High-Tech Santé Médecine Droit-Finances

Bien choisir

son appareil photo

Rechercher : dans
Par :

H:\WINDOWS\SYSTEM32\nmdfgds0.dll

Dernière réponse le 27 aoû 2009 à 22:18:53 Taffy, le 17 jun 2009 à 14:00:37 
 Signaler ce message aux modérateurs

Bonjour à tous,
Voila j'ai deux problème , le premier est le démarrage de mon PC je m'explique lorsque je redémarre mon ordinateur l'écran Windows prend environ 2minutes peut être plus pour disparaitre, puis j'ai un écran noir durant environ 30 second et après un message d'erreur apparait a l'écran de sélection de session; le second vient du fait que je suis infecter par un rootkit "H:\WINDOWS\SYSTEM32\nmdfgds0.dll' que je n'arrive pas a supprimer.

Voila, j'espère avoir été asse compréhensible dans ma description, si quelqu'un pourrais m'aider s'il vous plait car cela dur depuis plus de deux semaine.

Merci d'avance pour votre patience.

Configuration: Windows XP
Firefox 3.0.11

Posez votre question Répondre

1

sKe69, le 17 jun 2009 à 14:03:05

Salut,

fais ceci pour commencer :


1- Télécharge et installe le logiciel HijackThis :

ici http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
ou ici http://www.trendsecure.com/portal/en-US/_download/HJTInstall­.exe
ou ici http://www.clubic.com/lancer-le-telechargement-51452-0-hijac­kthis.html

-->Clique sur le setup pour lancer l'installe : laisse toi guider et ne modifie pas les paramètres d'installation .
A la fin de l'installe , le prg se lance automatiquement : ferme le en cliquant sur la croix rouge .
Au final, tu dois avoir un raccourci sur ton bureau et aussi un cheminement comme :
"C:\ program files\Trend Micro\HijackThis\HijackThis.exe " .

( ne lance pas ce prg pour l'instant et fais la suite ... )



2- Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...


-> laisse faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante ...
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum ...
( Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ... )

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne 
vous l'a pas dit !

   
Répondre à sKe69

2

Taffy, le 17 jun 2009 à 14:34:17

Merci de ton aide, voila le document "log.txt"

Logfile of random's system information tool 1.06 (written by random/random)
Run by TAF at 2009-06-17 08:13:11
Microsoft Windows XP Édition familiale Service Pack 2
System drive H: has 106 GB (44%) free of 238 GB
Total RAM: 2046 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:13:24, on 17/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
H:\WINDOWS\system32\npkcmsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\RTHDCPL.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\SuperCopier2\SuperCopier2.exe
H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Documents and Settings\TAF\Bureau\RSIT.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\Program Files\Trend Micro\HijackThis\TAF.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] H:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdoosoft] H:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_1_2_1.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - H:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - H:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - H:\WINDOWS\System32\TuneUpDefragService.exe
End of file - 6957 bytes

======Scheduled tasks folder======

H:\WINDOWS\tasks\1-Click Maintenance.job
H:\WINDOWS\tasks\Registry Winner Schedule.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - H:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - H:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - H:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast!"=H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"=H:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"MsnMsgr"=H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"uTorrent"=H:\Program Files\uTorrent\uTorrent.exe [2009-02-10 270128]
"ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"cdoosoft"=H:\WINDOWS\system32\olhrwef.exe [2009-06-16 105329]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
H:\WINDOWS\system32\Ati2evxx.dll [2009-03-16 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\Messenger\msmsgs.exe"="H:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"H:\Program Files\uTorrent\uTorrent.exe"="H:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\Hercules\Classic Silver\Station2.exe"="H:\Program Files\Hercules\Classic Silver\Station2.exe:*:Enabled:Hercules Webcam Station Evolution"
"H:\Program Files\FlashGet\flashget.exe"="H:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"H:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2.exe"="H:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2.exe:*:Enabled:Ghost Recon Advanced Warfighter® 2"
"H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe"="H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\Program Files\Windows Live\Messenger\livecall.exe"="H:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"H:\Program Files\ma-config.com\maconfservice.exe"="H:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"H:\Documents and Settings\TAF\Bureau\CabalTemp\ESTSetupLoader.exe"="H:\Documents and Settings\TAF\Bureau\CabalTemp\ESTSetupLoader.exe:*:Enabled:EST! download engine"
"H:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe"="H:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Documents and Settings\TAF\Bureau\Fotos.exe"="H:\Documents and Settings\TAF\Bureau\Fotos.exe:*:Enabled:Session Win32"
"H:\Program Files\Microsoft Studio Files\lsass.exe"="H:\Program Files\Microsoft Studio Files\lsass.exe:*:Enabled:Session Win32"
"H:\Program Files\skmw\gwdwin.exe"="H:\Program Files\skmw\gwdwin.exe:*:Enabled:Session Win32"
"H:\Program Files\skmw\irc.exe"="H:\Program Files\skmw\irc.exe:*:Enabled:WinIRC"
"H:\Program Files\dwimn\mwstwn.exe"="H:\Program Files\dwimn\mwstwn.exe:*:Enabled:Session Win32"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe"="H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\Program Files\Windows Live\Messenger\livecall.exe"="H:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - 1utbfd.bat
shell\open\command - 1utbfd.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{044814bb-33fa-11dd-a5ff-001d92006b5e}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04bb76e2-33e4-11dd-823b-806d6172696f}]
shell\AutoRun\command - H:\gpcdt.cmd
shell\open\command - H:\gpcdt.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0786dce1-43b3-11dd-a634-001d92006b5e}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08ba0621-91b5-11dd-a6d2-001d92006b5e}]
shell\AutoRun\command - 1ogf.exe
shell\open\command - 1ogf.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08ba0622-91b5-11dd-a6d2-001d92006b5e}]
shell\AutoRun\command - 1ogf.exe
shell\open\command - 1ogf.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22306c24-3405-11dd-a601-001d92006b5e}]
shell\AutoRun\command - oq.cmd
shell\explore\command - oq.cmd
shell\open\command - oq.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22306c25-3405-11dd-a601-001d92006b5e}]
shell\AutoRun\command - oq.cmd
shell\explore\command - oq.cmd
shell\open\command - oq.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24e53324-4461-11dd-a636-001d92006b5e}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5027e682-e686-11dd-a748-001d92006b5e}]
shell\AutoRun\command - M:\gpcdt.cmd
shell\open\command - M:\gpcdt.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e9fb86e-3804-11dd-a615-001d92006b5e}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77759692-3620-11dd-a60c-001d92006b5e}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a732dfa-a060-11dd-a6f3-001d92006b5e}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d472c7e-421f-11dd-a62e-001d92006b5e}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91cf22b0-4052-11dd-a629-001d92006b5e}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0be3cc4-34b4-11dd-a604-001d92006b5e}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aedf47ea-1899-11de-a7a0-001d92006b5e}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4d8eae7-af63-11dd-a704-001d92006b5e}]
shell\AutoRun\command - K:\sv8c2bjw.bat
shell\open\command - K:\sv8c2bjw.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9d04799-2129-11de-a7a4-001d92006b5e}]
shell\AutoRun\command - J:\sv8c2bjw.bat
shell\open\command - J:\sv8c2bjw.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3ad0fca-47b3-11dd-a645-001d92006b5e}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs


======List of files/folders created in the last 2 months======

2009-06-17 08:13:11 ----D---- H:\rsit
2009-06-17 07:22:51 ----RSH---- H:\WINDOWS\system32\nmdfgds0.dll
2009-06-16 21:54:44 ----HDC---- H:\WINDOWS\$NtUninstallKB932823-v3$
2009-06-16 21:54:24 ----A---- H:\WINDOWS\system32\SETB.tmp
2009-06-16 21:48:47 ----RSH---- H:\gpcdt.cmd
2009-06-15 20:23:35 ----D---- H:\Documents and Settings\TAF\Application Data\TeraCopy
2009-06-15 20:23:32 ----D---- H:\Program Files\TeraCopy
2009-06-15 11:49:29 ----A---- H:\WINDOWS\system32\npkcmsvc.exe
2009-06-15 10:54:53 ----RSH---- H:\WINDOWS\system32\nmdfgds1.dll
2009-06-15 07:55:39 ----RSH---- H:\fsaht.cmd
2009-06-15 07:55:11 ----RSH---- H:\WINDOWS\system32\olhrwef.exe
2009-06-15 06:56:51 ----D---- H:\Program Files\Games-Masters.com
2009-06-14 15:09:13 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2009-06-14 11:50:01 ----RSH---- H:\sv8c2bjw.bat
2009-06-14 11:49:00 ----RSH---- H:\xdglur.bat
2009-06-11 17:59:31 ----HDC---- H:\WINDOWS\$NtUninstallKB961501$
2009-06-11 17:59:23 ----HDC---- H:\WINDOWS\$NtUninstallKB969898$
2009-06-11 17:56:05 ----HDC---- H:\WINDOWS\$NtUninstallKB970238$
2009-06-11 17:54:11 ----HDC---- H:\WINDOWS\$NtUninstallKB968537$
2009-06-07 07:02:25 ----D---- H:\WINDOWS\system32\CatRoot_bak
2009-06-05 13:48:06 ----SHD---- H:\RECYCLER
2009-06-05 13:31:15 ----D---- H:\WINDOWS\system32\Lang
2009-06-05 12:14:39 ----A---- H:\WINDOWS\system32\D3DX9_41.dll
2009-06-05 12:14:39 ----A---- H:\WINDOWS\system32\d3dx10_41.dll
2009-06-05 12:14:39 ----A---- H:\WINDOWS\system32\D3DCompiler_41.dll
2009-06-05 12:14:38 ----A---- H:\WINDOWS\system32\XAudio2_4.dll
2009-06-05 12:14:38 ----A---- H:\WINDOWS\system32\XAPOFX1_3.dll
2009-06-05 12:14:37 ----A---- H:\WINDOWS\system32\xactengine3_4.dll
2009-06-05 12:14:37 ----A---- H:\WINDOWS\system32\X3DAudio1_6.dll
2009-06-05 12:14:36 ----A---- H:\WINDOWS\system32\D3DX9_40.dll
2009-06-05 12:14:36 ----A---- H:\WINDOWS\system32\d3dx10_40.dll
2009-06-05 12:14:36 ----A---- H:\WINDOWS\system32\D3DCompiler_40.dll
2009-06-05 12:14:35 ----A---- H:\WINDOWS\system32\XAudio2_3.dll
2009-06-05 12:14:35 ----A---- H:\WINDOWS\system32\XAPOFX1_2.dll
2009-06-05 12:14:34 ----A---- H:\WINDOWS\system32\xactengine3_3.dll
2009-06-05 12:14:33 ----A---- H:\WINDOWS\system32\X3DAudio1_5.dll
2009-06-05 12:14:32 ----A---- H:\WINDOWS\system32\XAudio2_2.dll
2009-06-05 12:14:32 ----A---- H:\WINDOWS\system32\XAPOFX1_1.dll
2009-06-05 12:14:32 ----A---- H:\WINDOWS\system32\xactengine3_2.dll
2009-06-05 12:14:31 ----A---- H:\WINDOWS\system32\D3DX9_39.dll
2009-06-05 12:14:31 ----A---- H:\WINDOWS\system32\d3dx10_39.dll
2009-06-05 12:14:31 ----A---- H:\WINDOWS\system32\D3DCompiler_39.dll
2009-06-05 12:14:30 ----A---- H:\WINDOWS\system32\XAudio2_1.dll
2009-06-05 12:14:30 ----A---- H:\WINDOWS\system32\XAPOFX1_0.dll
2009-06-05 12:14:29 ----A---- H:\WINDOWS\system32\xactengine3_1.dll
2009-06-05 12:14:29 ----A---- H:\WINDOWS\system32\X3DAudio1_4.dll
2009-06-05 12:14:28 ----A---- H:\WINDOWS\system32\d3dx10_38.dll
2009-06-05 12:14:28 ----A---- H:\WINDOWS\system32\D3DCompiler_38.dll
2009-06-05 12:14:27 ----A---- H:\WINDOWS\system32\D3DX9_38.dll
2009-06-05 11:55:24 ----D---- H:\ATI
2009-05-31 13:27:57 ----N---- H:\WINDOWS\system32\ati2sgag.exe
2009-05-31 13:27:54 ----A---- H:\WINDOWS\system32\atiiiexx.dll
2009-05-31 13:25:29 ----A---- H:\WINDOWS\ATICIM.INI
2009-05-31 13:09:22 ----A---- H:\WINDOWS\system32\ativtmxx.dll
2009-05-31 13:08:37 ----A---- H:\WINDOWS\system32\ati3d1ag.dll
2009-05-31 13:08:32 ----A---- H:\WINDOWS\system32\ati2dvaa.dll
2009-05-31 12:16:42 ----D---- H:\Program Files\Driver Cleaner Pro
2009-05-31 11:59:18 ----D---- H:\Program Files\Defraggler
2009-05-31 11:56:32 ----D---- H:\Documents and Settings\TAF\Application Data\Canon
2009-05-31 11:54:00 ----D---- H:\Program Files\Realtek
2009-05-31 11:53:59 ----D---- H:\WINDOWS\system32\RTCOM
2009-05-30 14:26:44 ----D---- H:\Documents and Settings\All Users\Application Data\ATI
2009-05-30 13:40:02 ----A---- H:\WINDOWS\system32\pgdfgsvc.exe
2009-05-30 13:29:54 ----A---- H:\WINDOWS\system32\TUProgSt.exe
2009-05-30 13:29:52 ----A---- H:\WINDOWS\system32\uxtuneup.dll
2009-05-30 13:29:50 ----A---- H:\WINDOWS\system32\TuneUpDefragService.exe
2009-05-27 18:28:23 ----D---- H:\Program Files\Zuma Deluxe
2009-05-27 15:49:10 ----D---- H:\WINDOWS\LastGood(2)
2009-05-27 13:16:50 ----D---- H:\Program Files\Realtek AC97
2009-05-27 11:39:17 ----D---- H:\Documents and Settings\All Users\Application Data\ATI(2)
2009-05-23 19:37:08 ----D---- H:\Documents and Settings\TAF\Application Data\Windows Live Writer
2009-05-22 18:01:46 ----D---- H:\Program Files\Feneris
2009-05-14 15:29:02 ----A---- H:\WINDOWS\system32\npkpdb.dll
2009-05-07 17:32:02 ----A---- H:\WINDOWS\system32\npkcrypt.dll
2009-05-04 10:37:40 ----A---- H:\WINDOWS\system32\npkSvcUpdate.exe
2009-04-30 19:15:09 ----D---- H:\Program Files\Registry Winner
2009-04-26 07:10:05 ----HDC---- H:\WINDOWS\$NtUninstallKB959426$
2009-04-26 07:09:59 ----HDC---- H:\WINDOWS\$NtUninstallKB961373$
2009-04-26 07:09:14 ----HDC---- H:\WINDOWS\$NtUninstallKB960225$
2009-04-26 07:07:57 ----HDC---- H:\WINDOWS\$NtUninstallKB956572$
2009-04-26 07:07:46 ----HDC---- H:\WINDOWS\$NtUninstallKB952004$
2009-04-26 07:07:41 ----HDC---- H:\WINDOWS\$NtUninstallKB960715$
2009-04-26 07:07:34 ----HDC---- H:\WINDOWS\$NtUninstallKB967715$
2009-04-26 07:07:28 ----HDC---- H:\WINDOWS\$NtUninstallKB958690$
2009-04-26 07:07:23 ----HDC---- H:\WINDOWS\$NtUninstallKB960803$
2009-04-26 07:07:12 ----HDC---- H:\WINDOWS\$NtUninstallKB923561$
2009-04-24 12:02:51 ----HDC---- H:\WINDOWS\$NtUninstallWIC$
2009-04-24 12:00:47 ----D---- H:\Program Files\Windows Live SkyDrive
2009-04-24 11:41:37 ----D---- H:\Program Files\Fichiers communs\Windows Live
2009-04-23 13:03:08 ----D---- H:\Program Files\The Last Remnant
2009-04-23 04:31:41 ----D---- H:\Program Files\Sunbelt Software
2009-04-21 18:32:06 ----A---- H:\WINDOWS\system32\npkupd.exe
2009-04-18 20:00:07 ----D---- H:\Program Files\Trend Micro

