentation"=1
"NoStartMenuMFUprogramsList"=1
"NoDriveAutoRun"=FFFFFFFF
"StartMenuLogOff"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\BitDownload\BitDownload.exe"="C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\Administrateur\Bureau\utorrent.exe"="C:\Documents and Settings\Administrateur\Bureau\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\FlashFXP\FlashFXP.exe"="C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0223cdf2-b258-11dd-8074-001b24b367e2}]
shell\AutoRun\command - F:\2fiji.com
shell\explore\command - F:\2fiji.com
shell\open\command - F:\2fiji.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06e1a1d7-b24f-11dd-8073-001b24b367e2}]
shell\AutoRun\command - wscript.exe .\.vbs
shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e3829d0-f112-11dd-818a-001a6bf6ffff}]
shell\AutoRun\command - wscript.exe .\.vbs
shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10f3a3fb-a99e-11dd-8040-001b24b367e2}]
shell\AutoRun\command - F:\iq.bat
shell\open\command - F:\iq.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{132cc440-b6d8-11dd-808d-001b24b367e2}]
shell\AutoRun\command - zPharaoh.exe
shell\explore\command - zPharaoh.exe
shell\open\command - zPharaoh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{132cc442-b6d8-11dd-808d-001b24b367e2}]
shell\AutoRun\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe
shell\open\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c13d93d-c1e4-11dd-80c2-001b24b367e2}]
shell\??\command - H:\taipingtianguov1.1.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL taipingtianguov1.1.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42fce8d0-f37f-11dd-819b-001a6bf6ffff}]
shell\AutoRun\command - F:\lky.exe
shell\explore\command - F:\lky.exe
shell\open\command - F:\lky.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45c6618b-b712-11dd-8091-001b24b367e2}]
shell\AutoRun\command - F:\u2.cmd
shell\explore\command - F:\u2.cmd
shell\open\command - F:\u2.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{480095a2-b489-11dd-8081-001b24b367e2}]
shell\AutoRun\command - F:\ve.exe
shell\open\command - F:\ve.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5658f1e6-cd02-11dd-80fa-001b24b367e2}]
shell\AutoRun\command - F:\m9ma.exe
shell\explore\command - F:\m9ma.exe
shell\open\command - F:\m9ma.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63dd4384-c214-11dd-80c3-001b24b367e2}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wallpaper.vbs
shell\Explore\command - Wscript \Wallpaper.vbs
shell\Open\command - Wscript \Wallpaper.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63dd4385-c214-11dd-80c3-001b24b367e2}]
shell\AutoRun\command - F:\usdeiect.com
shell\explore\command - F:\usdeiect.com
shell\open\command - F:\usdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3ca432-f1c9-11dd-818f-001a6bf6ffff}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3ca433-f1c9-11dd-818f-001a6bf6ffff}]
shell\AutoRun\command - wscript.exe .\.vbs
shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76b333ed-a982-11dd-803d-001b24b367e2}]
shell\AutoRun\command - wscript.exe .\.vbs
shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a286aa8-b15a-11dd-806a-001b24b367e2}]
shell\AutoRun\command - F:\zPharaoh.exe
shell\explore\command - F:\zPharaoh.exe
shell\open\command - F:\zPharaoh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bc5e32d-ed23-11dd-817a-00030d000001}]
shell\AutoRun\command - F:\ve.exe
shell\open\command - F:\ve.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d7ae7f2-b192-11dd-806d-001b24b367e2}]
shell\AutoRun\command - T:\usdeiect.com
shell\explore\command - T:\usdeiect.com
shell\open\command - T:\usdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d7ae7f6-b192-11dd-806d-001b24b367e2}]
shell\AutoRun\command - M:\usdeiect.com
shell\explore\command - M:\usdeiect.com
shell\open\command - M:\usdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d7ae7f7-b192-11dd-806d-001b24b367e2}]
shell\AutoRun\command - O:\zPharaoh.exe
shell\explore\command - O:\zPharaoh.exe
shell\open\command - O:\zPharaoh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d7ae7f8-b192-11dd-806d-001b24b367e2}]
shell\AutoRun\command - Q:\usdeiect.com
shell\explore\command - Q:\usdeiect.com
shell\open\command - Q:\usdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca17cf1-b6f1-11dd-808e-001b24b367e2}]
shell\AutoRun\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ine32.exe
shell\open\command - RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ine32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cabbc5d-cdbc-11dd-80fe-001b24b367e2}]
shell\AutoRun\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe
shell\open\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cabbc5f-cdbc-11dd-80fe-001b24b367e2}]
shell\AutoRun\command - wscript.exe antinul.vbe
shell\open\command - wscript.exe antinul.vbe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9947001a-f35a-11dd-8199-001a6bf6ffff}]
shell\AutoRun\command - F:\2u.com
shell\explore\command - F:\2u.com
shell\open\command - F:\2u.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8a017f8-04a2-11de-81b9-001a6bf6ffff}]
shell\AutoRun\command - F:\i6g6x.cmd
shell\open\command - F:\i6g6x.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bad4755c-a691-11dd-8028-001b24b367e2}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MALEKENAU.jpg.wsf

