High-Tech Santé Médecine Droit-Finances

Grippe A

Que dois-je faire ?

Rechercher : dans
Par :

PB TROJAN WINRAR.EXE

Dernière réponse le 12 jui 2009 à 17:25:44 TITI5969, le 3 jui 2009 à 21:36:49 
 Signaler ce message aux modérateurs

Bonsoir,

J'ai un trojan sur winrar.exe, je voulais faire le tri avec Malwarebytes' Anti-Malware mais je ne sais pas si je peux supprimer tout ce qui gene, j'ai aussi HijackThis mais je ne sais pas non plus quoi faire, impossible de restaurer à un autre points de restauration et mode ss echec impossible

Merci pour votre aide

A+

Configuration: Windows XP
Firefox 3.0.11

Posez votre question Répondre

1

jacques.gache, le 3 jui 2009 à 22:06:07

Bonjour, si tu as un rapport hijackthis et que tu ne saches pas quoi faire avec le mieux serait que tu le postes ici afin que l'on puisse voir cela , sinon pour malwarebytes perso je l'utilise sur les 6 pc de la maison depuis près de 3ans et j'ai toujours supprimer tout ce qu'il trouvait sans avoir de problème de fonctionnement après, il est arrivé des problèmes sur des pc qui avait un windows piraté et il à planté le pc , si tu as un doute postes le rapport qui t'a fais sans avoir fais la suppression et on regardera les lignes qu'il donne et si légitime ou pas Attention !! la surmultiplication de logiciels de sécurité n­e 
protège pas mieux voire peut engendrer des conflits et
des plantages. " mais chacun reste maître de son PC "

   
Répondre à jacques.gache

2

TITI5969, le 4 jui 2009 à 12:37:23

Bonjour,

J'ai également lancé superantispyware-free-edition il a trouvé d'autre truc que j'ai mis en quarantaine
En fait j'ai le pb de trojen voir plus car restauration point et mode ss echec impossible, avec ceux-ci on regle pas mal de pb, donc je dois avoir d'autre pb


Logfile of HijackThis v1.99.1
Scan saved at 12:33:47, on 04/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\TITI\LOGICIEL\TROJAN\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0866c11f-a44a-426c-be51-0352201c6065} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/...
O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_8884.cab
O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} (Java Plug-in 1.3.1_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

   
Répondre à TITI5969

3

jacques.gache, le 4 jui 2009 à 18:36:03

Bonjour, ton hijackthis n'est plus d'actualité la version est périmé tu posteras un RSIT qui lui nous en montreras plus car la je ne vois pas l'infection , par contre tu as spybot + superantispyware et Mcafee la version de celui ci n'aurait pas un anti-spyware incorporé ce qui en ferais 3 c'est pas très bon pour le fonctionnement du pc

• Télécharge Random's System Information Tool (RSIT) de Random/Random, et enregistre le sur ton Bureau.
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur "Continue" à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

ps:Les rapports se trouvent à cet endroit:

C:\rsit\info.txt

C:\rsit\log.txt


Tutoriel pour t'aider





Attention !! la surmultiplication de logiciels de sécurité ne 
protège pas mieux voire peut engendrer des conflits et
des plantages. " mais chacun reste maître de son PC "

   
Répondre à jacques.gache

4

TITI5969, le 5 jui 2009 à 10:42:59

Bonjour,

J'ai fait un peu de nettoyage, gardé mcafee effectivement il fait antispyware et spybot, je peux garder les 2?
J'ai tenté d'autoriser winrar.exe ds mcafee mais il le détecte tjs comme trojan donc en quarantaine d'office
J'ai lu que si je répare windows fini les pb? Car j'ai un trojen ok mais autre pb restaur points impossible ainsi que mode ss echec