======List of files/folders modified in the last 2 months======

2009-06-17 08:13:14 ----D---- H:\WINDOWS\Prefetch
2009-06-17 08:12:18 ----D---- H:\Documents and Settings\TAF\Application Data\uTorrent
2009-06-17 07:30:35 ----D---- H:\Program Files\Mozilla Firefox
2009-06-17 07:30:20 ----D---- H:\WINDOWS\system32\CatRoot2
2009-06-17 07:30:19 ----D---- H:\WINDOWS\Temp
2009-06-17 07:22:51 ----D---- H:\WINDOWS\system32
2009-06-17 07:22:27 ----D---- H:\WINDOWS
2009-06-17 06:25:03 ----HD---- H:\WINDOWS\inf
2009-06-16 21:57:15 ----A---- H:\WINDOWS\SchedLgU.Txt
2009-06-16 21:54:48 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-06-16 21:51:23 ----HD---- H:\WINDOWS\$hf_mig$
2009-06-16 21:29:02 ----D---- H:\WINDOWS\system32\drivers
2009-06-16 21:28:03 ----D---- H:\Program Files\FlashGet
2009-06-15 20:23:32 ----RD---- H:\Program Files
2009-06-15 11:57:07 ----RSD---- H:\WINDOWS\Fonts
2009-06-15 11:49:27 ----SD---- H:\WINDOWS\Downloaded Program Files
2009-06-15 08:05:24 ----D---- H:\WINDOWS\Debug
2009-06-13 20:45:31 ----D---- H:\WINDOWS\system32\CatRoot
2009-06-13 20:29:10 ----D---- H:\WINDOWS\system32\spool
2009-06-11 17:55:34 ----D---- H:\WINDOWS\system32\fr-fr
2009-06-11 17:55:34 ----D---- H:\Program Files\Internet Explorer
2009-06-11 17:55:04 ----D---- H:\WINDOWS\ie7updates
2009-06-11 14:42:46 ----D---- H:\Program Files\a-squared Free
2009-06-11 05:43:20 ----D---- H:\WINDOWS\system32\config
2009-06-11 05:41:48 ----SHD---- H:\WINDOWS\Installer
2009-06-11 05:41:48 ----SHD---- H:\Config.Msi
2009-06-11 05:28:53 ----RSH---- H:\boot.ini
2009-06-05 14:43:47 ----D---- H:\Documents and Settings\TAF\Application Data\Macromedia
2009-06-05 13:25:06 ----D---- H:\Documents and Settings\TAF\Application Data\DNA
2009-06-05 13:25:06 ----D---- H:\Documents and Settings\All Users\Application Data\WLInstaller
2009-06-05 13:19:54 ----D---- H:\WINDOWS\WinSxS
2009-06-05 13:19:54 ----D---- H:\Documents and Settings\TAF\Application Data\Azureus
2009-06-05 13:19:53 ----D---- H:\WINDOWS\system32\oobe
2009-06-05 13:19:53 ----D---- H:\WINDOWS\system32\mui
2009-06-05 13:19:49 ----D---- H:\WINDOWS\security
2009-06-05 13:19:49 ----D---- H:\WINDOWS\Registration
2009-06-05 13:19:44 ----D---- H:\WINDOWS\pchealth
2009-06-05 13:19:42 ----D---- H:\WINDOWS\ime
2009-06-05 13:19:41 ----RSD---- H:\WINDOWS\assembly
2009-06-05 12:50:39 ----D---- H:\WINDOWS\system32\LogFiles
2009-06-05 12:12:45 ----D---- H:\WINDOWS\system32\DirectX
2009-06-01 12:51:12 ----A---- H:\WINDOWS\system32\MRT.exe
2009-05-31 19:41:06 ----D---- H:\Program Files\Dofus
2009-05-31 13:25:47 ----HD---- H:\Program Files\InstallShield Installation Information
2009-05-31 13:25:29 ----D---- H:\Program Files\ATI Technologies
2009-05-31 13:08:52 ----D---- H:\Documents and Settings\TAF\Application Data\ATI
2009-05-31 11:58:45 ----D---- H:\WINDOWS\system32\ReinstallBackups
2009-05-31 11:55:43 ----D---- H:\Program Files\ma-config.com
2009-05-31 11:51:04 ----D---- H:\Documents and Settings\TAF\Application Data\dvdcss
2009-05-31 11:32:06 ----D---- H:\Program Files\TuneUp Utilities 2009
2009-05-31 11:31:31 ----D---- H:\Program Files\DNA
2009-05-31 11:31:29 ----SHD---- H:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-31 11:27:21 ----D---- H:\Program Files\CCleaner
2009-05-30 14:12:05 ----A---- H:\WINDOWS\wininit.ini
2009-05-30 13:29:54 ----SD---- H:\WINDOWS\Tasks
2009-05-30 13:16:44 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI
2009-05-27 16:05:28 ----D---- H:\WINDOWS\system32\wbem
2009-05-27 09:59:21 ----DC---- H:\WINDOWS\system32\DRVSTORE
2009-05-27 08:26:05 ----D---- H:\Documents and Settings\All Users\Application Data\ma-config.com
2009-05-23 23:20:03 ----D---- H:\Documents and Settings\TAF\Application Data\vlc
2009-05-13 06:04:48 ----D---- H:\Documents and Settings\All Users\Application Data\Adobe
2009-05-13 06:04:41 ----D---- H:\Program Files\Fichiers communs\Adobe
2009-05-13 06:04:38 ----D---- H:\Program Files\Adobe
2009-05-07 11:43:40 ----A---- H:\WINDOWS\system32\localspl.dll
2009-05-03 21:15:09 ----D---- H:\Program Files\Messenger Plus! Live
2009-05-02 16:04:17 ----D---- H:\Program Files\Windows Live
2009-04-29 00:45:44 ----A---- H:\WINDOWS\system32\wininet.dll
2009-04-29 00:45:43 ----A---- H:\WINDOWS\system32\webcheck.dll
2009-04-29 00:45:43 ----A---- H:\WINDOWS\system32\urlmon.dll
2009-04-29 00:45:43 ----A---- H:\WINDOWS\system32\url.dll
2009-04-29 00:45:42 ----A---- H:\WINDOWS\system32\pngfilt.dll
2009-04-29 00:45:42 ----A---- H:\WINDOWS\system32\occache.dll
2009-04-29 00:45:42 ----A---- H:\WINDOWS\system32\mstime.dll
2009-04-29 00:45:42 ----A---- H:\WINDOWS\system32\msrating.dll
2009-04-29 00:45:42 ----A---- H:\WINDOWS\system32\mshtmled.dll
2009-04-29 00:45:41 ----A---- H:\WINDOWS\system32\mshtml.dll
2009-04-29 00:45:40 ----A---- H:\WINDOWS\system32\msfeedsbs.dll
2009-04-29 00:45:40 ----A---- H:\WINDOWS\system32\msfeeds.dll
2009-04-29 00:45:39 ----A---- H:\WINDOWS\system32\jsproxy.dll
2009-04-29 00:45:38 ----A---- H:\WINDOWS\system32\iertutil.dll
2009-04-29 00:45:38 ----A---- H:\WINDOWS\system32\iernonce.dll
2009-04-29 00:45:38 ----A---- H:\WINDOWS\system32\ieframe.dll
2009-04-29 00:45:36 ----A---- H:\WINDOWS\system32\ieencode.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\iedkcs32.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\ieapfltr.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\ieaksie.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\ieakeng.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\icardie.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\extmgr.dll
2009-04-29 00:45:34 ----A---- H:\WINDOWS\system32\dxtrans.dll
2009-04-29 00:45:34 ----A---- H:\WINDOWS\system32\dxtmsft.dll
2009-04-29 00:45:34 ----A---- H:\WINDOWS\system32\advpack.dll
2009-04-28 22:17:04 ----A---- H:\WINDOWS\system32\ati2dvag(3).dll
2009-04-28 22:07:02 ----A---- H:\WINDOWS\system32\atipdlxx(3).dll
2009-04-28 22:06:20 ----A---- H:\WINDOWS\system32\ati2edxx(3).dll
2009-04-28 22:06:06 ----A---- H:\WINDOWS\system32\ati2evxx(3).dll
2009-04-28 22:04:44 ----A---- H:\WINDOWS\system32\ati2evxx(3).exe
2009-04-28 21:56:26 ----A---- H:\WINDOWS\system32\ati3duag(3).dll
2009-04-28 21:42:54 ----A---- H:\WINDOWS\system32\ativvaxx(3).dll
2009-04-28 21:22:14 ----A---- H:\WINDOWS\system32\atikvmag(3).dll
2009-04-28 21:17:20 ----A---- H:\WINDOWS\system32\atiok3x2(3).dll
2009-04-28 21:13:10 ----A---- H:\WINDOWS\system32\ati2cqag(3).dll
2009-04-28 05:06:24 ----A---- H:\WINDOWS\system32\ieudinit.exe
2009-04-28 05:06:24 ----A---- H:\WINDOWS\system32\ie4uinit.exe
2009-04-27 21:07:55 ----D---- H:\WINDOWS\Microsoft.NET
2009-04-27 21:04:21 ----SHDC---- H:\Program Files\Fichiers communs\WindowsLiveInstaller
2009-04-27 18:27:35 ----A---- H:\WINDOWS\win.ini
2009-04-27 18:27:35 ----A---- H:\WINDOWS\system.ini
2009-04-26 08:57:32 ----D---- H:\WINDOWS\AppPatch
2009-04-25 01:26:23 ----A---- H:\WINDOWS\system32\ieakui.dll
2009-04-24 12:00:54 ----SD---- H:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-24 12:00:54 ----D---- H:\Program Files\Fichiers communs\Microsoft Shared
2009-04-24 11:41:37 ----D---- H:\Program Files\Fichiers communs
2009-04-24 11:03:38 ----D---- H:\Program Files\SuperCopier2
2009-04-23 13:33:35 ----D---- H:\Program Files\adslTV
2009-04-23 13:26:31 ----D---- H:\Program Files\DivX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; H:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK8;AMD Processor Driver; H:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; H:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; H:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; H:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R2 aswFsBlk;aswFsBlk; H:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; H:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 irda;Protocole IrDA; H:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 STEC3;STEC3; \??\H:\WINDOWS\system32\STEC3.sys []
R3 aswRdr;aswRdr; H:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; H:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-03-16 3597312]
R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; H:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; H:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Pilote de classe HID Microsoft; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 irsir;Pilote série infrarouge Microsoft; H:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Pilote HID de souris; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 Rasirda;Miniport réseau étendu (IrDA); H:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbstor;Pilote de stockage de masse USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
S3 ad0p7154;ad0p7154; H:\WINDOWS\system32\drivers\ad0p7154.sys []
S3 AVPsys;AVPsys; \??\H:\WINDOWS\system32\drivers\cdaudio.sys []
S3 camfilt2;camfilt2; H:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-06 94720]
S3 CCDECODE;Décodeur sous-titre fermé; H:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); H:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 driverhardwarev2;driverhardwarev2; \??\H:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 dump_wmimmc;dump_wmimmc; \??\H:\Program Files\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\H:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; H:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; H:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\H:\WINDOWS\system32\drivers\Ndisprot.sys []
S3 npkcrypt;npkcrypt; \??\H:\WINDOWS\system32\npkcrypt.sys []
S3 NPPTNT2;NPPTNT2; \??\H:\WINDOWS\system32\npptNT2.sys []
S3 SLIP;Détrameur décalage BDA; H:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNPSTD3;Hercules Classic Silver; H:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-07-17 10371072]
S3 streamip;BDA IPSink; H:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Pilote USB audio (WDM); H:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Pilote parent générique USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Pilote de scanneur USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Codec Teletext standard; H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\H:\DOCUME~1\TAF\LOCALS~1\Temp\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe [2009-06-11 718880]
R2 aswUpdSv;avast! iAVS4 Control Service; H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; H:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Irmon;Moniteur infrarouge; H:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
R2 npkcmsvc;npkcmsvc; H:\WINDOWS\system32\npkcmsvc.exe [2009-06-15 191008]
R2 UxTuneUp;TuneUp Extension de thème; H:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; H:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 ATI Smart;ATI Smart; H:\WINDOWS\system32\ati2sgag.exe [2009-03-17 593920]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 IDriverT;InstallDriver Table Manager; H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 maconfservice;Ma-Config Service; H:\Program Files\ma-config.com\maconfservice.exe [2009-04-21 216232]
S3 npggsvc;nProtect GameGuard Service; H:\WINDOWS\system32\GameMon.des [2009-06-11 2862620]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; H:\WINDOWS\System32\TuneUpDefragService.exe [2009-06-05 360192]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; H:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; H:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
S3 WLSetupSvc;Windows Live Setup Service; H:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Ati HotKey Poller;Ati HotKey Poller; H:\WINDOWS\system32\Ati2evxx.exe [2009-03-16 602112]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S4 JavaQuickStarterService;Java Quick Starter; H:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]

-----------------EOF-----------------

   
Répondre à Taffy

4

sKe69, le 17 jun 2009 à 15:04:15
  • +2

Re,


très infecté ! .... ya du boulot ... ^^


n'entreprends rien avec le PC sans mon autorisation et suis à la lettre les consignes de désinfection ! ....




commence par ceci :

Télécharge "MSNFix.zip"(de !aur3n7) sur ton bureau :
http://sosvirus.changelog.fr/MSNFix.zip

!! Déconnecte toi, ferme toutes tes applications et désactives tes défenses ( anti-virus ,anti-spyware,...) le temps de la manipe !!


Décompresse-le (=clique droit / Extraire ici) . Déplace ensuite le dossier que tu viens d'extraire directement sous ton disque dure , c'est à dire ici > C:\MSNFix .
( c'est très important pour le bon fonctionnement de l'outil ! ).

Ouvre ce dossier et double-clique sur le fichier MSNFix.bat .
-> Exécutez l'option R ( recherche ).

--> Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage .

Note :
Si une erreur de suppression est détectée, un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations de nettoyage : dans ce cas, redémarre l'ordinateur pour que l'outil finisse son travail ...

-> Le rapport sera enregistré dans le même dossier que MSNFix sous forme d'un fichier " date_heure.txt " et ici C:\WINDOWS\msnfix.txt

Poste le contenu de ce rapport ainsi qu'un nouveau rapport RSIT ( log.txt ) pour analyse ...


Tuto d'utilisation ici : http://sosvirus.changelog.fr/ .

"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne 
vous l'a pas dit !