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bad4755d-a691-11dd-8028-001b24b367e2}]
shell\AutoRun\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe
shell\open\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bad4755e-a691-11dd-8028-001b24b367e2}]
shell\AutoRun\command - wscript.exe .\.vbs
shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bad47561-a691-11dd-8028-001b24b367e2}]
shell\AutoRun\command - F:\usdeiect.com
shell\explore\command - F:\usdeiect.com
shell\open\command - F:\usdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c63dc2ef-c758-11dd-80db-001b24b367e2}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ine32.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ine32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c63dc2f2-c758-11dd-80db-001b24b367e2}]
shell\AutoRun\command - 2fiji.com
shell\explore\command - 2fiji.com
shell\open\command - 2fiji.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6634acd-ccd8-11dd-80f8-001b24b367e2}]
shell\AutoRun\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe
shell\open\command - F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6634acf-ccd8-11dd-80f8-001b24b367e2}]
shell\AutoRun\command - F:\zPharaoh.exe
shell\explore\command - F:\zPharaoh.exe
shell\open\command - F:\zPharaoh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8b04100-eec6-11dd-817f-001a6bf6ffff}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wallpaper.vbs
shell\Explore\command - Wscript \Wallpaper.vbs
shell\Open\command - Wscript \Wallpaper.vbs

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-03-02 14:48:00 ----D---- C:\Program Files\trend micro
2009-03-02 14:47:59 ----D---- C:\rsit
2009-03-02 12:45:16 ----D---- C:\Program Files\Prevx
2009-03-02 12:37:52 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2009-03-02 11:01:45 ----D---- C:\WINDOWS\ERDNT
2009-03-02 11:01:43 ----D---- C:\Qoobox
2009-02-27 21:08:56 ----D---- C:\Documents and Settings\Administrateur\Application Data\ArcSoft
2009-02-27 21:01:02 ----D---- C:\Documents and Settings\Administrateur\Application Data\ScanSoft
2009-02-27 21:01:01 ----D---- C:\Documents and Settings\All Users\Application Data\SSScanWizard
2009-02-27 21:01:01 ----D---- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2009-02-27 21:00:59 ----A---- C:\WINDOWS\MAXLINK.INI
2009-02-27 21:00:55 ----D---- C:\Program Files\Fichiers communs\ScanSoft Shared
2009-02-27 21:00:40 ----D---- C:\Program Files\ScanSoft
2009-02-27 20:58:09 ----A---- C:\WINDOWS\system32\TWAIN_32.DLL
2009-02-27 20:58:01 ----D---- C:\Program Files\ArcSoft
2009-02-27 20:55:35 ----A---- C:\WINDOWS\system32\UCS32P.DLL
2009-02-27 20:55:35 ----A---- C:\WINDOWS\system32\CNQU70.DLL
2009-02-27 20:55:34 ----HD---- C:\CanoScan
2009-02-27 20:55:34 ----A---- C:\WINDOWS\system32\N067UFW.DLL
2009-02-26 20:50:11 ----D---- C:\Program Files\Business-in-a-Box
2009-02-07 20:51:24 ----D---- C:\Documents and Settings\Administrateur\Application Data\LimeWire
2009-02-05 13:39:19 ----HD---- C:\WINDOWS\PIF