Je poste le log

Logfile of random's system information tool 1.06 (written by random/random)
Run by BRACQ at 2009-07-05 02:11:03
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 17 GB (23%) free of 72 GB
Total RAM: 1023 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:11:17, on 05/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\apps\ABoard\ABoard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee\msc\mcshell.exe
F:\TITI\LOGICIEL\TROJAN\RSIT.exe
C:\Program Files\trend micro\BRACQ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0866c11f-a44a-426c-be51-0352201c6065} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/...
O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_8884.cab
O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} (Java Plug-in 1.3.1_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
End of file - 7197 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ADD77E6F9390FBF3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0866c11f-a44a-426c-be51-0352201c6065}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A114D52B-870C-4F15-8021-B6D7F91A054B}]
iFinger plugin / Browser helper object - C:\PROGRA~1\iFinger\plugins\IE.ifp [2001-07-09 349184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
"ACTIVBOARD"=c:\apps\ABoard\ABoard.exe [2003-05-02 24576]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-30 344064]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-31 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\loviheti.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95000000
"NoCD-Burning"=1
"NoLogoff"=0
"NoClose"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\WM Recorder 10\WMR90.exe"="C:\Program Files\WM Recorder 10\WMR90.exe:*:Disabled:Windows Media (TM) Stream Recorder"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\McAfee\MPF\MpfSrv.exe"="C:\Program Files\McAfee\MPF\MpfSrv.exe:*:Enabled:MPFSrv"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Fichiers communs\McAfee\McProxy\McProxy.exe"="C:\Program Files\Fichiers communs\McAfee\McProxy\McProxy.exe:*:Enabled:mcproxy"
"C:\WINDOWS\system32\FTRTSVC.exe"="C:\WINDOWS\system32\FTRTSVC.exe:*:Enabled:FTRTSVC"
"C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"="C:\Program Files\McAfee\SiteAdvisor\McSACore.exe:*:Enabled:McSACore"
"C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1ae5b25-cad7-11dd-a1d7-000c7683fb91}]
shell\AutoRun\command - I:\Memorybar.exe


======List of files/folders created in the last 3 months======

2009-07-05 01:46:17 ----D---- C:\Program Files\WinRAR
2009-07-05 01:35:55 ----D---- C:\rsit
2009-07-03 22:37:23 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-03 22:37:09 ----D---- C:\Documents and Settings\BRACQ\Application Data\SUPERAntiSpyware.com
2009-07-02 23:53:19 ----D---- C:\Documents and Settings\BRACQ\Application Data\Malwarebytes
2009-07-02 23:53:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-02 23:53:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-02 21:39:16 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\unacev2.dll
2009-07-01 15:52:06 ----D---- C:\Program Files\McAfee.com
2009-07-01 15:51:57 ----D---- C:\Program Files\Fichiers communs\McAfee
2009-07-01 15:51:40 ----D---- C:\Program Files\McAfee
2009-07-01 13:15:58 ----A---- C:\WINDOWS\system32\Process.exe
2009-06-24 11:26:05 ----D---- C:\Program Files\Microsoft Silverlight
2009-06-22 17:36:31 ----D---- C:\Documents and Settings\BRACQ\Application Data\Mindscape
2009-06-22 17:36:09 ----D---- C:\Program Files\Mindscape
2009-06-20 09:17:43 ----D---- C:\Program Files\Kellogg's Afrique
2009-06-10 10:39:07 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 10:38:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-10 10:38:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 10:38:39 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-03 17:51:48 ----D---- C:\Program Files\Kellogg's Amérique
2009-05-22 00:43:38 ----D---- C:\Documents and Settings\BRACQ\Application Data\Yahoo!
2009-05-21 22:58:27 ----D---- C:\Program Files\Mozilla Firefox
2009-05-21 18:23:40 ----D---- C:\Documents and Settings\BRACQ\Application Data\Mozilla
2009-05-20 18:10:07 ----D---- C:\Program Files\CCleaner
2009-05-18 23:37:11 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-05-14 00:06:11 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\swsc.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\swreg.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-05-13 23:56:57 ----A---- C:\WINDOWS\system32\tmp.txt
2009-05-13 23:56:39 ----A---- C:\rapport.txt
2009-05-13 19:48:28 ----A---- C:\VundoFix.txt
2009-05-13 16:53:55 ----D---- C:\Documents and Settings\BRACQ\Application Data\Talkback
2009-05-02 23:10:23 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-05-02 23:10:13 ----D---- C:\Program Files\Orange
2009-04-15 22:29:09 ----D---- C:\Documents and Settings\BRACQ\Application Data\ProtectDisc
2009-04-15 16:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 16:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 16:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 16:18:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 16:18:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 16:18:16 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