   
Répondre à sKe69

5

Chiquitine29, le 17 jun 2009 à 15:06:06

Bonjours vous 2 ;) ,

Pour suivre la discussion merci :)

Bonne suite . @+

   
Répondre à Chiquitine29

6

sKe69, le 17 jun 2009 à 15:08:00

Hello chiqui ...

pas besoin de te faire de feedback donc ... ^^


t'as tout sous les yeux ... ;)


++ "Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne 
vous l'a pas dit !

   
Répondre à sKe69

7

Chiquitine29, le 17 jun 2009 à 15:09:59
  • +2

;)

G fé une modif pour ce topic ;)

Je ferais une grosse maj demain , car je veux changer certaines parties du tool

Kiss @+

   
Répondre à Chiquitine29

8

sKe69, le 17 jun 2009 à 15:15:23
  • +2

Oki ... =)

A+ l'ami ...


Taffy,

la suite est ici > http://www.commentcamarche.net/forum/affich 12918897 h windows system32 nmdfgds0 dll?#4

"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne 
vous l'a pas dit !

   
Répondre à sKe69

9

Taffy, le 17 jun 2009 à 16:43:29

Re, voila le rapport de "msn Fix"

MSNFix 1.760

H:\MSNFix
Fix exécuté le 17/06/2009 - 10:13:18,35 By TAF
mode normal

************************ Recherche les fichiers présents

... H:\autorun.inf
... H:\Autorun.inf

************************ Recherche les dossiers présents

... H:\Program Files\skmw\
... H:\Program Files\skmw\sec\
... H:\Program Files\skmw\WinRds\
... H:\Program Files\Microsoft Studio Files\




************************ Suppression des fichiers

.. OK ... H:\WINDOWS\system32\avgvrark.exe
.. OK ... H:\DOCUME~1\TAF\LOCALS~1\Temp\winlogon.exe
.. OK ... H:\DOCUME~1\TAF\LOCALS~1\Temp\services.exe
.. OK ... H:\WINDOWS\system32\cftmon.exe
.. OK ... H:\autorun.inf
.. OK ... H:\Autorun.inf


************************ Suppression des dossiers

/!\ ... H:\Program Files\skmw\
/!\ ... H:\Program Files\skmw\sec\
/!\ ... H:\Program Files\skmw\WinRds\
/!\ ... H:\Program Files\Microsoft Studio Files\


************************ Nettoyage du registre



************************ Hostsclean

Cleanhosts v 0.1.0.7 By Laurent

-- Backup : H:\WINDOWS\system32\drivers\etc\hosts-20090617101411
-- original size 285.3 Kb / 10107 lines
-- Start cleaning Hosts file ....

/!\... antivirus.com ..... Found and removed
/!\... avast.com ..... Found and removed
/!\... ca.com ..... Found and removed
/!\... mcafee.com ..... Found and removed
/!\... spybot.info ..... Found and removed
/!\... spywareinfo.com ..... Found and removed


-- final size 283.82 Kb / 10061 lines
-- entry Found : 6 / Entry check : 310

End .............................. 17.35 Secondes





Les fichiers encore présents seront supprimés au prochain redémarrage


Aucun Fichier trouvé





************************ Hostsclean

Cleanhosts v 0.1.0.7 By Laurent

-- Backup : H:\WINDOWS\system32\drivers\etc\hosts-20090617101753
-- original size 283.82 Kb / 10061 lines
-- Start cleaning Hosts file ....



-- final size 283.82 Kb / 10061 lines
-- entry Found : 0 / Entry check : 310

End .............................. 24.72 Secondes

   
Répondre à Taffy

10

Taffy, le 17 jun 2009 à 16:45:02

Et le rapport de "RSTI"

Logfile of random's system information tool 1.06 (written by random/random)
Run by TAF at 2009-06-17 10:21:47
Microsoft Windows XP Édition familiale Service Pack 2
System drive H: has 106 GB (44%) free of 238 GB
Total RAM: 2046 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:22:03, on 17/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
H:\WINDOWS\system32\npkcmsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\RTHDCPL.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\SuperCopier2\SuperCopier2.exe
H:\Program Files\uTorrent\uTorrent.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Windows Live\Messenger\msnmsgr.exe
H:\Documents and Settings\TAF\Bureau\RSIT.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\Program Files\Trend Micro\HijackThis\TAF.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] H:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cdoosoft] H:\WINDOWS\system32\olhrwef.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_1_2_1.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - H:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - H:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - H:\WINDOWS\System32\TuneUpDefragService.exe
End of file - 7086 bytes

======Scheduled tasks folder======

H:\WINDOWS\tasks\1-Click Maintenance.job
H:\WINDOWS\tasks\Registry Winner Schedule.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - H:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - H:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - H:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast!"=H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"=H:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"MsnMsgr"=H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"uTorrent"=H:\Program Files\uTorrent\uTorrent.exe [2009-02-10 270128]
"ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]
"cdoosoft"=H:\WINDOWS\system32\olhrwef.exe [2009-06-16 105329]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
H:\WINDOWS\system32\Ati2evxx.dll [2009-03-16 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\Messenger\msmsgs.exe"="H:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"H:\Program Files\uTorrent\uTorrent.exe"="H:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\Hercules\Classic Silver\Station2.exe"="H:\Program Files\Hercules\Classic Silver\Station2.exe:*:Enabled:Hercules Webcam Station Evolution"
"H:\Program Files\FlashGet\flashget.exe"="H:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"H:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2.exe"="H:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2.exe:*:Enabled:Ghost Recon Advanced Warfighter® 2"
"H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe"="H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\Program Files\Windows Live\Messenger\livecall.exe"="H:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"H:\Program Files\ma-config.com\maconfservice.exe"="H:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"H:\Documents and Settings\TAF\Bureau\CabalTemp\ESTSetupLoader.exe"="H:\Documents and Settings\TAF\Bureau\CabalTemp\ESTSetupLoader.exe:*:Enabled:EST! download engine"
"H:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe"="H:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Documents and Settings\TAF\Bureau\Fotos.exe"="H:\Documents and Settings\TAF\Bureau\Fotos.exe:*:Enabled:Session Win32"
"H:\Program Files\Microsoft Studio Files\lsass.exe"="H:\Program Files\Microsoft Studio Files\lsass.exe:*:Enabled:Session Win32"
"H:\Program Files\skmw\gwdwin.exe"="H:\Program Files\skmw\gwdwin.exe:*:Enabled:Session Win32"
"H:\Program Files\skmw\irc.exe"="H:\Program Files\skmw\irc.exe:*:Enabled:WinIRC"
"H:\Program Files\dwimn\mwstwn.exe"="H:\Program Files\dwimn\mwstwn.exe:*:Enabled:Session Win32"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe"="H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\Program Files\Windows Live\Messenger\livecall.exe"="H:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
shell\AutoRun\command - 1utbfd.bat
shell\open\command - 1utbfd.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{044814bb-33fa-11dd-a5ff-001d92006b5e}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{04bb76e2-33e4-11dd-823b-806d6172696f}]
shell\AutoRun\command - H:\gpcdt.cmd
shell\open\command - H:\gpcdt.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0786dce1-43b3-11dd-a634-001d92006b5e}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08ba0621-91b5-11dd-a6d2-001d92006b5e}]
shell\AutoRun\command - 1ogf.exe
shell\open\command - 1ogf.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08ba0622-91b5-11dd-a6d2-001d92006b5e}]
shell\AutoRun\command - 1ogf.exe
shell\open\command - 1ogf.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22306c24-3405-11dd-a601-001d92006b5e}]
shell\AutoRun\command - oq.cmd
shell\explore\command - oq.cmd
shell\open\command - oq.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22306c25-3405-11dd-a601-001d92006b5e}]
shell\AutoRun\command - oq.cmd
shell\explore\command - oq.cmd
shell\open\command - oq.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24e53324-4461-11dd-a636-001d92006b5e}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5027e682-e686-11dd-a748-001d92006b5e}]
shell\AutoRun\command - M:\gpcdt.cmd
shell\open\command - M:\gpcdt.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6e9fb86e-3804-11dd-a615-001d92006b5e}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77759692-3620-11dd-a60c-001d92006b5e}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a732dfa-a060-11dd-a6f3-001d92006b5e}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7d472c7e-421f-11dd-a62e-001d92006b5e}]
shell\Auto\command - AdobeR.exe e
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91cf22b0-4052-11dd-a629-001d92006b5e}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0be3cc4-34b4-11dd-a604-001d92006b5e}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aedf47ea-1899-11de-a7a0-001d92006b5e}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c4d8eae7-af63-11dd-a704-001d92006b5e}]
shell\AutoRun\command - K:\sv8c2bjw.bat
shell\open\command - K:\sv8c2bjw.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9d04799-2129-11de-a7a4-001d92006b5e}]
shell\AutoRun\command - J:\sv8c2bjw.bat
shell\open\command - J:\sv8c2bjw.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f3ad0fca-47b3-11dd-a645-001d92006b5e}]
shell\AutoRun\command - H:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe MS32DLL.dll.vbs


======List of files/folders created in the last 2 months======

2009-06-17 10:12:05 ----D---- H:\MSNFix
2009-06-17 08:13:11 ----D---- H:\rsit
2009-06-17 07:22:51 ----RSH---- H:\WINDOWS\system32\nmdfgds0.dll
2009-06-16 21:54:44 ----HDC---- H:\WINDOWS\$NtUninstallKB932823-v3$
2009-06-16 21:54:24 ----A---- H:\WINDOWS\system32\SETB.tmp
2009-06-16 21:48:47 ----RSH---- H:\gpcdt.cmd
2009-06-15 20:23:35 ----D---- H:\Documents and Settings\TAF\Application Data\TeraCopy
2009-06-15 20:23:32 ----D---- H:\Program Files\TeraCopy
2009-06-15 11:49:29 ----A---- H:\WINDOWS\system32\npkcmsvc.exe
2009-06-15 10:54:53 ----RSH---- H:\WINDOWS\system32\nmdfgds1.dll
2009-06-15 07:55:39 ----RSH---- H:\fsaht.cmd
2009-06-15 07:55:11 ----RSH---- H:\WINDOWS\system32\olhrwef.exe
2009-06-15 06:56:51 ----D---- H:\Program Files\Games-Masters.com
2009-06-14 15:09:13 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2009-06-14 11:50:01 ----RSH---- H:\sv8c2bjw.bat
2009-06-14 11:49:00 ----RSH---- H:\xdglur.bat
2009-06-11 17:59:31 ----HDC---- H:\WINDOWS\$NtUninstallKB961501$
2009-06-11 17:59:23 ----HDC---- H:\WINDOWS\$NtUninstallKB969898$
2009-06-11 17:56:05 ----HDC---- H:\WINDOWS\$NtUninstallKB970238$
2009-06-11 17:54:11 ----HDC---- H:\WINDOWS\$NtUninstallKB968537$
2009-06-07 07:02:25 ----D---- H:\WINDOWS\system32\CatRoot_bak
2009-06-05 13:48:06 ----SHD---- H:\RECYCLER
2009-06-05 13:31:15 ----D---- H:\WINDOWS\system32\Lang
2009-06-05 12:14:39 ----A---- H:\WINDOWS\system32\D3DX9_41.dll
2009-06-05 12:14:39 ----A---- H:\WINDOWS\system32\d3dx10_41.dll
2009-06-05 12:14:39 ----A---- H:\WINDOWS\system32\D3DCompiler_41.dll
2009-06-05 12:14:38 ----A---- H:\WINDOWS\system32\XAudio2_4.dll
2009-06-05 12:14:38 ----A---- H:\WINDOWS\system32\XAPOFX1_3.dll
2009-06-05 12:14:37 ----A---- H:\WINDOWS\system32\xactengine3_4.dll
2009-06-05 12:14:37 ----A---- H:\WINDOWS\system32\X3DAudio1_6.dll
2009-06-05 12:14:36 ----A---- H:\WINDOWS\system32\D3DX9_40.dll
2009-06-05 12:14:36 ----A---- H:\WINDOWS\system32\d3dx10_40.dll
2009-06-05 12:14:36 ----A---- H:\WINDOWS\system32\D3DCompiler_40.dll
2009-06-05 12:14:35 ----A---- H:\WINDOWS\system32\XAudio2_3.dll
2009-06-05 12:14:35 ----A---- H:\WINDOWS\system32\XAPOFX1_2.dll
2009-06-05 12:14:34 ----A---- H:\WINDOWS\system32\xactengine3_3.dll
2009-06-05 12:14:33 ----A---- H:\WINDOWS\system32\X3DAudio1_5.dll
2009-06-05 12:14:32 ----A---- H:\WINDOWS\system32\XAudio2_2.dll
2009-06-05 12:14:32 ----A---- H:\WINDOWS\system32\XAPOFX1_1.dll
2009-06-05 12:14:32 ----A---- H:\WINDOWS\system32\xactengine3_2.dll
2009-06-05 12:14:31 ----A---- H:\WINDOWS\system32\D3DX9_39.dll
2009-06-05 12:14:31 ----A---- H:\WINDOWS\system32\d3dx10_39.dll
2009-06-05 12:14:31 ----A---- H:\WINDOWS\system32\D3DCompiler_39.dll
2009-06-05 12:14:30 ----A---- H:\WINDOWS\system32\XAudio2_1.dll
2009-06-05 12:14:30 ----A---- H:\WINDOWS\system32\XAPOFX1_0.dll
2009-06-05 12:14:29 ----A---- H:\WINDOWS\system32\xactengine3_1.dll
2009-06-05 12:14:29 ----A---- H:\WINDOWS\system32\X3DAudio1_4.dll
2009-06-05 12:14:28 ----A---- H:\WINDOWS\system32\d3dx10_38.dll
2009-06-05 12:14:28 ----A---- H:\WINDOWS\system32\D3DCompiler_38.dll
2009-06-05 12:14:27 ----A---- H:\WINDOWS\system32\D3DX9_38.dll
2009-06-05 11:55:24 ----D---- H:\ATI
2009-05-31 13:27:57 ----N---- H:\WINDOWS\system32\ati2sgag.exe
2009-05-31 13:27:54 ----A---- H:\WINDOWS\system32\atiiiexx.dll
2009-05-31 13:25:29 ----A---- H:\WINDOWS\ATICIM.INI
2009-05-31 13:09:22 ----A---- H:\WINDOWS\system32\ativtmxx.dll
2009-05-31 13:08:37 ----A---- H:\WINDOWS\system32\ati3d1ag.dll
2009-05-31 13:08:32 ----A---- H:\WINDOWS\system32\ati2dvaa.dll
2009-05-31 12:16:42 ----D---- H:\Program Files\Driver Cleaner Pro
2009-05-31 11:59:18 ----D---- H:\Program Files\Defraggler
2009-05-31 11:56:32 ----D---- H:\Documents and Settings\TAF\Application Data\Canon
2009-05-31 11:54:00 ----D---- H:\Program Files\Realtek
2009-05-31 11:53:59 ----D---- H:\WINDOWS\system32\RTCOM
2009-05-30 14:26:44 ----D---- H:\Documents and Settings\All Users\Application Data\ATI
2009-05-30 13:40:02 ----A---- H:\WINDOWS\system32\pgdfgsvc.exe
2009-05-30 13:29:54 ----A---- H:\WINDOWS\system32\TUProgSt.exe
2009-05-30 13:29:52 ----A---- H:\WINDOWS\system32\uxtuneup.dll
2009-05-30 13:29:50 ----A---- H:\WINDOWS\system32\TuneUpDefragService.exe
2009-05-27 18:28:23 ----D---- H:\Program Files\Zuma Deluxe
2009-05-27 15:49:10 ----D---- H:\WINDOWS\LastGood(2)
2009-05-27 13:16:50 ----D---- H:\Program Files\Realtek AC97
2009-05-27 11:39:17 ----D---- H:\Documents and Settings\All Users\Application Data\ATI(2)
2009-05-23 19:37:08 ----D---- H:\Documents and Settings\TAF\Application Data\Windows Live Writer
2009-05-22 18:01:46 ----D---- H:\Program Files\Feneris
2009-05-14 15:29:02 ----A---- H:\WINDOWS\system32\npkpdb.dll
2009-05-07 17:32:02 ----A---- H:\WINDOWS\system32\npkcrypt.dll
2009-05-04 10:37:40 ----A---- H:\WINDOWS\system32\npkSvcUpdate.exe
2009-04-30 19:15:09 ----D---- H:\Program Files\Registry Winner
2009-04-26 07:10:05 ----HDC---- H:\WINDOWS\$NtUninstallKB959426$
2009-04-26 07:09:59 ----HDC---- H:\WINDOWS\$NtUninstallKB961373$
2009-04-26 07:09:14 ----HDC---- H:\WINDOWS\$NtUninstallKB960225$
2009-04-26 07:07:57 ----HDC---- H:\WINDOWS\$NtUninstallKB956572$
2009-04-26 07:07:46 ----HDC---- H:\WINDOWS\$NtUninstallKB952004$
2009-04-26 07:07:41 ----HDC---- H:\WINDOWS\$NtUninstallKB960715$
2009-04-26 07:07:34 ----HDC---- H:\WINDOWS\$NtUninstallKB967715$
2009-04-26 07:07:28 ----HDC---- H:\WINDOWS\$NtUninstallKB958690$
2009-04-26 07:07:23 ----HDC---- H:\WINDOWS\$NtUninstallKB960803$
2009-04-26 07:07:12 ----HDC---- H:\WINDOWS\$NtUninstallKB923561$
2009-04-24 12:02:51 ----HDC---- H:\WINDOWS\$NtUninstallWIC$
2009-04-24 12:00:47 ----D---- H:\Program Files\Windows Live SkyDrive
2009-04-24 11:41:37 ----D---- H:\Program Files\Fichiers communs\Windows Live
2009-04-23 13:03:08 ----D---- H:\Program Files\The Last Remnant
2009-04-23 04:31:41 ----D---- H:\Program Files\Sunbelt Software
2009-04-21 18:32:06 ----A---- H:\WINDOWS\system32\npkupd.exe
2009-04-18 20:00:07 ----D---- H:\Program Files\Trend Micro