======List of files/folders modified in the last 1 months======

2009-03-02 14:48:00 ----D---- C:\Program Files
2009-03-02 14:40:28 ----D---- C:\Documents and Settings\Administrateur\Application Data\DNA
2009-03-02 14:22:45 ----D---- C:\WINDOWS\Temp
2009-03-02 14:20:23 ----D---- C:\WINDOWS\system32
2009-03-02 13:29:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-02 13:29:11 ----D---- C:\WINDOWS\system32\drivers
2009-03-02 13:22:58 ----D---- C:\Program Files\Mozilla Firefox
2009-03-02 12:42:45 ----D---- C:\WINDOWS\Prefetch
2009-03-02 12:39:38 ----D---- C:\WINDOWS\system32\Restore
2009-03-02 12:37:49 ----A---- C:\WINDOWS\wininit.ini
2009-03-02 11:07:15 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-02 11:03:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-02 11:02:35 ----D---- C:\WINDOWS
2009-03-02 11:00:07 ----D---- C:\Program Files\WeFi
2009-03-02 11:00:06 ----D---- C:\Program Files\DNA
2009-03-02 10:59:05 ----A---- C:\WINDOWS\system32\LOCALSERVICE.INI
2009-03-02 10:59:03 ----A---- C:\WINDOWS\system32\bscs.ini
2009-03-01 09:31:58 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-28 14:42:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-28 14:39:03 ----A---- C:\WINDOWS\win.ini
2009-02-27 21:34:05 ----SHD---- C:\WINDOWS\Installer
2009-02-27 21:07:22 ----A---- C:\WINDOWS\system32\LOCALDEVICE.INI
2009-02-27 21:03:26 ----D---- C:\WINDOWS\twain_32
2009-02-27 21:03:20 ----HD---- C:\WINDOWS\inf
2009-02-27 21:00:55 ----D---- C:\Program Files\Fichiers communs
2009-02-27 21:00:38 ----D---- C:\WINDOWS\LastGood
2009-02-27 11:34:11 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-02-26 19:54:14 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-09 23:17:25 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-02-09 22:35:13 ----D---- C:\Program Files\LimeWire
2009-02-07 07:59:06 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-02-06 12:33:20 ----D---- C:\Temp
2009-02-05 22:11:35 ----A---- C:\WINDOWS\system32\aswBoot.exe
2009-02-05 13:15:15 ----A---- C:\WINDOWS\system32\SHORTCUT.INI
2009-02-05 13:15:15 ----A---- C:\WINDOWS\system32\REMOTEDEVICE.INI
2009-02-05 10:48:51 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-02-04 22:24:19 ----D---- C:\WINDOWS\security
2009-02-04 12:40:27 ----A---- C:\WINDOWS\RRW.INI
2009-02-03 08:58:16 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-06-26 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2008-01-21 14600]
R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-04 14080]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-02-26 138752]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2002-09-07 9600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-03-17 5955872]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-06-14 4429312]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-01-21 26248]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-06-26 12288]
R3 NETw4x32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-04-30 2206976]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2007-06-26 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2008-10-28 10368]
R3 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-11-01 51584]
R3 rismxdp;Ricoh xD-Picture Card Driver; C:\WINDOWS\system32\DRIVERS\rixdptsk.sys [2005-11-01 308992]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-05-31 96896]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-04 67584]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-04 78464]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2008-01-21 29960]
S3 avfhjnxr;avfhjnxr; C:\WINDOWS\system32\drivers\avfhjnxr.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2008-03-06 38920]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 tapvpn;TAP VPN Adapter; C:\WINDOWS\system32\DRIVERS\tapvpn.sys [2008-01-23 27136]
S3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2007-06-26 12416]
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\DRIVERS\UIUSYS.SYS []
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2008-01-21 14856]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2007-06-26 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2007-06-26 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2008-04-16 768000]
R2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2009-03-02 4150840]
R2 FLEXlm Service 1;FLEXlm Service 1; C:\ABAQUS\License\lmgrd.exe [2003-07-08 659456]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2007-08-23 79136]
R2 Texis Monitor;Texis Monitor; C:\ABAQUS\Documentation\monitor.exe [2003-04-29 4210688]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2008-04-16 69735]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-01 654848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 Boonty Games;Boonty Games; C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2008-11-18 69120]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 JMP License Service;JMP License Service; C:\Program Files\Fichiers communs\SAS Institute Inc Shared\Service\JMPLicSvc.exe [2008-11-12 69632]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

-----------------EOF-----------------

Répondre à narjessch

narjessch, le 3 mar 2009 à 09:51:05

Bonjour;
jlpjlp, si tu es là, peut tu voir de près les rapports RSIT que je viens de publier.
Merci.