======List of files/folders modified in the last 3 months======

2009-07-05 02:11:05 ----D---- C:\Program Files\Trend Micro
2009-07-05 02:11:04 ----D---- C:\WINDOWS\Temp
2009-07-05 02:08:15 ----D---- C:\WINDOWS\Prefetch
2009-07-05 01:56:35 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-05 01:56:20 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-05 01:51:56 ----D---- C:\WINDOWS\Debug
2009-07-05 01:51:56 ----D---- C:\WINDOWS
2009-07-05 01:46:17 ----RD---- C:\Program Files
2009-07-05 01:43:00 ----N---- C:\WINDOWS\SchedLgU.Txt
2009-07-05 01:08:36 ----D---- C:\Config.Msi
2009-07-05 00:21:17 ----SHD---- C:\WINDOWS\Installer
2009-07-05 00:21:17 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-07-04 14:56:53 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-03 23:11:58 ----D---- C:\WINDOWS\system32\drivers
2009-07-03 23:09:31 ----D---- C:\WINDOWS\system32
2009-07-01 16:49:31 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-07-01 16:49:19 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-07-01 16:49:14 ----HD---- C:\WINDOWS\inf
2009-07-01 16:02:26 ----SD---- C:\WINDOWS\Tasks
2009-07-01 15:51:57 ----D---- C:\Program Files\Fichiers communs
2009-06-24 17:59:31 ----D---- C:\WINDOWS\Microsoft.NET
2009-06-22 17:36:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-10 10:45:14 ----D---- C:\Program Files\Internet Explorer
2009-06-10 10:39:35 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-06-10 10:39:32 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-10 10:39:18 ----D---- C:\WINDOWS\ie7updates
2009-06-10 10:37:57 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-29 22:48:40 ----D---- C:\Documents and Settings\BRACQ\Application Data\Adobe
2009-05-23 23:14:16 ----D---- C:\WINDOWS\Help
2009-05-14 21:08:44 ----SHD---- C:\System Volume Information
2009-05-14 21:08:44 ----D---- C:\WINDOWS\system32\Restore
2009-05-14 13:35:56 ----D---- C:\Program Files\TuneUp Utilities 2006
2009-05-14 09:46:38 ----A---- C:\WINDOWS\wininit.ini
2009-05-07 17:33:02 ----N---- C:\WINDOWS\system32\localspl.dll
2009-05-02 23:10:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-02 23:10:32 ----D---- C:\WINDOWS\system32\DirectX
2009-04-29 06:45:44 ----A---- C:\WINDOWS\system32\wininet.dll
2009-04-29 06:45:43 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-04-29 06:45:43 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-04-29 06:45:43 ----A---- C:\WINDOWS\system32\url.dll
2009-04-29 06:45:42 ----N---- C:\WINDOWS\system32\occache.dll
2009-04-29 06:45:42 ----N---- C:\WINDOWS\system32\mstime.dll
2009-04-29 06:45:42 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-04-29 06:45:42 ----A---- C:\WINDOWS\system32\msrating.dll
2009-04-29 06:45:42 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-04-29 06:45:41 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-04-29 06:45:40 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-04-29 06:45:40 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-04-29 06:45:39 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-04-29 06:45:38 ----N---- C:\WINDOWS\system32\iernonce.dll
2009-04-29 06:45:38 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-04-29 06:45:38 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-04-29 06:45:36 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-04-29 06:45:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-04-29 06:45:35 ----A---- C:\WINDOWS\system32\icardie.dll
2009-04-29 06:45:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-04-29 06:45:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-04-29 06:45:34 ----A---- C:\WINDOWS\system32\advpack.dll
2009-04-28 11:06:24 ----N---- C:\WINDOWS\system32\ieudinit.exe
2009-04-28 11:06:24 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-04-25 07:26:23 ----N---- C:\WINDOWS\system32\ieakui.dll
2009-04-15 22:13:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-15 20:10:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-15 20:06:10 ----D---- C:\WINDOWS\system32\wbem
2009-04-15 20:06:10 ----D---- C:\WINDOWS\AppPatch
2009-04-15 16:53:29 ----A---- C:\WINDOWS\system32\rpcrt4.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 11264]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-10-10 52128]
R1 vcsmpdrv;vcsmpdrv; C:\WINDOWS\System32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-10-11 278984]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-04-27 18048]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-21 462940]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-02-09 19200]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-31 1333760]
R3 axsaki;axsaki; C:\WINDOWS\system32\DRIVERS\axsaki.sys [2003-03-30 102624]
R3 axskbus;axskbus; C:\WINDOWS\system32\DRIVERS\axskbus.sys [2003-03-28 8640]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-04-24 41984]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2003-01-21 210024]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2003-01-17 507008]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2003-01-17 39348]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys); C:\WINDOWS\System32\Drivers\e4ldr.sys [2006-03-02 63555]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture; C:\WINDOWS\System32\Drivers\M9205.sys [2005-10-14 70272]
S3 e4usbaw;USB ADSL2 WAN Adapter; C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 114616]
S3 gel90xne;gel90xne; \??\C:\DOCUME~1\BRACQ\LOCALS~1\Temp\gel90xne.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-09-26 20240]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-09-26 35472]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-09-26 37392]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-09-26 28816]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX; C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 37248]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2003-01-21 1290312]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2004-05-14 32896]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2003-01-17 162136]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 RecAgent;recagent; \??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2003-01-21 84784]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS []
S3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-31 376832]
R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 UxTuneUp;Extension de conception TuneUp; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version); C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-30 516096]
S2 CanalPlus.VOD;CanalPlus.VOD; C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2009-04-29 188416]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-01-17 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2004-05-14 86016]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