======List of files/folders modified in the last 2 months======

2009-06-17 10:18:28 ----D---- H:\WINDOWS\system32
2009-06-17 10:18:19 ----D---- H:\WINDOWS\Prefetch
2009-06-17 10:18:18 ----A---- H:\WINDOWS\msnfix.txt
2009-06-17 10:17:09 ----D---- H:\WINDOWS\Temp
2009-06-17 10:14:49 ----D---- H:\WINDOWS\system32\CatRoot2
2009-06-17 10:14:49 ----A---- H:\WINDOWS\SchedLgU.Txt
2009-06-17 10:14:37 ----D---- H:\WINDOWS
2009-06-17 09:38:46 ----D---- H:\Program Files\Mozilla Firefox
2009-06-17 08:12:18 ----D---- H:\Documents and Settings\TAF\Application Data\uTorrent
2009-06-17 06:25:03 ----HD---- H:\WINDOWS\inf
2009-06-16 21:54:48 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-06-16 21:51:23 ----HD---- H:\WINDOWS\$hf_mig$
2009-06-16 21:29:02 ----D---- H:\WINDOWS\system32\drivers
2009-06-16 21:28:03 ----D---- H:\Program Files\FlashGet
2009-06-15 20:23:32 ----RD---- H:\Program Files
2009-06-15 11:57:07 ----RSD---- H:\WINDOWS\Fonts
2009-06-15 11:49:27 ----SD---- H:\WINDOWS\Downloaded Program Files
2009-06-15 08:05:24 ----D---- H:\WINDOWS\Debug
2009-06-13 20:45:31 ----D---- H:\WINDOWS\system32\CatRoot
2009-06-13 20:29:10 ----D---- H:\WINDOWS\system32\spool
2009-06-11 17:55:34 ----D---- H:\WINDOWS\system32\fr-fr
2009-06-11 17:55:34 ----D---- H:\Program Files\Internet Explorer
2009-06-11 17:55:04 ----D---- H:\WINDOWS\ie7updates
2009-06-11 14:42:46 ----D---- H:\Program Files\a-squared Free
2009-06-11 05:43:20 ----D---- H:\WINDOWS\system32\config
2009-06-11 05:41:48 ----SHD---- H:\WINDOWS\Installer
2009-06-11 05:41:48 ----SHD---- H:\Config.Msi
2009-06-11 05:28:53 ----RSH---- H:\boot.ini
2009-06-05 14:43:47 ----D---- H:\Documents and Settings\TAF\Application Data\Macromedia
2009-06-05 13:25:06 ----D---- H:\Documents and Settings\TAF\Application Data\DNA
2009-06-05 13:25:06 ----D---- H:\Documents and Settings\All Users\Application Data\WLInstaller
2009-06-05 13:19:54 ----D---- H:\WINDOWS\WinSxS
2009-06-05 13:19:54 ----D---- H:\Documents and Settings\TAF\Application Data\Azureus
2009-06-05 13:19:53 ----D---- H:\WINDOWS\system32\oobe
2009-06-05 13:19:53 ----D---- H:\WINDOWS\system32\mui
2009-06-05 13:19:49 ----D---- H:\WINDOWS\security
2009-06-05 13:19:49 ----D---- H:\WINDOWS\Registration
2009-06-05 13:19:44 ----D---- H:\WINDOWS\pchealth
2009-06-05 13:19:42 ----D---- H:\WINDOWS\ime
2009-06-05 13:19:41 ----RSD---- H:\WINDOWS\assembly
2009-06-05 12:50:39 ----D---- H:\WINDOWS\system32\LogFiles
2009-06-05 12:12:45 ----D---- H:\WINDOWS\system32\DirectX
2009-06-01 12:51:12 ----A---- H:\WINDOWS\system32\MRT.exe
2009-05-31 19:41:06 ----D---- H:\Program Files\Dofus
2009-05-31 13:25:47 ----HD---- H:\Program Files\InstallShield Installation Information
2009-05-31 13:25:29 ----D---- H:\Program Files\ATI Technologies
2009-05-31 13:08:52 ----D---- H:\Documents and Settings\TAF\Application Data\ATI
2009-05-31 11:58:45 ----D---- H:\WINDOWS\system32\ReinstallBackups
2009-05-31 11:55:43 ----D---- H:\Program Files\ma-config.com
2009-05-31 11:51:04 ----D---- H:\Documents and Settings\TAF\Application Data\dvdcss
2009-05-31 11:32:06 ----D---- H:\Program Files\TuneUp Utilities 2009
2009-05-31 11:31:31 ----D---- H:\Program Files\DNA
2009-05-31 11:31:29 ----SHD---- H:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-31 11:27:21 ----D---- H:\Program Files\CCleaner
2009-05-30 14:12:05 ----A---- H:\WINDOWS\wininit.ini
2009-05-30 13:29:54 ----SD---- H:\WINDOWS\Tasks
2009-05-30 13:16:44 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI
2009-05-27 16:05:28 ----D---- H:\WINDOWS\system32\wbem
2009-05-27 09:59:21 ----DC---- H:\WINDOWS\system32\DRVSTORE
2009-05-27 08:26:05 ----D---- H:\Documents and Settings\All Users\Application Data\ma-config.com
2009-05-23 23:20:03 ----D---- H:\Documents and Settings\TAF\Application Data\vlc
2009-05-13 06:04:48 ----D---- H:\Documents and Settings\All Users\Application Data\Adobe
2009-05-13 06:04:41 ----D---- H:\Program Files\Fichiers communs\Adobe
2009-05-13 06:04:38 ----D---- H:\Program Files\Adobe
2009-05-07 11:43:40 ----A---- H:\WINDOWS\system32\localspl.dll
2009-05-03 21:15:09 ----D---- H:\Program Files\Messenger Plus! Live
2009-05-02 16:04:17 ----D---- H:\Program Files\Windows Live
2009-04-29 00:45:44 ----A---- H:\WINDOWS\system32\wininet.dll
2009-04-29 00:45:43 ----A---- H:\WINDOWS\system32\webcheck.dll
2009-04-29 00:45:43 ----A---- H:\WINDOWS\system32\urlmon.dll
2009-04-29 00:45:43 ----A---- H:\WINDOWS\system32\url.dll
2009-04-29 00:45:42 ----A---- H:\WINDOWS\system32\pngfilt.dll
2009-04-29 00:45:42 ----A---- H:\WINDOWS\system32\occache.dll
2009-04-29 00:45:42 ----A---- H:\WINDOWS\system32\mstime.dll
2009-04-29 00:45:42 ----A---- H:\WINDOWS\system32\msrating.dll
2009-04-29 00:45:42 ----A---- H:\WINDOWS\system32\mshtmled.dll
2009-04-29 00:45:41 ----A---- H:\WINDOWS\system32\mshtml.dll
2009-04-29 00:45:40 ----A---- H:\WINDOWS\system32\msfeedsbs.dll
2009-04-29 00:45:40 ----A---- H:\WINDOWS\system32\msfeeds.dll
2009-04-29 00:45:39 ----A---- H:\WINDOWS\system32\jsproxy.dll
2009-04-29 00:45:38 ----A---- H:\WINDOWS\system32\iertutil.dll
2009-04-29 00:45:38 ----A---- H:\WINDOWS\system32\iernonce.dll
2009-04-29 00:45:38 ----A---- H:\WINDOWS\system32\ieframe.dll
2009-04-29 00:45:36 ----A---- H:\WINDOWS\system32\ieencode.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\iedkcs32.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\ieapfltr.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\ieaksie.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\ieakeng.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\icardie.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\extmgr.dll
2009-04-29 00:45:34 ----A---- H:\WINDOWS\system32\dxtrans.dll
2009-04-29 00:45:34 ----A---- H:\WINDOWS\system32\dxtmsft.dll
2009-04-29 00:45:34 ----A---- H:\WINDOWS\system32\advpack.dll
2009-04-28 22:17:04 ----A---- H:\WINDOWS\system32\ati2dvag(3).dll
2009-04-28 22:07:02 ----A---- H:\WINDOWS\system32\atipdlxx(3).dll
2009-04-28 22:06:20 ----A---- H:\WINDOWS\system32\ati2edxx(3).dll
2009-04-28 22:06:06 ----A---- H:\WINDOWS\system32\ati2evxx(3).dll
2009-04-28 22:04:44 ----A---- H:\WINDOWS\system32\ati2evxx(3).exe
2009-04-28 21:56:26 ----A---- H:\WINDOWS\system32\ati3duag(3).dll
2009-04-28 21:42:54 ----A---- H:\WINDOWS\system32\ativvaxx(3).dll
2009-04-28 21:22:14 ----A---- H:\WINDOWS\system32\atikvmag(3).dll
2009-04-28 21:17:20 ----A---- H:\WINDOWS\system32\atiok3x2(3).dll
2009-04-28 21:13:10 ----A---- H:\WINDOWS\system32\ati2cqag(3).dll
2009-04-28 05:06:24 ----A---- H:\WINDOWS\system32\ieudinit.exe
2009-04-28 05:06:24 ----A---- H:\WINDOWS\system32\ie4uinit.exe
2009-04-27 21:07:55 ----D---- H:\WINDOWS\Microsoft.NET
2009-04-27 21:04:21 ----SHDC---- H:\Program Files\Fichiers communs\WindowsLiveInstaller
2009-04-27 18:27:35 ----A---- H:\WINDOWS\win.ini
2009-04-27 18:27:35 ----A---- H:\WINDOWS\system.ini
2009-04-26 08:57:32 ----D---- H:\WINDOWS\AppPatch
2009-04-25 01:26:23 ----A---- H:\WINDOWS\system32\ieakui.dll
2009-04-24 12:00:54 ----SD---- H:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-24 12:00:54 ----D---- H:\Program Files\Fichiers communs\Microsoft Shared
2009-04-24 11:41:37 ----D---- H:\Program Files\Fichiers communs
2009-04-24 11:03:38 ----D---- H:\Program Files\SuperCopier2
2009-04-23 13:33:35 ----D---- H:\Program Files\adslTV
2009-04-23 13:26:31 ----D---- H:\Program Files\DivX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; H:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK8;AMD Processor Driver; H:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; H:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; H:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; H:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R2 aswFsBlk;aswFsBlk; H:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; H:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 irda;Protocole IrDA; H:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 STEC3;STEC3; \??\H:\WINDOWS\system32\STEC3.sys []
R3 aswRdr;aswRdr; H:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; H:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-03-16 3597312]
R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; H:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; H:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Pilote de classe HID Microsoft; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 irsir;Pilote série infrarouge Microsoft; H:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Pilote HID de souris; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 Rasirda;Miniport réseau étendu (IrDA); H:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbstor;Pilote de stockage de masse USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
S3 a1rit2oy;a1rit2oy; H:\WINDOWS\system32\drivers\a1rit2oy.sys []
S3 AVPsys;AVPsys; \??\H:\WINDOWS\system32\drivers\cdaudio.sys []
S3 camfilt2;camfilt2; H:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-06 94720]
S3 catchme;catchme; \??\H:\DOCUME~1\TAF\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; H:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); H:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 driverhardwarev2;driverhardwarev2; \??\H:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 dump_wmimmc;dump_wmimmc; \??\H:\Program Files\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\H:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; H:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; H:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\H:\WINDOWS\system32\drivers\Ndisprot.sys []
S3 npkcrypt;npkcrypt; \??\H:\WINDOWS\system32\npkcrypt.sys []
S3 NPPTNT2;NPPTNT2; \??\H:\WINDOWS\system32\npptNT2.sys []
S3 SLIP;Détrameur décalage BDA; H:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNPSTD3;Hercules Classic Silver; H:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-07-17 10371072]
S3 streamip;BDA IPSink; H:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Pilote USB audio (WDM); H:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Pilote parent générique USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Pilote de scanneur USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Codec Teletext standard; H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\H:\DOCUME~1\TAF\LOCALS~1\Temp\mc22.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe [2009-06-11 718880]
R2 aswUpdSv;avast! iAVS4 Control Service; H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; H:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Irmon;Moniteur infrarouge; H:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
R2 npkcmsvc;npkcmsvc; H:\WINDOWS\system32\npkcmsvc.exe [2009-06-15 191008]
R2 UxTuneUp;TuneUp Extension de thème; H:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; H:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 ATI Smart;ATI Smart; H:\WINDOWS\system32\ati2sgag.exe [2009-03-17 593920]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 IDriverT;InstallDriver Table Manager; H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 maconfservice;Ma-Config Service; H:\Program Files\ma-config.com\maconfservice.exe [2009-04-21 216232]
S3 npggsvc;nProtect GameGuard Service; H:\WINDOWS\system32\GameMon.des [2009-06-11 2862620]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; H:\WINDOWS\System32\TuneUpDefragService.exe [2009-06-05 360192]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; H:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; H:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
S3 WLSetupSvc;Windows Live Setup Service; H:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Ati HotKey Poller;Ati HotKey Poller; H:\WINDOWS\system32\Ati2evxx.exe [2009-03-16 602112]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S4 JavaQuickStarterService;Java Quick Starter; H:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]

-----------------EOF-----------------

   
Répondre à Taffy

11

sKe69, le 17 jun 2009 à 16:58:54

Bien ....

la suite dans l'ordre :


1- Télécharge CCleaner :
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner
ou http://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
Lors de l'installation:
-choisis bien "français" en langue .
-avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.

Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm


---> Utilisation:
*Décocher dans le menu Options - sous-menu Avancé :
Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures .

! déconnecte toi et ferme toutes applications en cours !

* va dans "nettoyeur" : fais -analyse- puis -nettoyage-
* va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs-
( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )



=============================


2- Télécharge UsbFix ( de C_XX, Chimay8 & Chiquitine29 ) sur ton bureau :

> http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe

! Déconnecte toi d'internet et ferme toutes applications en cours !

--> Double-clique sur l' .exe pour lancer l'installation de l'outil ( ne touche pas aux paramètres d'installe ) .


Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) .


# Double clique sur le raccourci UsbFix présent sur ton bureau pour lancer l'outil.

# Choisis l' option 1 ( Recherche )

# Laisse travailler l'outil et ne touche à rien pendant le scan .

# Une fois terminé, poste le rapport UsbFix.txt qui apparaitra.

Le rapport est en outre sauvegardé à la racine du disque maitre ( C:\UsbFix.txt ).

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )


Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


Site de l'auteur > http://pagesperso-orange.fr/NosTools/usbfix.html


"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne 
vous l'a pas dit !

   
Répondre à sKe69

12

Taffy, le 17 jun 2009 à 22:38:40

Re, dsl pour le temps que j'ais pris. Voila le rapport de "USB Fix"


############################## [ UsbFix V3.032 ]

# User : TAF (Administrateurs) # TAF
# Update on 15/06/09 by Chiquitine29
# Start at: 16:16:21 | 17/06/2009
# Website : http://pagesperso-orange.fr/NosTools/usbfix.html

# AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1335 [VPS 090617-0] 4.8.1335 [ Enabled | Updated ]

# C:\ # Disque amovible
# D:\ # Disque amovible # 3,75 Go (923,19 Mo free) # FAT32
# E:\ # Disque amovible
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque fixe local # 232,88 Go (104,28 Go free) # NTFS
# I:\ # Disque CD-ROM
# J:\ # Disque amovible # 21,22 Mo (18,54 Mo free) [PHONE] # FAT
# K:\ # Disque amovible # 1,85 Go (1,19 Go free) [PHONE CARD] # FAT
# L:\ # Disque amovible # 982,05 Mo (200,4 Mo free) [TAF-IN-BLEU] # FAT32
# M:\ # Disque fixe local # 298,02 Go (75,52 Go free) [APOLLO 13] # FAT32

############################## [ Processus actifs ]

H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
H:\WINDOWS\system32\npkcmsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\RTHDCPL.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\SuperCopier2\SuperCopier2.exe
H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
H:\Program Files\uTorrent\uTorrent.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe

################## [ Registre Startup ]

HKCU_Main: "Local Page"="H:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"=""
HKCU_Main: "Start Page"="http://www.google.fr/"
HKLM_logon: "Userinit"="H:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="TAF"
HKLM_logon: "AltDefaultUserName"="TAF"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""

HKLM_Run: RTHDCPL=RTHDCPL.EXE
HKLM_Run: Alcmtr=ALCMTR.EXE
HKLM_Run: avast!=H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM_Run: Adobe Reader Speed Launcher="H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: SuperCopier2.exe=H:\Program Files\SuperCopier2\SuperCopier2.exe
HKCU_Run: MsnMsgr="H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
HKCU_Run: uTorrent="H:\Program Files\uTorrent\uTorrent.exe"
HKCU_Run: ctfmon.exe=H:\WINDOWS\system32\ctfmon.exe

HKLM_expl: "HonorAutoRunSetting"=dword:00000001

################## [ Fichiers # Dossiers infectieux ]

Présent ! H:\WINDOWS\system32\nmdfgds1.dll
Présent ! "H:\Documents and Settings\TAF\RavMonLog"
Présent ! D:\RavMonLog
Présent ! D:\adober.exe
Présent ! D:\msvcr71.dll
Présent ! "D:\ravmonlog"
H:\autorun.inf # -> fichier appelé : "H:\gpcdt.cmd" ( Absent ! )
Présent ! H:\sv8c2bjw.bat
Présent ! H:\xdglur.bat
Présent ! H:\autorun.inf
Présent ! J:\msvcr71.dll
Présent ! K:\msvcr71.dll
Présent ! L:\em8tqm.cmd
Présent ! L:\q9.cmd
Présent ! "L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013"
Présent ! L:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\sdcvhost.exe
M:\autorun.inf # -> fichier appelé : "M:\gpcdt.cmd" ( Présent ! )
Présent ! M:\fsaht.cmd
Présent ! M:\gpcdt.cmd
Présent ! M:\sv8c2bjw.bat
Présent ! M:\xdglur.bat
Présent ! M:\x.cmd
Présent ! M:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

Présent ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

################## [ Registre # Mountpoints2 ]

HKCU\...\Explorer\MountPoints2\K\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\K\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{044814bb-33fa-11dd-a5ff-001d92006b5e}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{04bb76e2-33e4-11dd-823b-806d6172696f}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{04bb76e2-33e4-11dd-823b-806d6172696f}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{0786dce1-43b3-11dd-a634-001d92006b5e}\Shell\Auto\Command
HKCU\...\Explorer\MountPoints2\{0786dce1-43b3-11dd-a634-001d92006b5e}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{22306c24-3405-11dd-a601-001d92006b5e}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{22306c24-3405-11dd-a601-001d92006b5e}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{22306c24-3405-11dd-a601-001d92006b5e}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{22306c25-3405-11dd-a601-001d92006b5e}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{22306c25-3405-11dd-a601-001d92006b5e}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{22306c25-3405-11dd-a601-001d92006b5e}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{24e53324-4461-11dd-a636-001d92006b5e}\Shell\Auto\Command
HKCU\...\Explorer\MountPoints2\{24e53324-4461-11dd-a636-001d92006b5e}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{5027e682-e686-11dd-a748-001d92006b5e}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{5027e682-e686-11dd-a748-001d92006b5e}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{6e9fb86e-3804-11dd-a615-001d92006b5e}\Shell\Auto\Command
HKCU\...\Explorer\MountPoints2\{6e9fb86e-3804-11dd-a615-001d92006b5e}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{77759692-3620-11dd-a60c-001d92006b5e}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{7a732dfa-a060-11dd-a6f3-001d92006b5e}\Shell\Auto\Command
HKCU\...\Explorer\MountPoints2\{7a732dfa-a060-11dd-a6f3-001d92006b5e}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{7d472c7e-421f-11dd-a62e-001d92006b5e}\Shell\Auto\Command
HKCU\...\Explorer\MountPoints2\{7d472c7e-421f-11dd-a62e-001d92006b5e}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{a0be3cc4-34b4-11dd-a604-001d92006b5e}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{aedf47ea-1899-11de-a7a0-001d92006b5e}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{c4d8eae7-af63-11dd-a704-001d92006b5e}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{c4d8eae7-af63-11dd-a704-001d92006b5e}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{d9d04799-2129-11de-a7a4-001d92006b5e}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{d9d04799-2129-11de-a7a4-001d92006b5e}\Shell\open\Command

################## [ ! Fin du rapport # UsbFix V3.032 ! ]

   
Répondre à Taffy

13

sKe69, le 17 jun 2009 à 22:43:46

Bien ...


la suite dans l'ordre :


1- ! Déconnecte toi d'internet et ferme toutes applications en cours !

IMPERATIF :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3,carte SD, etc...) succeptibles d'avoir été infectés ( mais sans les ouvrir ! ) .

# Double clique sur le raccourci UsbFix présent sur ton bureau pour lancer l'outil .

# Cette fois ci , tu choisis l' option 2 ( Suppression ) .

> Ton bureau disparaitra et le pc redémarrera ( c'est normal ).

# Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil et ne touche à rien .

# Une fois terminé, poste le nouveau rapport UsbFix.txt qui apparaitra avec le bureau .


( Le rapport est en outre sauvegardé à la racine du disque maitre > C:\UsbFix.txt ).


========================


2- refais un scan RSIT, poste le nouveau rapport "log.txt" obtenu pour analyse et attends la suite ...


"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne 
vous l'a pas dit !

   
Répondre à sKe69

14

Taffy, le 17 jun 2009 à 23:15:42

Re, voila le rapport de "USB Fix" ( mais a la fin du redémarrage de mon PC il y a eu une coupure de courant )


############################## [ UsbFix V3.032 ]

# User : TAF (Administrateurs) # TAF
# Update on 15/06/09 by Chiquitine29
# Start at: 16:40:55 | 17/06/2009
# Website : http://pagesperso-orange.fr/NosTools/usbfix.html

# AMD Athlon(tm) 64 X2 Dual Core Processor 4600+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1335 [VPS 090617-0] 4.8.1335 [ Enabled | Updated ]

# C:\ # Disque amovible
# D:\ # Disque amovible # 3,75 Go (923,19 Mo free) # FAT32
# E:\ # Disque amovible
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque fixe local # 232,88 Go (104,25 Go free) # NTFS
# I:\ # Disque CD-ROM
# J:\ # Disque amovible # 21,22 Mo (18,54 Mo free) [PHONE] # FAT
# K:\ # Disque amovible # 1,85 Go (1,19 Go free) [PHONE CARD] # FAT
# L:\ # Disque amovible # 982,05 Mo (200,4 Mo free) [TAF-IN-BLEU] # FAT32
# M:\ # Disque fixe local # 298,02 Go (75,52 Go free) [APOLLO 13] # FAT32

############################## [ Processus actifs ]

H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\logonui.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
H:\WINDOWS\system32\npkcmsvc.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\WINDOWS\system32\wuauclt.exe

################## [ Fichiers # Dossiers infectieux ]

Supprimé ! "H:\Documents and Settings\TAF\RavMonLog"
Supprimé ! D:\RavMonLog
Supprimé ! D:\adober.exe
Supprimé ! D:\msvcr71.dll
H:\autorun.inf # -> fichier appelé : "H:\gpcdt.cmd" ( absent ! )
Supprimé ! H:\sv8c2bjw.bat
Supprimé ! H:\xdglur.bat
Supprimé ! H:\autorun.inf
Supprimé ! J:\msvcr71.dll
Supprimé ! K:\msvcr71.dll
Supprimé ! L:\em8tqm.cmd
Supprimé ! L:\q9.cmd
Supprimé ! L:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\sdcvhost.exe
Supprimé ! "L:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013"
M:\autorun.inf # -> fichier appelé : "M:\gpcdt.cmd" ( présent ! )
Deleted ! -> M:\gpcdt.cmd
Supprimé ! M:\fsaht.cmd
Supprimé ! M:\sv8c2bjw.bat
Supprimé ! M:\xdglur.bat
Supprimé ! M:\x.cmd
Supprimé ! M:\autorun.inf

################## [ Registre # Clés Run infectieuses ]

Supprimé ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe

################## [ Registre # Mountpoints2 ]

Supprimé ! HKCU\...\Explorer\MountPoints2\K\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{044814bb-33fa-11dd-a5ff-001d92006b5e}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{0786dce1-43b3-11dd-a634-001d92006b5e}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{22306c24-3405-11dd-a601-001d92006b5e}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{22306c25-3405-11dd-a601-001d92006b5e}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{24e53324-4461-11dd-a636-001d92006b5e}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{6e9fb86e-3804-11dd-a615-001d92006b5e}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{77759692-3620-11dd-a60c-001d92006b5e}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{7a732dfa-a060-11dd-a6f3-001d92006b5e}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{7d472c7e-421f-11dd-a62e-001d92006b5e}\Shell\Auto\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{a0be3cc4-34b4-11dd-a604-001d92006b5e}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{aedf47ea-1899-11de-a7a0-001d92006b5e}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{c4d8eae7-af63-11dd-a704-001d92006b5e}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{d9d04799-2129-11de-a7a4-001d92006b5e}\Shell\AutoRun\Command

################## [ Listing des fichiers présent ]

[15/04/2005 08:58|--a------|13900225] - D:\150.PBP
[19/04/2007 08:07|--a------|22048501] - D:\340.PBP
[03/01/2006 09:37|--a------|23647653] - D:\371.PBP
[08/01/2008 21:42|--a------|241664] - D:\msipl.bin
[18/03/2008 04:59|--a------|25652613] - D:\393.PBP
[02/12/2008 19:30|--ah-----|296] - D:\WMPInfo.xml
[17/06/2009 10:13|--a------|57] - H:\autorun.MSNFix
[11/06/2009 05:28|-r-hs----|230] - H:\boot.ini
[05/08/2004 08:00|-rahs----|4952] - H:\Bootfont.bin
[25/03/2002 09:52|--a------|644976] - H:\BootVis.exe
[08/03/2009 20:16|--a------|258] - H:\MSNCleaner.txt
[05/08/2004 08:00|-rahs----|47564] - H:\NTDETECT.COM
[05/08/2004 08:00|-rahs----|251712] - H:\ntldr
[?|?|?] - H:\pagefile.sys
[30/07/2008 14:11|--ah-----|268] - H:\sqmdata00.sqm
[31/07/2008 19:55|--ah-----|268] - H:\sqmdata01.sqm
[01/08/2008 15:07|--ah-----|268] - H:\sqmdata02.sqm
[01/08/2008 17:56|--ah-----|268] - H:\sqmdata03.sqm
[30/08/2008 21:40|--ah-----|232] - H:\sqmdata04.sqm
[28/09/2008 18:39|--ah-----|268] - H:\sqmdata05.sqm
[29/09/2008 05:15|--ah-----|268] - H:\sqmdata06.sqm
[29/09/2008 20:39|--ah-----|268] - H:\sqmdata07.sqm
[01/10/2008 17:55|--ah-----|268] - H:\sqmdata08.sqm
[02/10/2008 19:01|--ah-----|268] - H:\sqmdata09.sqm
[03/10/2008 18:34|--ah-----|232] - H:\sqmdata10.sqm
[18/10/2008 06:52|--ah-----|232] - H:\sqmdata11.sqm
[26/01/2009 09:08|--ah-----|232] - H:\sqmdata12.sqm
[09/02/2009 22:52|--ah-----|268] - H:\sqmdata13.sqm
[12/04/2009 09:20|--ah-----|268] - H:\sqmdata14.sqm
[30/07/2008 14:11|--ah-----|244] - H:\sqmnoopt00.sqm
[31/07/2008 19:55|--ah-----|244] - H:\sqmnoopt01.sqm
[01/08/2008 15:07|--ah-----|244] - H:\sqmnoopt02.sqm
[01/08/2008 17:56|--ah-----|244] - H:\sqmnoopt03.sqm
[30/08/2008 21:40|--ah-----|244] - H:\sqmnoopt04.sqm
[28/09/2008 18:39|--ah-----|244] - H:\sqmnoopt05.sqm
[29/09/2008 05:15|--ah-----|244] - H:\sqmnoopt06.sqm
[29/09/2008 20:39|--ah-----|244] - H:\sqmnoopt07.sqm
[01/10/2008 17:55|--ah-----|244] - H:\sqmnoopt08.sqm
[02/10/2008 19:01|--ah-----|244] - H:\sqmnoopt09.sqm
[03/10/2008 18:34|--ah-----|244] - H:\sqmnoopt10.sqm
[18/10/2008 06:52|--ah-----|244] - H:\sqmnoopt11.sqm
[26/01/2009 09:08|--ah-----|244] - H:\sqmnoopt12.sqm
[09/02/2009 22:52|--ah-----|244] - H:\sqmnoopt13.sqm
[12/04/2009 09:20|--ah-----|244] - H:\sqmnoopt14.sqm
[17/06/2009 16:43|--a------|6776] - H:\UsbFix.txt
[01/01/1980 00:00|-r-h-----|0] - K:\MEMSTICK.IND
[01/01/1980 00:00|-r-h-----|0] - K:\MSTK_PRO.IND
[02/06/2009 04:09|--a------|10391040] - L:\Dossier Bac V3 .2
[02/06/2009 04:11|--a------|10391040] - L:\Dossier Bac V3 .2.doc
[02/06/2009 04:12|--a------|10209202] - L:\Dossier Bac V3 .2.odt
[02/06/2009 08:17|--a------|5888000] - L:\dossier brujaille.doc
[04/06/2009 18:38|--a------|3425280] - L:\diapo 01.ppt