Répondre à narjessch

jlpjlp, le 3 mar 2009 à 09:59:56

Ton infection transite par les supports externes (clés usb...) alors branche tout

puis

Pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

_________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
c:\i6g6x.cmd
c:\windows\system32\nmdfgds0.dll
c:\windows\temp\sig3.tmp
c:\windows\temp\sig2d.tmp
c:\windows\system32\nmdfgds1.dll
C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
C:\WINDOWS\system32\olhrwef.exe
H:\taipingtianguov1.1.exe
F:\lky.exe
F:\u2.cmd
M:\usdeiect.com
F:\2u.com
F:\i6g6x.cmd
F:\usdeiect.com
F:\RECYCLER
F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ine32.exe
F:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe
F:\zPharaoh.exe
O:\zPharaoh.exe
Q:\usdeiect.com
F:\ve.exe
T:\usdeiect.com
F:\ve.exe
F:\m9ma.exe
F:\iq.bat
F:\2fiji.com
Registry::[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Email Plugin"=-
"cdoosoft"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0223cdf2-b258-11dd-8074-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06e1a1d7-b24f-11dd-8073-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0e3829d0-f112-11dd-818a-001a6bf6ffff}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10f3a3fb-a99e-11dd-8040-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{132cc440-b6d8-11dd-808d-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{132cc442-b6d8-11dd-808d-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c13d93d-c1e4-11dd-80c2-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{42fce8d0-f37f-11dd-819b-001a6bf6ffff}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45c6618b-b712-11dd-8091-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{480095a2-b489-11dd-8081-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5658f1e6-cd02-11dd-80fa-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63dd4384-c214-11dd-80c3-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63dd4385-c214-11dd-80c3-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3ca433-f1c9-11dd-818f-001a6bf6ffff}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{76b333ed-a982-11dd-803d-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a286aa8-b15a-11dd-806a-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7bc5e32d-ed23-11dd-817a-00030d000001}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d7ae7f2-b192-11dd-806d-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d7ae7f6-b192-11dd-806d-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d7ae7f7-b192-11dd-806d-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d7ae7f8-b192-11dd-806d-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ca17cf1-b6f1-11dd-808e-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cabbc5d-cdbc-11dd-80fe-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cabbc5f-cdbc-11dd-80fe-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9947001a-f35a-11dd-8199-001a6bf6ffff}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b8a017f8-04a2-11de-81b9-001a6bf6ffff}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bad4755c-a691-11dd-8028-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bad4755d-a691-11dd-8028-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bad4755e-a691-11dd-8028-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bad47561-a691-11dd-8028-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c63dc2ef-c758-11dd-80db-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c63dc2f2-c758-11dd-80db-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6634acd-ccd8-11dd-80f8-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6634acf-ccd8-11dd-80f8-001b24b367e2}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f8b04100-eec6-11dd-817f-001a6bf6ffff}]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

_____________________

# Téléchargez ce tool de sUBs : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
# Double-cliquez dessus et laissez-vous guider.

_____________________

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

http://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

____________________________

Répondre à jlpjlp

narjessch, le 3 mar 2009 à 11:42:29

Apres execution des insstructions; voici le rapport combofix

ComboFix 09-03-01.01 - Administrateur 2009-03-03 11:36:24.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1014.439 [GMT 1:00]
Lancé depuis: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\i6g6x.cmd
c:\progra~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
c:\windows\temp\sig2d.tmp
c:\windows\temp\sig3.tmp
F:\2fiji.com
F:\2u.com
F:\i6g6x.cmd
F:\iq.bat
F:\lky.exe
F:\m9ma.exe
F:\RECYCLER
f:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\ine32.exe
f:\recycler\S-1-6-21-2434476501-1644491937-600003330-1213\USB-Helper.exe
F:\u2.cmd
F:\usdeiect.com
F:\ve.exe
F:\zPharaoh.exe
H:\taipingtianguov1.1.exe
M:\usdeiect.com
O:\zPharaoh.exe
Q:\usdeiect.com
T:\usdeiect.com
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
.