   
Répondre à TITI5969

5

jacques.gache, le 5 jui 2009 à 12:40:41

Bonjour, perso jez te conseillerais de virer spybot qui te fais un double emploi et qui te prend de la ram pour pas grand chose , tu vas passer findykill option 1 et 2 tu postes les rapport et puis tu fais l'option 5 pour le désinstaller , tu passeras malwarebytes tu posteras le rapport suivi d'un nouveau RSIT tu le relanceras tu me le poste de même que info.txt que tu n'as pas posté

1) pour findykill

########### [ Option 1 ( Recherche ) ]


• Télécharge et install FindyKill http://sd-1.archive-host.com/membres/up/127028005715545653/F­indyKill.exe

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur le raccourci FindyKill présent sur ton bureau .

• Choisis l'option 1 ( Recherche )

• Laisse travailler l'outil.

• Ensuite post le rapport FindyKill.txt qui apparaitra.

• Note : Le rapport FindyKill.txt est sauvegardé a la racine du disque. ( C:\FindyKill.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


• Tuto : http://pagesperso-orange.fr/NosTools/index.html


##################### [ Option 2 ( Suppression ) ]



(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

• Double clic sur le raccourci FindyKill présent sur ton bureau

• choisis l'option 2 ( Suppression )

• Ton bureau disparaitra et le pc redémarrera .

• Au redémarrage , FindyKill scannera ton pc , laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

• Note : Le rapport FindyKill.txt est sauvegardé a la racine du disque.( C:\FindyKill.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )




##################### [ Option 5 ( Désinstallation ) ]



• Double clic sur le raccourci FindyKill présent sur ton bureau

• Choisis l'option 5 ( Désinstaller ) ....




2) passes malwarebytes

Telecharge malwarebytes

-> http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php

Tu l´instales; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

ps : les rapport sont aussi rangé dans l onglet rapport/log




3) poste le nouveau RSIT le log.txt rt puis info.txt que tu as oublié de poster

C:\rsit\info.txt

Attention !! la surmultiplication de logiciels de sécurité ne 
protège pas mieux voire peut engendrer des conflits et
des plantages. " mais chacun reste maître de son PC "

   
Répondre à jacques.gache

6

TITI5969, le 5 jui 2009 à 14:17:43

Oups!!!
Je poste l'info.txt et j'attends que tu me dise si je peux faire ce que tu m'as dit avant