################## [ Vaccination ]

# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# H:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# J:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# K:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# L:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# M:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## [ ! Fin du rapport # UsbFix V3.032 ! ]

   
Répondre à Taffy

15

Taffy, le 17 jun 2009 à 23:18:09

Et voila le rapport de "RSIT"

Logfile of random's system information tool 1.06 (written by random/random)
Run by TAF at 2009-06-17 16:55:39
Microsoft Windows XP Édition familiale Service Pack 2
System drive H: has 107 GB (45%) free of 238 GB
Total RAM: 2046 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:55:55, on 17/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\Explorer.EXE
H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
H:\WINDOWS\system32\npkcmsvc.exe
H:\WINDOWS\RTHDCPL.EXE
H:\WINDOWS\system32\svchost.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\SuperCopier2\SuperCopier2.exe
H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
H:\Program Files\uTorrent\uTorrent.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Documents and Settings\TAF\Bureau\RSIT.exe
H:\Program Files\Trend Micro\HijackThis\TAF.exe
H:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - H:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - H:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] H:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "H:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - H:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - H:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - H:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_1_2_1.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://update.nprotect.net/keycrypt/cabal/npkcx_inca.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - H:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - H:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - H:\WINDOWS\system32\npkcmsvc.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - H:\WINDOWS\System32\TuneUpDefragService.exe
End of file - 6910 bytes

======Scheduled tasks folder======

H:\WINDOWS\tasks\1-Click Maintenance.job
H:\WINDOWS\tasks\Registry Winner Schedule.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - H:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - H:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-09 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - H:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]
"Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast!"=H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"=H:\Program Files\SuperCopier2\SuperCopier2.exe [2006-07-07 1052672]
"MsnMsgr"=H:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"uTorrent"=H:\Program Files\uTorrent\uTorrent.exe [2009-02-10 270128]
"ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
H:\WINDOWS\system32\Ati2evxx.dll [2009-03-16 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispScrSavPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoFind"=0
"NoFolderOptions"=0
"NoRun"=0
"NoDrives"=0
"NoDriveAutoRun"=FFFFFFFF
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\Messenger\msmsgs.exe"="H:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"H:\Program Files\uTorrent\uTorrent.exe"="H:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\Hercules\Classic Silver\Station2.exe"="H:\Program Files\Hercules\Classic Silver\Station2.exe:*:Enabled:Hercules Webcam Station Evolution"
"H:\Program Files\FlashGet\flashget.exe"="H:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"H:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2.exe"="H:\Program Files\UBISOFT\Ghost Recon Advanced Warfighter 2\graw2.exe:*:Enabled:Ghost Recon Advanced Warfighter® 2"
"H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe"="H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\Program Files\Windows Live\Messenger\livecall.exe"="H:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"H:\Program Files\ma-config.com\maconfservice.exe"="H:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"H:\Documents and Settings\TAF\Bureau\CabalTemp\ESTSetupLoader.exe"="H:\Documents and Settings\TAF\Bureau\CabalTemp\ESTSetupLoader.exe:*:Enabled:EST! download engine"
"H:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe"="H:\Program Files\Games-Masters.com\CABAL Online (Europe)\launcher\update\ESTdnheadless.exe:*:Enabled:EST! download engine"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Documents and Settings\TAF\Bureau\Fotos.exe"="H:\Documents and Settings\TAF\Bureau\Fotos.exe:*:Enabled:Session Win32"
"H:\Program Files\Microsoft Studio Files\lsass.exe"="H:\Program Files\Microsoft Studio Files\lsass.exe:*:Enabled:Session Win32"
"H:\Program Files\skmw\gwdwin.exe"="H:\Program Files\skmw\gwdwin.exe:*:Enabled:Session Win32"
"H:\Program Files\skmw\irc.exe"="H:\Program Files\skmw\irc.exe:*:Enabled:WinIRC"
"H:\Program Files\dwimn\mwstwn.exe"="H:\Program Files\dwimn\mwstwn.exe:*:Enabled:Session Win32"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="H:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"H:\Program Files\Windows Live\Messenger\msnmsgr.exe"="H:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"H:\Program Files\Windows Live\Messenger\livecall.exe"="H:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 2 months======

2009-06-17 16:43:02 ----RASHD---- H:\autorun.inf
2009-06-17 16:40:50 ----A---- H:\UsbFix.txt
2009-06-17 16:02:25 ----D---- H:\UsbFix
2009-06-17 10:12:05 ----D---- H:\MSNFix
2009-06-17 08:13:11 ----D---- H:\rsit
2009-06-16 21:54:44 ----HDC---- H:\WINDOWS\$NtUninstallKB932823-v3$
2009-06-16 21:54:24 ----A---- H:\WINDOWS\system32\SETB.tmp
2009-06-15 20:23:35 ----D---- H:\Documents and Settings\TAF\Application Data\TeraCopy
2009-06-15 20:23:32 ----D---- H:\Program Files\TeraCopy
2009-06-15 11:49:29 ----A---- H:\WINDOWS\system32\npkcmsvc.exe
2009-06-15 06:56:51 ----D---- H:\Program Files\Games-Masters.com
2009-06-14 15:09:13 ----D---- H:\Program Files\Malwarebytes' Anti-Malware
2009-06-11 17:59:31 ----HDC---- H:\WINDOWS\$NtUninstallKB961501$
2009-06-11 17:59:23 ----HDC---- H:\WINDOWS\$NtUninstallKB969898$
2009-06-11 17:56:05 ----HDC---- H:\WINDOWS\$NtUninstallKB970238$
2009-06-11 17:54:11 ----HDC---- H:\WINDOWS\$NtUninstallKB968537$
2009-06-07 07:02:25 ----D---- H:\WINDOWS\system32\CatRoot_bak
2009-06-05 13:48:06 ----SHD---- H:\RECYCLER
2009-06-05 13:31:15 ----D---- H:\WINDOWS\system32\Lang
2009-06-05 12:14:39 ----A---- H:\WINDOWS\system32\D3DX9_41.dll
2009-06-05 12:14:39 ----A---- H:\WINDOWS\system32\d3dx10_41.dll
2009-06-05 12:14:39 ----A---- H:\WINDOWS\system32\D3DCompiler_41.dll
2009-06-05 12:14:38 ----A---- H:\WINDOWS\system32\XAudio2_4.dll
2009-06-05 12:14:38 ----A---- H:\WINDOWS\system32\XAPOFX1_3.dll
2009-06-05 12:14:37 ----A---- H:\WINDOWS\system32\xactengine3_4.dll
2009-06-05 12:14:37 ----A---- H:\WINDOWS\system32\X3DAudio1_6.dll
2009-06-05 12:14:36 ----A---- H:\WINDOWS\system32\D3DX9_40.dll
2009-06-05 12:14:36 ----A---- H:\WINDOWS\system32\d3dx10_40.dll
2009-06-05 12:14:36 ----A---- H:\WINDOWS\system32\D3DCompiler_40.dll
2009-06-05 12:14:35 ----A---- H:\WINDOWS\system32\XAudio2_3.dll
2009-06-05 12:14:35 ----A---- H:\WINDOWS\system32\XAPOFX1_2.dll
2009-06-05 12:14:34 ----A---- H:\WINDOWS\system32\xactengine3_3.dll
2009-06-05 12:14:33 ----A---- H:\WINDOWS\system32\X3DAudio1_5.dll
2009-06-05 12:14:32 ----A---- H:\WINDOWS\system32\XAudio2_2.dll
2009-06-05 12:14:32 ----A---- H:\WINDOWS\system32\XAPOFX1_1.dll
2009-06-05 12:14:32 ----A---- H:\WINDOWS\system32\xactengine3_2.dll
2009-06-05 12:14:31 ----A---- H:\WINDOWS\system32\D3DX9_39.dll
2009-06-05 12:14:31 ----A---- H:\WINDOWS\system32\d3dx10_39.dll
2009-06-05 12:14:31 ----A---- H:\WINDOWS\system32\D3DCompiler_39.dll
2009-06-05 12:14:30 ----A---- H:\WINDOWS\system32\XAudio2_1.dll
2009-06-05 12:14:30 ----A---- H:\WINDOWS\system32\XAPOFX1_0.dll
2009-06-05 12:14:29 ----A---- H:\WINDOWS\system32\xactengine3_1.dll
2009-06-05 12:14:29 ----A---- H:\WINDOWS\system32\X3DAudio1_4.dll
2009-06-05 12:14:28 ----A---- H:\WINDOWS\system32\d3dx10_38.dll
2009-06-05 12:14:28 ----A---- H:\WINDOWS\system32\D3DCompiler_38.dll
2009-06-05 12:14:27 ----A---- H:\WINDOWS\system32\D3DX9_38.dll
2009-06-05 11:55:24 ----D---- H:\ATI
2009-05-31 13:27:57 ----N---- H:\WINDOWS\system32\ati2sgag.exe
2009-05-31 13:27:54 ----A---- H:\WINDOWS\system32\atiiiexx.dll
2009-05-31 13:25:29 ----A---- H:\WINDOWS\ATICIM.INI
2009-05-31 13:09:22 ----A---- H:\WINDOWS\system32\ativtmxx.dll
2009-05-31 13:08:37 ----A---- H:\WINDOWS\system32\ati3d1ag.dll
2009-05-31 13:08:32 ----A---- H:\WINDOWS\system32\ati2dvaa.dll
2009-05-31 12:16:42 ----D---- H:\Program Files\Driver Cleaner Pro
2009-05-31 11:59:18 ----D---- H:\Program Files\Defraggler
2009-05-31 11:56:32 ----D---- H:\Documents and Settings\TAF\Application Data\Canon
2009-05-31 11:54:00 ----D---- H:\Program Files\Realtek
2009-05-31 11:53:59 ----D---- H:\WINDOWS\system32\RTCOM
2009-05-30 14:26:44 ----D---- H:\Documents and Settings\All Users\Application Data\ATI
2009-05-30 13:40:02 ----A---- H:\WINDOWS\system32\pgdfgsvc.exe
2009-05-30 13:29:54 ----A---- H:\WINDOWS\system32\TUProgSt.exe
2009-05-30 13:29:52 ----A---- H:\WINDOWS\system32\uxtuneup.dll
2009-05-30 13:29:50 ----A---- H:\WINDOWS\system32\TuneUpDefragService.exe
2009-05-27 18:28:23 ----D---- H:\Program Files\Zuma Deluxe
2009-05-27 15:49:10 ----D---- H:\WINDOWS\LastGood(2)
2009-05-27 13:16:50 ----D---- H:\Program Files\Realtek AC97
2009-05-27 11:39:17 ----D---- H:\Documents and Settings\All Users\Application Data\ATI(2)
2009-05-23 19:37:08 ----D---- H:\Documents and Settings\TAF\Application Data\Windows Live Writer
2009-05-22 18:01:46 ----D---- H:\Program Files\Feneris
2009-05-14 15:29:02 ----A---- H:\WINDOWS\system32\npkpdb.dll
2009-05-07 17:32:02 ----A---- H:\WINDOWS\system32\npkcrypt.dll
2009-05-04 10:37:40 ----A---- H:\WINDOWS\system32\npkSvcUpdate.exe
2009-04-30 19:15:09 ----D---- H:\Program Files\Registry Winner
2009-04-26 07:10:05 ----HDC---- H:\WINDOWS\$NtUninstallKB959426$
2009-04-26 07:09:59 ----HDC---- H:\WINDOWS\$NtUninstallKB961373$
2009-04-26 07:09:14 ----HDC---- H:\WINDOWS\$NtUninstallKB960225$
2009-04-26 07:07:57 ----HDC---- H:\WINDOWS\$NtUninstallKB956572$
2009-04-26 07:07:46 ----HDC---- H:\WINDOWS\$NtUninstallKB952004$
2009-04-26 07:07:41 ----HDC---- H:\WINDOWS\$NtUninstallKB960715$
2009-04-26 07:07:34 ----HDC---- H:\WINDOWS\$NtUninstallKB967715$
2009-04-26 07:07:28 ----HDC---- H:\WINDOWS\$NtUninstallKB958690$
2009-04-26 07:07:23 ----HDC---- H:\WINDOWS\$NtUninstallKB960803$
2009-04-26 07:07:12 ----HDC---- H:\WINDOWS\$NtUninstallKB923561$
2009-04-24 12:02:51 ----HDC---- H:\WINDOWS\$NtUninstallWIC$
2009-04-24 12:00:47 ----D---- H:\Program Files\Windows Live SkyDrive
2009-04-24 11:41:37 ----D---- H:\Program Files\Fichiers communs\Windows Live
2009-04-23 13:03:08 ----D---- H:\Program Files\The Last Remnant
2009-04-23 04:31:41 ----D---- H:\Program Files\Sunbelt Software
2009-04-21 18:32:06 ----A---- H:\WINDOWS\system32\npkupd.exe
2009-04-18 20:00:07 ----D---- H:\Program Files\Trend Micro