2009-03-02 14:48 . 2009-03-02 14:48 <REP> d-------- c:\program files\trend micro
2009-03-02 12:45 . 2009-03-02 12:45 <REP> d-------- c:\program files\Prevx
2009-03-02 12:45 . 2009-03-02 12:45 22,536 --a------ c:\windows\system32\drivers\pxscan.sys
2009-03-02 12:37 . 2009-03-02 13:42 <REP> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-02-27 21:13 . 2009-02-27 21:13 54,156 --ah----- c:\windows\QTFont.qfn
2009-02-27 21:13 . 2009-02-27 21:13 1,409 --a------ c:\windows\QTFont.for
2009-02-27 21:08 . 2009-02-27 21:11 <REP> d-------- c:\documents and settings\Administrateur\Application Data\ArcSoft
2009-02-27 21:03 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-02-27 21:01 . 2009-02-27 21:01 <REP> d-------- c:\documents and settings\All Users\Application Data\SSScanWizard
2009-02-27 21:01 . 2009-02-28 14:39 <REP> d-------- c:\documents and settings\All Users\Application Data\SSScanAppDataDir
2009-02-27 21:01 . 2009-02-27 21:01 <REP> d-------- c:\documents and settings\Administrateur\Application Data\ScanSoft
2009-02-27 21:00 . 2009-02-27 21:00 <REP> d-------- c:\program files\ScanSoft
2009-02-27 21:00 . 2009-02-27 21:01 <REP> d-------- c:\program files\Fichiers communs\ScanSoft Shared
2009-02-27 21:00 . 2009-02-27 21:00 525 --a------ c:\windows\MAXLINK.INI
2009-02-27 20:58 . 2009-02-28 14:40 <REP> d-------- c:\program files\ArcSoft
2009-02-27 20:58 . 1996-07-01 00:00 77,312 --a------ c:\windows\system32\TWAIN_32.DLL
2009-02-27 20:55 . 2009-02-27 20:55 <REP> d--h----- C:\CanoScan
2009-02-27 20:55 . 2002-05-24 03:04 389,180 --a------ c:\windows\system32\UCS32P.DLL
2009-02-27 20:55 . 2002-04-12 20:17 339,968 --a------ c:\windows\system32\N067UFW.DLL
2009-02-27 20:55 . 2002-09-27 14:56 69,632 --a------ c:\windows\system32\CNQU70.DLL
2009-02-26 20:50 . 2009-02-26 20:50 <REP> d-------- c:\program files\Business-in-a-Box
2009-02-07 20:51 . 2009-02-09 22:39 <REP> d-------- c:\documents and settings\Administrateur\Application Data\LimeWire
2009-02-05 13:39 . 2009-02-05 13:39 <REP> d--h----- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 10:33 --------- d-----w c:\documents and settings\Administrateur\Application Data\DNA
2009-03-03 10:32 --------- d-----w c:\program files\WeFi
2009-03-03 08:03 --------- d-----w c:\program files\DNA
2009-03-02 14:15 --------- d-----w c:\program files\MSN Messenger
2009-03-02 12:29 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-01 08:31 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-02-09 21:35 --------- d-----w c:\program files\LimeWire
2009-02-07 06:59 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-01 19:53 --------- d-----w c:\program files\Hotspot_Shield
2009-02-01 18:48 --------- d-----w c:\program files\Camfrog
2009-01-29 10:19 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk
2009-01-29 09:01 --------- d-----w c:\documents and settings\Administrateur\Application Data\Autodesk
2009-01-28 09:30 --------- d-----w c:\program files\IVT Corporation
2009-01-26 16:00 --------- d-----w c:\program files\ma-config.com
2009-01-26 16:00 --------- d-----w c:\documents and settings\All Users\Application Data\ma-config.com
2009-01-25 23:27 --------- d-----w c:\program files\Micro Application
2009-01-22 21:25 --------- d-----w c:\program files\UltraMixer
2009-01-22 20:35 --------- d-----w c:\program files\DJ Mix Lite
2009-01-22 20:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-22 20:18 --------- d-----w c:\program files\Mightsoft
2009-01-22 09:25 --------- d-----w c:\program files\Microcal
2009-01-17 18:55 --------- d-----w c:\documents and settings\Administrateur\Application Data\TransRender
2009-01-17 18:55 --------- d-----w c:\documents and settings\Administrateur\Application Data\Temporary
2009-01-17 18:55 --------- d-----w c:\documents and settings\Administrateur\Application Data\Samsung
2009-01-17 18:55 --------- d-----w c:\documents and settings\Administrateur\Application Data\ConvertTemp
2009-01-17 18:52 --------- d-----w c:\program files\Samsung
2009-01-15 23:14 --------- d-----w c:\program files\Vuze
2009-01-15 23:13 --------- d-----w c:\documents and settings\Administrateur\Application Data\Azureus
2009-01-11 00:57 --------- d-----w c:\program files\Playboy - The Mansion
2009-01-10 19:03 --------- d-----w c:\documents and settings\All Users\Application Data\34203
2009-01-10 18:57 --------- d-----w c:\documents and settings\All Users\Application Data\2CC1
2009-01-09 22:07 --------- d-----w c:\documents and settings\Administrateur\Application Data\uTorrent
2009-01-09 22:07 --------- d-----w c:\documents and settings\Administrateur\Application Data\BitTorrent
2009-01-09 19:01 --------- d-----w c:\documents and settings\All Users\Application Data\27271
2009-01-08 19:50 11,973 ----a-w c:\windows\system32\drivers\SECDRV.SYS
2009-01-08 19:37 --------- d-----w c:\documents and settings\All Users\Application Data\C2BF
2009-01-08 19:36 --------- d-----w c:\program files\Ubisoft
2009-01-08 19:20 --------- d-----w c:\documents and settings\All Users\Application Data\220
2009-01-06 18:58 --------- d-----w c:\documents and settings\All Users\Application Data\37186
2008-12-27 22:27 132 ----a-w C:\Delapp.bat
2008-12-04 08:31 53,248 ----a-w c:\windows\system32\CSVer.dll
.