info.txt logfile of random's system information tool 1.06 2009-07-05 02:11:19

======Uninstall list======

"Equitation & Magie - Sarah et la licorne"-->C:\Program Files\Gost Publishing\Einhorn\uninst.exe
-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{09B44E78-A988-4BC0-962F-63ECD3333708} /l1036
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\SETUP.EXE" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A174402A-2EE6-4B86-A930-7BC85A9933BD}\SETUP.EXE" -l0x40c
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Alexandra Ledermann 6 - L'Ecole des Champions-->C:\Program Files\UbiSoft\Lexis Numérique\Alexandra Ledermann 6\Desinst.exe
Ankh-->"C:\Program Files\Micro Application\Ankh\uninstall.exe"
AnswerWorks Runtime-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Barbie(TM) et le Cheval Magique-->C:\Program Files\Fichiers communs\Vivendi Universal Games\Uninstall\PegasusUn.exe
Barbie(TM) Horse Adventures(TM)-->C:\Program Files\Fichiers communs\Vivendi Universal Games\Uninstall\HorseUn.exe
Brain Coaching-->MsiExec.exe /I{42AD6CE4-B761-4ED1-9A3C-3E168F256504}
CANAL WIDGET-->MsiExec.exe /X{09B6B322-325F-4A5F-9051-830ED194A1A7}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
DANCE DANCE DANCE-->MsiExec.exe /X{34675F5A-0E6C-488D-8F7E-40F0ACFDD535}
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EasyCleaner-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Environnement d'exécution Java 2, Standard Edition v1.3.1_01-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_01\Uninst.isu"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
hp deskjet 3320 series (Supprimer uniquement)-->C:\Program Files\hp deskjet 3320 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=3320 -huninstall
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java Runtime Environment 1.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\JavaSoft\JRE\1.1\lib\DeIsL1.isu"
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JS Star-->MsiExec.exe /I{1BD68BBD-329B-46CC-9DDD-65F2F65DACA1}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Les Sims 2 Fun en Famille Kit-->C:\Program Files\EA GAMES\Les Sims 2 Fun en Famille Kit\EAUninstall.exe
Les Sims 2 : La bonne affaire-->C:\Program Files\EA GAMES\Les Sims 2  La bonne affaire\EAUninstall.exe
Les Sims 2-->C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
Les Sims™ 2 Jour de fête ! Kit -->C:\Program Files\EA GAMES\Les Sims 2 Jour de fête ! Kit \EAUninstall.exe
Les Sims™ 2 Kit Glamour-->C:\Program Files\EA GAMES\Les Sims 2 Kit Glamour\EAUninstall.exe
Les Sims™ 2 La Vie en Appartement-->C:\Program Files\EA GAMES\Les Sims 2 La Vie en Appartement\EAUninstall.exe
Les Sims™ 2 Au fil des saisons-->C:\Program Files\EA GAMES\Les Sims 2 Au fil des saisons\EAUninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mission Equitation-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DA98964-804D-4DCF-AD6A-DE9D9EF3A825}\setup.exe" -l0x40c -removeonly
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Odebit Multimédia V3.2-->"C:\Program Files\Odebit Multimédia\V3.2\unins000.exe"
Orange WebTV Player 1.28884-->"C:\Program Files\Orange\Orange WebTV Player\unins000.exe"
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0-->"C:\Program Files\Orban\AAC-aacPlus Plugin\unins000.exe"
P2P-Radio 2.0 - Windows Edition-->"C:\Program Files\P2P-Radio\unins000.exe"
Packard Bell InfoCentre-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07A1C2E1-76DD-11D6-9922-009027E9C183}\setup.exe"
PeerTV 0.4.1-->"C:\Program Files\PeerTV\uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
ProtectDisc Driver, Version 11-->C:\Program Files\ProtectDisc Driver Installer\uninstall_v11.exe
PS TO USB CONVERTOR-->C:\PROGRA~1\PSTOUS~1\UNWISE.EXE C:\PROGRA~1\PSTOUS~1\INSTALL.LOG
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
SAGEM F@st 800-840-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\Setup.exe" -l0x40c
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spirit (remove only)-->"C:\Program Files\THQ\Spirit\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Titeuf Méga-Compet'-->"C:\Program Files\Atari\Titeuf\unins000.exe"
TMPGEnc DVD Author 1.5-->MsiExec.exe /I{4A8A0AE0-8F80-4621-AD2F-E2F8FE0CC7FD}
TuneUp Utilities 2006-->MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
upapp-->MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Video Convert Master v3.1-->"C:\Program Files\Video Convert Master\unins000.exe"
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtua Tennis-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EADF648F-1711-11D6-AFAD-0040052179B6}\setup.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 3.1 beta3-->"C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WM Recorder + RM Recorder 10.1-->C:\WINDOWS\iun6002.exe "C:\Program Files\WM Recorder 10\irunin.ini"
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Hosts File======