======List of files/folders modified in the last 2 months======

2009-06-17 16:55:19 ----D---- H:\WINDOWS\Prefetch
2009-06-17 16:53:55 ----D---- H:\WINDOWS\Temp
2009-06-17 16:48:49 ----D---- H:\Program Files\Mozilla Firefox
2009-06-17 16:43:08 ----D---- H:\WINDOWS
2009-06-17 16:33:31 ----D---- H:\WINDOWS\system32
2009-06-17 16:31:36 ----A---- H:\WINDOWS\SchedLgU.Txt
2009-06-17 16:31:34 ----D---- H:\WINDOWS\system32\CatRoot2
2009-06-17 16:31:27 ----D---- H:\Documents and Settings\TAF\Application Data\uTorrent
2009-06-17 16:01:35 ----HD---- H:\WINDOWS\inf
2009-06-17 10:18:18 ----A---- H:\WINDOWS\msnfix.txt
2009-06-16 21:54:48 ----RSHDC---- H:\WINDOWS\system32\dllcache
2009-06-16 21:51:23 ----HD---- H:\WINDOWS\$hf_mig$
2009-06-16 21:29:02 ----D---- H:\WINDOWS\system32\drivers
2009-06-16 21:28:03 ----D---- H:\Program Files\FlashGet
2009-06-15 20:23:32 ----RD---- H:\Program Files
2009-06-15 11:57:07 ----RSD---- H:\WINDOWS\Fonts
2009-06-15 11:49:27 ----SD---- H:\WINDOWS\Downloaded Program Files
2009-06-15 08:05:24 ----D---- H:\WINDOWS\Debug
2009-06-13 20:45:31 ----D---- H:\WINDOWS\system32\CatRoot
2009-06-13 20:29:10 ----D---- H:\WINDOWS\system32\spool
2009-06-11 17:55:34 ----D---- H:\WINDOWS\system32\fr-fr
2009-06-11 17:55:34 ----D---- H:\Program Files\Internet Explorer
2009-06-11 17:55:04 ----D---- H:\WINDOWS\ie7updates
2009-06-11 14:42:46 ----D---- H:\Program Files\a-squared Free
2009-06-11 05:43:20 ----D---- H:\WINDOWS\system32\config
2009-06-11 05:41:48 ----SHD---- H:\WINDOWS\Installer
2009-06-11 05:41:48 ----SHD---- H:\Config.Msi
2009-06-11 05:28:53 ----RSH---- H:\boot.ini
2009-06-05 14:43:47 ----D---- H:\Documents and Settings\TAF\Application Data\Macromedia
2009-06-05 13:25:06 ----D---- H:\Documents and Settings\TAF\Application Data\DNA
2009-06-05 13:25:06 ----D---- H:\Documents and Settings\All Users\Application Data\WLInstaller
2009-06-05 13:19:54 ----D---- H:\WINDOWS\WinSxS
2009-06-05 13:19:54 ----D---- H:\Documents and Settings\TAF\Application Data\Azureus
2009-06-05 13:19:53 ----D---- H:\WINDOWS\system32\oobe
2009-06-05 13:19:53 ----D---- H:\WINDOWS\system32\mui
2009-06-05 13:19:49 ----D---- H:\WINDOWS\security
2009-06-05 13:19:49 ----D---- H:\WINDOWS\Registration
2009-06-05 13:19:44 ----D---- H:\WINDOWS\pchealth
2009-06-05 13:19:42 ----D---- H:\WINDOWS\ime
2009-06-05 13:19:41 ----RSD---- H:\WINDOWS\assembly
2009-06-05 12:50:39 ----D---- H:\WINDOWS\system32\LogFiles
2009-06-05 12:12:45 ----D---- H:\WINDOWS\system32\DirectX
2009-06-01 12:51:12 ----A---- H:\WINDOWS\system32\MRT.exe
2009-05-31 19:41:06 ----D---- H:\Program Files\Dofus
2009-05-31 13:25:47 ----HD---- H:\Program Files\InstallShield Installation Information
2009-05-31 13:25:29 ----D---- H:\Program Files\ATI Technologies
2009-05-31 13:08:52 ----D---- H:\Documents and Settings\TAF\Application Data\ATI
2009-05-31 11:58:45 ----D---- H:\WINDOWS\system32\ReinstallBackups
2009-05-31 11:55:43 ----D---- H:\Program Files\ma-config.com
2009-05-31 11:51:04 ----D---- H:\Documents and Settings\TAF\Application Data\dvdcss
2009-05-31 11:32:06 ----D---- H:\Program Files\TuneUp Utilities 2009
2009-05-31 11:31:31 ----D---- H:\Program Files\DNA
2009-05-31 11:31:29 ----SHD---- H:\Documents and Settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-31 11:27:21 ----D---- H:\Program Files\CCleaner
2009-05-30 14:12:05 ----A---- H:\WINDOWS\wininit.ini
2009-05-30 13:29:54 ----SD---- H:\WINDOWS\Tasks
2009-05-30 13:16:44 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI
2009-05-27 16:05:28 ----D---- H:\WINDOWS\system32\wbem
2009-05-27 09:59:21 ----DC---- H:\WINDOWS\system32\DRVSTORE
2009-05-27 08:26:05 ----D---- H:\Documents and Settings\All Users\Application Data\ma-config.com
2009-05-23 23:20:03 ----D---- H:\Documents and Settings\TAF\Application Data\vlc
2009-05-13 06:04:48 ----D---- H:\Documents and Settings\All Users\Application Data\Adobe
2009-05-13 06:04:41 ----D---- H:\Program Files\Fichiers communs\Adobe
2009-05-13 06:04:38 ----D---- H:\Program Files\Adobe
2009-05-07 11:43:40 ----A---- H:\WINDOWS\system32\localspl.dll
2009-05-03 21:15:09 ----D---- H:\Program Files\Messenger Plus! Live
2009-05-02 16:04:17 ----D---- H:\Program Files\Windows Live
2009-04-29 00:45:44 ----A---- H:\WINDOWS\system32\wininet.dll
2009-04-29 00:45:43 ----A---- H:\WINDOWS\system32\webcheck.dll
2009-04-29 00:45:43 ----A---- H:\WINDOWS\system32\urlmon.dll
2009-04-29 00:45:43 ----A---- H:\WINDOWS\system32\url.dll
2009-04-29 00:45:42 ----A---- H:\WINDOWS\system32\pngfilt.dll
2009-04-29 00:45:42 ----A---- H:\WINDOWS\system32\occache.dll
2009-04-29 00:45:42 ----A---- H:\WINDOWS\system32\mstime.dll
2009-04-29 00:45:42 ----A---- H:\WINDOWS\system32\msrating.dll
2009-04-29 00:45:42 ----A---- H:\WINDOWS\system32\mshtmled.dll
2009-04-29 00:45:41 ----A---- H:\WINDOWS\system32\mshtml.dll
2009-04-29 00:45:40 ----A---- H:\WINDOWS\system32\msfeedsbs.dll
2009-04-29 00:45:40 ----A---- H:\WINDOWS\system32\msfeeds.dll
2009-04-29 00:45:39 ----A---- H:\WINDOWS\system32\jsproxy.dll
2009-04-29 00:45:38 ----A---- H:\WINDOWS\system32\iertutil.dll
2009-04-29 00:45:38 ----A---- H:\WINDOWS\system32\iernonce.dll
2009-04-29 00:45:38 ----A---- H:\WINDOWS\system32\ieframe.dll
2009-04-29 00:45:36 ----A---- H:\WINDOWS\system32\ieencode.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\iedkcs32.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\ieapfltr.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\ieaksie.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\ieakeng.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\icardie.dll
2009-04-29 00:45:35 ----A---- H:\WINDOWS\system32\extmgr.dll
2009-04-29 00:45:34 ----A---- H:\WINDOWS\system32\dxtrans.dll
2009-04-29 00:45:34 ----A---- H:\WINDOWS\system32\dxtmsft.dll
2009-04-29 00:45:34 ----A---- H:\WINDOWS\system32\advpack.dll
2009-04-28 22:17:04 ----A---- H:\WINDOWS\system32\ati2dvag(3).dll
2009-04-28 22:07:02 ----A---- H:\WINDOWS\system32\atipdlxx(3).dll
2009-04-28 22:06:20 ----A---- H:\WINDOWS\system32\ati2edxx(3).dll
2009-04-28 22:06:06 ----A---- H:\WINDOWS\system32\ati2evxx(3).dll
2009-04-28 22:04:44 ----A---- H:\WINDOWS\system32\ati2evxx(3).exe
2009-04-28 21:56:26 ----A---- H:\WINDOWS\system32\ati3duag(3).dll
2009-04-28 21:42:54 ----A---- H:\WINDOWS\system32\ativvaxx(3).dll
2009-04-28 21:22:14 ----A---- H:\WINDOWS\system32\atikvmag(3).dll
2009-04-28 21:17:20 ----A---- H:\WINDOWS\system32\atiok3x2(3).dll
2009-04-28 21:13:10 ----A---- H:\WINDOWS\system32\ati2cqag(3).dll
2009-04-28 05:06:24 ----A---- H:\WINDOWS\system32\ieudinit.exe
2009-04-28 05:06:24 ----A---- H:\WINDOWS\system32\ie4uinit.exe
2009-04-27 21:07:55 ----D---- H:\WINDOWS\Microsoft.NET
2009-04-27 21:04:21 ----SHDC---- H:\Program Files\Fichiers communs\WindowsLiveInstaller
2009-04-27 18:27:35 ----A---- H:\WINDOWS\win.ini
2009-04-27 18:27:35 ----A---- H:\WINDOWS\system.ini
2009-04-26 08:57:32 ----D---- H:\WINDOWS\AppPatch
2009-04-25 01:26:23 ----A---- H:\WINDOWS\system32\ieakui.dll
2009-04-24 12:00:54 ----SD---- H:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-24 12:00:54 ----D---- H:\Program Files\Fichiers communs\Microsoft Shared
2009-04-24 11:41:37 ----D---- H:\Program Files\Fichiers communs
2009-04-24 11:03:38 ----D---- H:\Program Files\SuperCopier2
2009-04-23 13:33:35 ----D---- H:\Program Files\adslTV
2009-04-23 13:26:31 ----D---- H:\Program Files\DivX

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; H:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 AmdK8;AMD Processor Driver; H:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 aswSP;avast! Self Protection; H:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; H:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; H:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-05 12032]
R2 aswFsBlk;aswFsBlk; H:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; H:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 irda;Protocole IrDA; H:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-03 87424]
R2 STEC3;STEC3; \??\H:\WINDOWS\system32\STEC3.sys []
R3 aswRdr;aswRdr; H:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 ati2mtag;ati2mtag; H:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-03-16 3597312]
R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; H:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; H:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HidUsb;Pilote de classe HID Microsoft; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 irsir;Pilote série infrarouge Microsoft; H:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Pilote HID de souris; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 Rasirda;Miniport réseau étendu (IrDA); H:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624]
R3 usbhub;Concentrateur USB2; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600]
R3 usbstor;Pilote de stockage de masse USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480]
S3 aaozvijp;aaozvijp; H:\WINDOWS\system32\drivers\aaozvijp.sys []
S3 AVPsys;AVPsys; \??\H:\WINDOWS\system32\drivers\cdaudio.sys []
S3 camfilt2;camfilt2; H:\WINDOWS\system32\DRIVERS\camfilt2.sys [2007-08-06 94720]
S3 catchme;catchme; \??\H:\DOCUME~1\TAF\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; H:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 DCamUSBSQTECH;Dual-Mode DSC(2770); H:\WINDOWS\System32\Drivers\SQcaptur.sys [2003-01-10 30921]
S3 driverhardwarev2;driverhardwarev2; \??\H:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 dump_wmimmc;dump_wmimmc; \??\H:\Program Files\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\H:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; H:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; H:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; H:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 Ndisprot;ArcNet NDIS Protocol Driver; \??\H:\WINDOWS\system32\drivers\Ndisprot.sys []
S3 npkcrypt;npkcrypt; \??\H:\WINDOWS\system32\npkcrypt.sys []
S3 NPPTNT2;NPPTNT2; \??\H:\WINDOWS\system32\npptNT2.sys []
S3 SLIP;Détrameur décalage BDA; H:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 SNPSTD3;Hercules Classic Silver; H:\WINDOWS\system32\DRIVERS\snpstd3.sys [2007-07-17 10371072]
S3 streamip;BDA IPSink; H:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 usbaudio;Pilote USB audio (WDM); H:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Pilote parent générique USB Microsoft; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbscan;Pilote de scanneur USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Codec Teletext standard; H:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; H:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []
S4 mchInjDrv;mchInjDrv; \??\H:\DOCUME~1\TAF\LOCALS~1\Temp\mc21.tmp []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; H:\PROGRAM FILES\A-SQUARED FREE\a2service.exe [2009-06-11 718880]
R2 aswUpdSv;avast! iAVS4 Control Service; H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; H:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 Irmon;Moniteur infrarouge; H:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
R2 npkcmsvc;npkcmsvc; H:\WINDOWS\system32\npkcmsvc.exe [2009-06-15 191008]
R2 UxTuneUp;TuneUp Extension de thème; H:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; H:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 ATI Smart;ATI Smart; H:\WINDOWS\system32\ati2sgag.exe [2009-03-17 593920]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2004-08-19 14336]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 IDriverT;InstallDriver Table Manager; H:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 maconfservice;Ma-Config Service; H:\Program Files\ma-config.com\maconfservice.exe [2009-04-21 216232]
S3 npggsvc;nProtect GameGuard Service; H:\WINDOWS\system32\GameMon.des [2009-06-11 2862620]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; H:\WINDOWS\System32\TuneUpDefragService.exe [2009-06-05 360192]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; H:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 usprserv;User Privilege Service; H:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
S3 WLSetupSvc;Windows Live Setup Service; H:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S4 Ati HotKey Poller;Ati HotKey Poller; H:\WINDOWS\system32\Ati2evxx.exe [2009-03-16 602112]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S4 JavaQuickStarterService;Java Quick Starter; H:\Program Files\Java\jre6\bin\jqs.exe [2009-03-09 152984]

-----------------EOF-----------------

   
Répondre à Taffy

16

sKe69, le 17 jun 2009 à 23:35:34

Bien ....


la suite dans l'ordre :



A -Avoir accès aux fichiers cachés :

Va dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valide la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )



B- Toujours tes unités externes branchées au PC !

Rends toi sur ce site :

http://www.virustotal.com/

Copies ce qui suit et colles le dans l'espace pour la recherche ( ou clique sur "parcourir" et va jusqu'au fichier demandé ) :
D:\msipl.bin

Clique sur Send File ( = " Envoyer le fichier " ).

Un rapport va s'élaborer ligne à ligne.

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta prochaine réponse ...

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )


Fais de même pour :
D:\WMPInfo.xml
H:\WINDOWS\system32\SETB.tmp

Poste moi donc ces 3 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) et fais la suite ...


=========================

C -Télécharge SDFix sur ton bureau :
ici http://downloads.andymanchesta.com/RemovalTools/SDFix.exe.
ou ici http://download.bleepingcomputer.com/andymanchesta/SDFix.exe
ou ici http://sdfix.net/SDFix.exe

--> Double-clique sur SDFix.exe et choisis "Install" .

( tuto ici : http://www.malekal.com/tutorial_SDFix.php )

Puis une fois l'installe faite ,

Impératif : Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...


Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer l'outil .
-->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normale ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier
C:\SDFix sous le nom "Report.txt".

Poste ce dernier dans ta prochaine réponse accompagné d'un nouveau rapport RSIT pour analyse ...


"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne 
vous l'a pas dit !