------- Sigcheck -------

2007-06-26 21:18 360576 c7be59b07c6eb74bea6fd67c1b164015 c:\windows\system32\drivers\tcpip.sys

2004-08-04 05:54 1227264 e28d16a8d63eca6246921fdf7cbde42a c:\windows\explorer.exe
2004-08-04 05:54 1227264 e28d16a8d63eca6246921fdf7cbde42a c:\windows\icon_TMP\explorer.exe
2004-08-04 05:54 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\system_backup\explorer.exe

2007-06-14 15:31 80216 c7bcea1533be5c9e15884d6c39b667f1 c:\windows\icon_TMP\wuauclt.exe
2007-06-14 15:31 80216 c7bcea1533be5c9e15884d6c39b667f1 c:\windows\system32\wuauclt.exe
2007-06-14 15:31 53080 3a83a45e7dd5276315aa20245e7c32bf c:\windows\system_backup\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-03-02_15.56.36.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-04 04:52:58 3,584 ----a-w c:\windows\system32\dllcache\dpnaddr.dll
- 2009-03-02 10:03:11 64,894 ----a-w c:\windows\system32\perfc009.dat
+ 2009-03-03 08:07:51 65,794 ----a-w c:\windows\system32\perfc009.dat
- 2009-03-02 10:03:11 78,832 ----a-w c:\windows\system32\perfc00C.dat
+ 2009-03-03 08:07:51 80,004 ----a-w c:\windows\system32\perfc00C.dat
- 2009-03-02 10:03:11 405,204 ----a-w c:\windows\system32\perfh009.dat
+ 2009-03-03 08:07:51 406,488 ----a-w c:\windows\system32\perfh009.dat
- 2009-03-02 10:03:11 474,370 ----a-w c:\windows\system32\perfh00C.dat
+ 2009-03-03 08:07:51 476,438 ----a-w c:\windows\system32\perfh00C.dat
+ 2009-03-03 08:03:00 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7ec.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP0.dll" [2008-08-05 1610264]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\tbMin0.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2008-08-05 02:13 1610264 --a------ c:\program files\MyPlayCity\tbMyP0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]
2008-09-15 06:47 1784856 --a------ c:\program files\Mininova-Vuze\tbMin0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP0.dll" [2008-08-05 1610264]
"{d51d388b-f5dc-471a-a1ce-5e2d671091c0}"= "c:\program files\Mininova-Vuze\tbMin0.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP0.dll" [2008-08-05 1610264]
"{D51D388B-F5DC-471A-A1CE-5E2D671091C0}"= "c:\program files\Mininova-Vuze\tbMin0.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CLASSES_ROOT\clsid\{d51d388b-f5dc-471a-a1ce-5e2d671091c0}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"wefi"="c:\program files\WeFi\WeFi.exe" [2008-12-01 427008]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-25 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2006-09-07 15872]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 69216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"CopernicPerUserTaskMgr"="c:\windows\system32\CopernicPerUserTaskMgr.exe" [2002-02-01 69632]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 458752]
"ISUSPM"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"HiYo"="c:\program files\HiYo\bin\HiYo.exe" [2008-10-23 300336]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-11-22 185872]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-17 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-17 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-17 131072]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2008-04-16 229888]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-06-26 c:\windows\system32\advpack.dll]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.FFDS"= ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleilCS.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-01-21 21512]