127.0.0.1
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: SN100951600004
Event Code: 62486
Message: Invalid parameters

Record Number: 737970
Source Name: ati2mtag
Time Written: 20090626225959.000000+120
Event Type: Informations
User:

Computer Name: SN100951600004
Event Code: 62486
Message: Invalid parameters

Record Number: 737969
Source Name: ati2mtag
Time Written: 20090626225959.000000+120
Event Type: Informations
User:

Computer Name: SN100951600004
Event Code: 62486
Message: Invalid parameters

Record Number: 737968
Source Name: ati2mtag
Time Written: 20090626225959.000000+120
Event Type: Informations
User:

Computer Name: SN100951600004
Event Code: 62486
Message: Invalid parameters

Record Number: 737967
Source Name: ati2mtag
Time Written: 20090626225959.000000+120
Event Type: Informations
User:

Computer Name: SN100951600004
Event Code: 62486
Message: Invalid parameters

Record Number: 737966
Source Name: ati2mtag
Time Written: 20090626225959.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\FICHIE~1\TVNAVI~1;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"="C:\Program Files\JavaSoft\JRE\1.3.1_01\lib\ext\QTJava.zip"
"QTJAVA"="C:\Program Files\JavaSoft\JRE\1.3.1_01\lib\ext\QTJava.zip"
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

   
Répondre à TITI5969

7

jacques.gache, le 5 jui 2009 à 15:11:28

Ok tu peux faire ce qui est dans http://www.commentcamarche.net/forum/affich 13189045 pb trojan winrar exe?#5 mais avant j'aimerais bien que tu déactive spybot je crainds qu'il nous bloque , merci

déactives la protection résidente de spybot pour pas qu'il nous bloque le fixe
quand tu le réactiveras possible qu'il te demande d'accepter ou pas les modifications il faudra les accepter toutes
pour t'aider au cas ou : http://www.safer-networking.org/fr/howto/disable.hs.html
Attention !! la surmultiplication de logiciels de sécurité n­e 
protège pas mieux voire peut engendrer des conflits et
des plantages. " mais chacun reste maître de son PC "

   
Répondre à jacques.gache

8

TITI5969, le 5 jui 2009 à 17:20:51

Je fais la suite ...


############################## | FindyKill V6.002 |

# User : BRACQ (Administrateurs) # SN100951600004
# Update on 03/07/09 by Chiquitine29 & C_XX
# Start at: 16:52:28 | 05/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# AMD Athlon(tm) XP 2500+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Disabled
# AV : McAfee VirusScan [ Enabled | Updated ]
# FW : McAfee Personal Firewall[ Enabled ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 70,52 Go (16,35 Go free) [HDD] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque fixe local # 4 Go (335,23 Mo free) [RESTDONE] # NTFS
# G:\ # Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\apps\ABoard\ABoard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsmap.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Registre Startup |

HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="http://www.google.fr/"
HKCU_Main: "Window Title"="Orange"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe"
HKLM_logon: "Windows Shell (ezShellStart)"="C:\\WINDOWS\\System32\\userinit.exe"
HKLM_logon: "DefaultUserName"="BRACQ"
HKLM_logon: "AltDefaultUserName"="BRACQ"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: SoundMan=SOUNDMAN.EXE
HKLM_Run: ACTIVBOARD=c:\apps\ABoard\ABoard.exe
HKLM_Run: ATIPTA="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
HKLM_Run: mcagent_exe=C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

################## | Fichiers # Dossiers infectieux |


################## | C:\Documents and Settings\BRACQ\Temporary Internet Files |


################## | All Drives ... |

Présent ! C:\FLIPART.EXE
Présent ! C:\GETBOOTD.BAT

################## | Registre # Clés Run infectieuses |

Présent ! HKU\S-1-5-21-3280389273-3996981173-2354660383-1007\Software\UBISOFT

################## | Registre # Mountpoints2 |

HKCU\...\Explorer\MountPoints2\{e1ae5b25-cad7-11dd-a1d7-000c7683fb91}\Shell\AutoRun\Command