   
Répondre à sKe69

17

Taffy, le 18 jun 2009 à 00:00:23

Voila les résultats, je vais les poster dans 3 messages différents

"msipl.bin"

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.06.17 -
AhnLab-V3 5.0.0.2 2009.06.17 -
AntiVir 7.9.0.187 2009.06.17 -
Antiy-AVL 2.0.3.1 2009.06.17 -
Authentium 5.1.2.4 2009.06.17 -
Avast 4.8.1335.0 2009.06.17 -
AVG 8.5.0.339 2009.06.17 -
BitDefender 7.2 2009.06.17 -
CAT-QuickHeal 10.00 2009.06.17 -
ClamAV 0.94.1 2009.06.17 -
Comodo 1356 2009.06.17 -
DrWeb 5.0.0.12182 2009.06.17 -
eSafe 7.0.17.0 2009.06.17 -
eTrust-Vet 31.6.6566 2009.06.17 -
F-Prot 4.4.4.56 2009.06.17 -
F-Secure 8.0.14470.0 2009.06.17 -
Fortinet 3.117.0.0 2009.06.17 -
GData 19 2009.06.17 -
Ikarus T3.1.1.59.0 2009.06.17 -
Jiangmin 11.0.706 2009.06.17 -
K7AntiVirus 7.10.766 2009.06.17 -
Kaspersky 7.0.0.125 2009.06.17 -
McAfee 5649 2009.06.17 -
McAfee+Artemis 5649 2009.06.17 -
McAfee-GW-Edition 6.7.6 2009.06.17 -
Microsoft 1.4701 2009.06.17 -
NOD32 4164 2009.06.17 -
Norman 6.01.09 2009.06.17 -
nProtect 2009.1.8.0 2009.06.17 -
Panda 10.0.0.14 2009.06.17 -
PCTools 4.4.2.0 2009.06.17 -
Prevx 3.0 2009.06.17 -
Rising 21.34.24.00 2009.06.17 -
Sophos 4.42.0 2009.06.17 -
Sunbelt 3.2.1858.2 2009.06.17 -
Symantec 1.4.4.12 2009.06.17 -
TheHacker 6.3.4.3.348 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.17 -
VBA32 3.12.10.7 2009.06.17 -
ViRobot 2009.6.17.1792 2009.06.17 -
VirusBuster 4.6.5.0 2009.06.17 -
Information additionnelle
File size: 241664 bytes
MD5...: 142cc4e18edd07f2544793a1cbb43920
SHA1..: 13489d70adad5b5e3114921462f01d75f57967e0
SHA256: 4fb18691ccabd3a87f1bdb5c75a437eab924dbc61873bf5a47750aecaa9e82f9
ssdeep: 6144:xkFUqfe7QVPvYuJAMl22jgxMk+87vF0t92:x4dUQpQufjVk97t
PEiD..: -
TrID..: File type identification
OpenGL object (56.8%)
Adobe PhotoShop Brush (14.2%)
MacBinary 2 header (14.2%)
BONK lossless/lossy audio compressor (14.2%)
Sybase iAnywhere database files (0.2%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-

   
Répondre à Taffy

18

sKe69, le 18 jun 2009 à 00:01:17

Vu ... les autres donc ... ^^


"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne 
vous l'a pas dit !

   
Répondre à sKe69

19

Taffy, le 18 jun 2009 à 00:01:30

Pour:
"WMPInfo.xml"

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.06.17 -
AhnLab-V3 5.0.0.2 2009.06.17 -
AntiVir 7.9.0.187 2009.06.17 -
Antiy-AVL 2.0.3.1 2009.06.17 -
Authentium 5.1.2.4 2009.06.17 -
Avast 4.8.1335.0 2009.06.17 -
AVG 8.5.0.339 2009.06.17 -
BitDefender 7.2 2009.06.17 -
CAT-QuickHeal 10.00 2009.06.17 -
ClamAV 0.94.1 2009.06.17 -
Comodo 1356 2009.06.17 -
DrWeb 5.0.0.12182 2009.06.17 -
eSafe 7.0.17.0 2009.06.17 -
eTrust-Vet 31.6.6566 2009.06.17 -
F-Prot 4.4.4.56 2009.06.17 -
F-Secure 8.0.14470.0 2009.06.17 -
Fortinet 3.117.0.0 2009.06.17 -
GData 19 2009.06.17 -
Ikarus T3.1.1.59.0 2009.06.17 -
Jiangmin 11.0.706 2009.06.17 -
K7AntiVirus 7.10.766 2009.06.17 -
Kaspersky 7.0.0.125 2009.06.17 -
McAfee 5649 2009.06.17 -
McAfee+Artemis 5649 2009.06.17 -
McAfee-GW-Edition 6.7.6 2009.06.17 -
Microsoft 1.4701 2009.06.17 -
NOD32 4164 2009.06.17 -
Norman 6.01.09 2009.06.17 -
nProtect 2009.1.8.0 2009.06.17 -
Panda 10.0.0.14 2009.06.17 -
PCTools 4.4.2.0 2009.06.17 -
Prevx 3.0 2009.06.17 -
Rising 21.34.24.00 2009.06.17 -
Sophos 4.42.0 2009.06.17 -
Sunbelt 3.2.1858.2 2009.06.17 -
Symantec 1.4.4.12 2009.06.17 -
TheHacker 6.3.4.3.348 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.17 -
VBA32 3.12.10.7 2009.06.17 -
ViRobot 2009.6.17.1792 2009.06.17 -
VirusBuster 4.6.5.0 2009.06.17 -
Information additionnelle
File size: 296 bytes
MD5...: ce04ecbd1d55a4c3311f4d68aa6f2072
SHA1..: 383ae84977d998df97fd4b139f90dec8b5e62e69
SHA256: 575baabdbfbccd172e7d6e9ada4cd968b1c1550207a4c510a317f4cf8bc12cae
ssdeep: 6:QfAlvZ2xC9QlcCOKyOUYlteQQ1UO6lctT02GtnO6l8tgFKKulzgZn:Q4AQ9QLO
fOBlDNGt42lO8mFKHza
PEiD..: -
TrID..: File type identification
Text - UTF-16 (LE) encoded (65.2%)
MP3 audio (32.6%)
Lumena CEL bitmap (2.0%)
PEInfo: -
PDFiD.: -
RDS...: NSRL Reference Data Set
-
packers (F-Prot): Unicode

   
Répondre à Taffy

20

Taffy, le 18 jun 2009 à 00:02:58

Et pour:
"SETB.tmp"

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.18 2009.06.17 -
AhnLab-V3 5.0.0.2 2009.06.17 -
AntiVir 7.9.0.187 2009.06.17 -
Antiy-AVL 2.0.3.1 2009.06.17 -
Authentium 5.1.2.4 2009.06.17 -
Avast 4.8.1335.0 2009.06.17 -
AVG 8.5.0.339 2009.06.17 -
BitDefender 7.2 2009.06.17 -
CAT-QuickHeal 10.00 2009.06.17 -
ClamAV 0.94.1 2009.06.17 -
Comodo 1356 2009.06.17 -
DrWeb 5.0.0.12182 2009.06.17 -
eSafe 7.0.17.0 2009.06.17 -
eTrust-Vet 31.6.6566 2009.06.17 -
F-Prot 4.4.4.56 2009.06.17 -
F-Secure 8.0.14470.0 2009.06.17 -
Fortinet 3.117.0.0 2009.06.17 -
GData 19 2009.06.17 -
Ikarus T3.1.1.59.0 2009.06.17 -
Jiangmin 11.0.706 2009.06.17 -
K7AntiVirus 7.10.766 2009.06.17 -
Kaspersky 7.0.0.125 2009.06.17 -
McAfee 5649 2009.06.17 -
McAfee+Artemis 5649 2009.06.17 -
McAfee-GW-Edition 6.7.6 2009.06.17 -
Microsoft 1.4701 2009.06.17 -
NOD32 4164 2009.06.17 -
Norman 6.01.09 2009.06.17 -
nProtect 2009.1.8.0 2009.06.17 -
Panda 10.0.0.14 2009.06.17 -
PCTools 4.4.2.0 2009.06.17 -
Prevx 3.0 2009.06.17 -
Rising 21.34.24.00 2009.06.17 -
Sophos 4.42.0 2009.06.17 -
Sunbelt 3.2.1858.2 2009.06.17 -
Symantec 1.4.4.12 2009.06.17 -
TheHacker 6.3.4.3.348 2009.06.17 -
TrendMicro 8.950.0.1094 2009.06.17 -
VBA32 3.12.10.7 2009.06.17 -
ViRobot 2009.6.17.1792 2009.06.17 -
VirusBuster 4.6.5.0 2009.06.17 -
Information additionnelle
File size: 294912 bytes
MD5...: cfa3d84f9fb775a478447e8b9f7f441b
SHA1..: 16217ae7a92aba91a003f1769e19c3fb586e1d66
SHA256: 2807e6b6f206f3ab257799bc4bc619cfebfac7e234bfb410396c8d90a8967485
ssdeep: 6144:6op2HD2csI783G8ybGsi70fWMTwUO7At3lE:6CcsSG7SXTZO7A7
PEiD..: -
TrID..: File type identification
DirectShow filter (90.9%)
Win32 Executable Generic (3.8%)
Win32 Dynamic Link Library (generic) (3.4%)
Generic Win/DOS Executable (0.9%)
DOS Executable Generic (0.9%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x13a5
timedatestamp.....: 0x47c3ff5f (Tue Feb 26 12:00:31 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x40c2e 0x40e00 6.55 c385b4608d804ab72e8196db1a4cd543
.data 0x42000 0x13dc 0xc00 1.95 7f21133f7a1045d14ae087760f433a30
.rsrc 0x44000 0x35f4 0x3600 4.36 9205a6eb28e28710313af17cd44a1801
.reloc 0x48000 0x2b68 0x2c00 6.71 3d9c9b1ad88190f33291d8605b732f2c

( 6 imports )
> ADVAPI32.dll: CheckTokenMembership, AllocateAndInitializeSid, FreeSid, RegEnumValueA, RegQueryValueA, RegOpenKeyA, RegDeleteValueW, RegDeleteValueA, GetUserNameA, OpenProcessToken, GetTokenInformation, ConvertSidToStringSidA, RegQueryInfoKeyA, RegSetValueExW, RegEnumKeyExA, RegSetValueExA, RegCreateKeyExA, RegDeleteKeyA, RegQueryValueExW, RegOpenKeyExA, RegQueryValueExA, RegCloseKey
> GDI32.dll: CreateCompatibleBitmap, SetBkColor, ExtTextOutA, PatBlt, CreateFontIndirectA, GetTextMetricsA, GetTextCharsetInfo, TranslateCharsetInfo, GetBitmapBits, DeleteDC, GetObjectA, CreateBitmap, CreateDIBSection, SelectObject, DeleteObject, CreateDCA, CreateCompatibleDC, BitBlt, SetTextColor, GetStockObject
> KERNEL32.dll: MultiByteToWideChar, LocalFree, GetCurrentProcess, AddAtomA, FindAtomA, DeleteAtom, OpenMutexA, GetSystemDefaultLCID, GetThreadLocale, GetTickCount, WaitForSingleObject, CreateEventA, OpenEventA, SetEvent, OpenProcess, OpenFileMappingA, IsBadReadPtr, GlobalUnlock, GlobalLock, lstrcpynA, GetSystemDirectoryA, TlsFree, GlobalFree, GlobalAlloc, VirtualAlloc, VirtualFree, HeapDestroy, HeapFree, HeapReAlloc, HeapAlloc, HeapCreate, FlushViewOfFile, GetLocaleInfoW, LoadLibraryA, LoadLibraryW, lstrlenW, QueryPerformanceCounter, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, EnumResourceLanguagesA, GetSystemDefaultLangID, CreateProcessA, TlsAlloc, CreateFileMappingA, GetLastError, GetVersionExA, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, MapViewOfFile, UnmapViewOfFile, ReleaseMutex, CloseHandle, CreateMutexA, GetModuleFileNameA, GetFullPathNameA, lstrcpyA, GetProcAddress, FreeLibrary, lstrlenA, TlsSetValue, GetCurrentProcessId, EnterCriticalSection, FindResourceA, LoadResource, GetLocaleInfoA, GetACP, WideCharToMultiByte, GetCurrentThreadId, lstrcmpA, TlsGetValue, LeaveCriticalSection, InterlockedIncrement, InterlockedDecrement, lstrcmpiA, IsValidCodePage, GetWindowsDirectoryA, LocalReAlloc, LocalAlloc, GetModuleHandleA, LoadLibraryExA, GetSystemWindowsDirectoryA
> msvcrt.dll: strncmp, wcscmp, memmove, _except_handler3, _vsnprintf, _adjust_fdiv, malloc, _initterm, free, wcscpy, wcsncpy, _vsnwprintf, wcslen
> ntdll.dll: LdrLockLoaderLock, LdrUnlockLoaderLock, RtlUnhandledExceptionFilter
> USER32.dll: CallNextHookEx, SetWindowsHookExA, GetActiveWindow, SetWindowsHookExW, RegisterWindowMessageA, SystemParametersInfoA, PostMessageA, GetUserObjectInformationA, GetThreadDesktop, GetKeyboardState, FindWindowA, SetForegroundWindow, wsprintfA, WaitForInputIdle, GetGUIThreadInfo, MsgWaitForMultipleObjects, DispatchMessageA, SendNotifyMessageA, SetWindowLongA, DestroyIcon, FillRect, GetIconInfo, CopyIcon, CreateIconIndirect, CopyImage, GetDC, DestroyMenu, TrackPopupMenuEx, InsertMenuA, CreatePopupMenu, LoadImageA, CheckMenuItem, InsertMenuItemA, GetMessageA, PeekMessageW, GetMessageW, LoadKeyboardLayoutA, GetKeyboardLayoutList, DrawTextA, GetSysColor, GetCursorPos, WindowFromPoint, GetKeyState, SetTimer, EnumThreadWindows, GetWindow, InSendMessageEx, ActivateKeyboardLayout, GetSystemMetrics, GetFocus, GetForegroundWindow, IsIconic, KillTimer, UnhookWindowsHookEx, GetKeyboardLayout, IsWindow, DestroyWindow, PeekMessageA, PostQuitMessage, GetQueueStatus, GetParent, GetWindowThreadProcessId, FindWindowExA, EnumChildWindows, RegisterClassExA, DefWindowProcA, BeginPaint, LoadIconA, DrawIconEx, ReleaseDC, EndPaint, GetWindowRect, CreateWindowExA, MoveWindow, SendMessageA, EnableWindow, ShowWindow, GetClassNameA, GetClassLongA, GetWindowLongA, IsWindowInDestroy, IsWindowVisible, GetWindowTextA, PostThreadMessageA, LoadCursorA

( 39 exports )
DllCanUnloadNow, DllGetClassObject, DllRegisterServer, DllUnregisterServer, SetInputScope, SetInputScopeXML, SetInputScopes, TF_CUASAppFix, TF_CheckThreadInputIdle, TF_ClearLangBarAddIns, TF_CreateCategoryMgr, TF_CreateCicLoadMutex, TF_CreateDisplayAttributeMgr, TF_CreateInputProcessorProfiles, TF_CreateLangBarItemMgr, TF_CreateLangBarMgr, TF_CreateThreadMgr, TF_DllDetachInOther, TF_GetGlobalCompartment, TF_GetInputScope, TF_GetLangIcon, TF_GetMlngHKL, TF_GetMlngIconIndex, TF_GetThreadFlags, TF_GetThreadMgr, TF_InatExtractIcon, TF_InitMlngInfo, TF_InitSystem, TF_InvalidAssemblyListCache, TF_InvalidAssemblyListCacheIfExist, TF_IsCtfmonRunning, TF_IsFullScreenWindowAcitvated, TF_IsInMarshaling, TF_MlngInfoCount, TF_PostAllThreadMsg, TF_RegisterLangBarAddIn, TF_RunInputCPL, TF_UninitSystem, TF_UnregisterLangBarAddIn
PDFiD.: -
RDS...: NSRL Reference Data Set
-
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=cfa3d84f9fb775a478447e8b9f7f441b' target='_blank'>http://www.threatexpert.com/report.aspx?md5=cfa3d84f9fb775a478447e8b9f7f441b</a>

   
Répondre à Taffy

21

sKe69, le 18 jun 2009 à 00:03:54

Oki ...

passe à la suite maintenant ( SDFix ) ...

"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne 
vous l'a pas dit !

   
Répondre à sKe69
77 réponses 1234 Suivant
Posez votre question Répondre
Ils ont besoin de votre aide