R0 iastor75;iastor75;c:\windows\system32\drivers\iastor75.sys [2007-06-26 304920]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2009-03-02 22536]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-01 114768]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\[u]0/u00.fcl [2008-10-28 16:53:52 13560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-01 20560]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [2009-03-02 4150840]
R2 FLEXlm Service 1;FLEXlm Service 1;c:\abaqus\License\lmgrd.exe [2008-11-01 659456]
R2 Texis Monitor;Texis Monitor;c:\abaqus\Documentation\monitor.exe [2008-11-01 4210688]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-01-21 26248]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2009-01-24 216232]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3ca432-f1c9-11dd-818f-001a6bf6ffff}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-03-03 c:\windows\Tasks\PCConfidential.job
- c:\program files\Winferno\PC Confidential\PCConfidential.exe []
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uInternet Settings,ProxyServer = 127.0.0.1:9666
IE: &Search
IE: Ajouter au fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Consulter les dictionnaires (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/lookup.js
IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Traduire (SYSTRAN) - c:\program files\SYSTRAN\6\\GUIres.dll/translate.js
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\mteietq8.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava11.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava12.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJava32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJPI141.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 11:37:39
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\[u]0/u00.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\Administrator\Software\SecuROM\License information*]
"datasecu"=hex:c5,44,28,ec,d3,e6,2f,25,61,f1,52,0a,87,b6,7e,29,3e,de,92,b7,39,
5f,ed,d1,23,b7,e1,8c,11,05,44,5b,60,9f,56,de,a4,33,7c,c7,2c,ae,43,23,b4,bd,\
"rkeysecu"=hex:a4,6d,a7,ab,3a,a9,37,70,ca,99,c8,da,70,37,7a,5d

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{29D83109-D499-A3EF-54ABD4209B2D5F0C}\{354D4B2F-7299-D6B0-F9DE68C9556AEC8D}\{1096A586-413B-60D3-8347C002DC18071C}*]
"N3ON3SCQTOHKQM23SBHY163HKH1"=hex:01,00,01,00,00,00,00,00,fa,de,c6,7c,16,d0,d3,
6d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{484F515E-F5F4-CAE2-00797FFBC1B1DB0A}\{B5BB857C-6143-5E3C-4B14653578135B7A}\{14E971F7-0C0F-F2F4-35B0BAA5D2098273}*]
"N3ON3SCQTOHKQM23SBHY163HKH1"=hex:01,00,01,00,00,00,00,00,fa,de,c6,7c,16,d0,d3,
6d,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
Heure de fin: 2009-03-03 11:39:13
ComboFix-quarantined-files.txt 2009-03-03 10:38:50

Avant-CF: 10 424 537 088 octets libres
Après-CF: 10,413,817,856 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

313

Répondre à narjessch

jlpjlp, le 3 mar 2009 à 12:09:26

Utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
http://www.malekal.com/tutorial_CCleaner.php
http://www.01net.com/...
-----------------------

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://www.pandasoftware.fr/Activescan/Activescan.html

Kaspersky en ligne
http://webscanner.kaspersky.fr/

Répondre à jlpjlp

narjessch, le 3 mar 2009 à 12:18:25

Hijackthis me donne la possibilité de supprimer les élements . lesquels devrais-je supprimer?

Répondre à narjessch

26 réponses 12 Suivant

Posez votre question Répondre