################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK

# Mode sans echec : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # FindyKill V6.002 ! |

   
Répondre à TITI5969

9

TITI5969, le 5 jui 2009 à 19:40:42

Resultat de Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2376
Windows 5.1.2600 Service Pack 3

05/07/2009 19:27:49
mbam-log-2009-07-05 (19-27-49).txt

Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 195596
Temps écoulé: 1 hour(s), 21 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

   
Répondre à TITI5969

10

TITI5969, le 5 jui 2009 à 19:42:11

Resultat de log HijackThis

Logfile of random's system information tool 1.06 (written by random/random)
Run by BRACQ at 2009-07-05 19:35:32
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 17 GB (23%) free of 72 GB
Total RAM: 1023 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:35:40, on 05/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\apps\ABoard\ABoard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\AOSD.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\TITI\LOGICIEL\TROJAN\RSIT.exe
C:\Program Files\trend micro\BRACQ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0866c11f-a44a-426c-be51-0352201c6065} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/...
O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_8884.cab
O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} (Java Plug-in 1.3.1_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
End of file - 6691 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ADD77E6F9390FBF3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0866c11f-a44a-426c-be51-0352201c6065}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A114D52B-870C-4F15-8021-B6D7F91A054B}]
iFinger plugin / Browser helper object - C:\PROGRA~1\iFinger\plugins\IE.ifp [2001-07-09 349184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
"ACTIVBOARD"=c:\apps\ABoard\ABoard.exe [2003-05-02 24576]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-30 344064]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-08-28 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-31 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\loviheti.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95000000
"NoCD-Burning"=1
"NoLogoff"=0
"NoClose"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\WM Recorder 10\WMR90.exe"="C:\Program Files\WM Recorder 10\WMR90.exe:*:Disabled:Windows Media (TM) Stream Recorder"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\McAfee\MPF\MpfSrv.exe"="C:\Program Files\McAfee\MPF\MpfSrv.exe:*:Enabled:MPFSrv"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Fichiers communs\McAfee\McProxy\McProxy.exe"="C:\Program Files\Fichiers communs\McAfee\McProxy\McProxy.exe:*:Enabled:mcproxy"
"C:\WINDOWS\system32\FTRTSVC.exe"="C:\WINDOWS\system32\FTRTSVC.exe:*:Enabled:FTRTSVC"
"C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"="C:\Program Files\McAfee\SiteAdvisor\McSACore.exe:*:Enabled:McSACore"
"C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2009-07-05 17:49:00 ----RASHD---- C:\autorun.inf
2009-07-05 17:48:59 ----A---- C:\UsbFix.txt
2009-07-05 16:49:17 ----D---- C:\FindyKill
2009-07-05 01:46:17 ----D---- C:\Program Files\WinRAR
2009-07-05 01:35:55 ----D---- C:\rsit
2009-07-03 22:37:23 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-03 22:37:09 ----D---- C:\Documents and Settings\BRACQ\Application Data\SUPERAntiSpyware.com
2009-07-02 23:53:19 ----D---- C:\Documents and Settings\BRACQ\Application Data\Malwarebytes
2009-07-02 23:53:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-02 23:53:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-02 21:39:16 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\unacev2.dll
2009-07-01 15:52:06 ----D---- C:\Program Files\McAfee.com
2009-07-01 15:51:57 ----D---- C:\Program Files\Fichiers communs\McAfee
2009-07-01 15:51:40 ----D---- C:\Program Files\McAfee
2009-07-01 13:15:58 ----A---- C:\WINDOWS\system32\Process.exe
2009-06-24 11:26:05 ----D---- C:\Program Files\Microsoft Silverlight
2009-06-22 17:36:31 ----D---- C:\Documents and Settings\BRACQ\Application Data\Mindscape
2009-06-22 17:36:09 ----D---- C:\Program Files\Mindscape
2009-06-20 09:17:43 ----D---- C:\Program Files\Kellogg's Afrique
2009-06-10 10:39:07 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 10:38:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-10 10:38:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 10:38:39 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-03 17:51:48 ----D---- C:\Program Files\Kellogg's Amérique
2009-05-22 00:43:38 ----D---- C:\Documents and Settings\BRACQ\Application Data\Yahoo!
2009-05-21 22:58:27 ----D---- C:\Program Files\Mozilla Firefox
2009-05-21 18:23:40 ----D---- C:\Documents and Settings\BRACQ\Application Data\Mozilla
2009-05-20 18:10:07 ----D---- C:\Program Files\CCleaner
2009-05-18 23:37:11 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-05-14 00:06:11 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\swsc.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\swreg.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-05-13 23:56:57 ----A---- C:\WINDOWS\system32\tmp.txt
2009-05-13 23:56:39 ----A---- C:\rapport.txt
2009-05-13 19:48:28 ----A---- C:\VundoFix.txt
2009-05-13 16:53:55 ----D---- C:\Documents and Settings\BRACQ\Application Data\Talkback
2009-05-02 23:10:23 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-05-02 23:10:13 ----D---- C:\Program Files\Orange
2009-04-15 22:29:09 ----D---- C:\Documents and Settings\BRACQ\Application Data\ProtectDisc
2009-04-15 16:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 16:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 16:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 16:18:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 16:18:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 16:18:16 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

======List of files/folders modified in the last 3 months======

2009-07-05 19:35:32 ----D---- C:\Program Files\Trend Micro
2009-07-05 19:31:11 ----D---- C:\WINDOWS\Prefetch
2009-07-05 18:04:04 ----D---- C:\WINDOWS\Temp
2009-07-05 17:50:51 ----D---- C:\WINDOWS\system32
2009-07-05 17:50:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-05 17:49:33 ----SHD---- C:\RECYCLER
2009-07-05 17:49:03 ----D---- C:\WINDOWS
2009-07-05 17:25:01 ----D---- C:\WINDOWS\Debug
2009-07-05 17:24:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-05 15:21:37 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-05 12:40:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-05 01:46:17 ----RD---- C:\Program Files
2009-07-05 01:08:36 ----D---- C:\Config.Msi
2009-07-05 00:21:17 ----SHD---- C:\WINDOWS\Installer
2009-07-05 00:21:17 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-07-04 14:56:53 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-03 23:11:58 ----D---- C:\WINDOWS\system32\drivers
2009-07-01 16:49:31 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-07-01 16:49:19 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-07-01 16:49:14 ----HD---- C:\WINDOWS\inf
2009-07-01 16:02:26 ----SD---- C:\WINDOWS\Tasks
2009-07-01 15:51:57 ----D---- C:\Program Files\Fichiers communs
2009-06-24 17:59:31 ----D---- C:\WINDOWS\Microsoft.NET
2009-06-22 17:36:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-10 10:45:14 ----D---- C:\Program Files\Internet Explorer
2009-06-10 10:39:35 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-06-10 10:39:32 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-10 10:39:18 ----D---- C:\WINDOWS\ie7updates
2009-06-10 10:37:57 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-29 22:48:40 ----D---- C:\Documents and Settings\BRACQ\Application Data\Adobe
2009-05-23 23:14:16 ----D---- C:\WINDOWS\Help
2009-05-14 21:08:44 ----SHD---- C:\System Volume Information
2009-05-14 21:08:44 ----D---- C:\WINDOWS\system32\Restore
2009-05-14 13:35:56 ----D---- C:\Program Files\TuneUp Utilities 2006
2009-05-14 09:46:38 ----A---- C:\WINDOWS\wininit.ini
2009-05-07 17:33:02 ----N---- C:\WINDOWS\system32\localspl.dll
2009-05-02 23:10:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-02 23:10:32 ----D---- C:\WINDOWS\system32\DirectX
2009-04-29 06:45:44 ----A---- C:\WINDOWS\system32\wininet.dll
2009-04-29 06:45:43 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-04-29 06:45:43 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-04-29 06:45:43 ----A---- C:\WINDOWS\system32\url.dll
2009-04-29 06:45:42 ----N---- C:\WINDOWS\system32\occache.dll
2009-04-29 06:45:42 ----N---- C:\WINDOWS\system32\mstime.dll
2009-04-29 06:45:42 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-04-29 06:45:42 ----A---- C:\WINDOWS\system32\msrating.dll
2009-04-29 06:45:42 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-04-29 06:45:41 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-04-29 06:45:40 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-04-29 06:45:40 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-04-29 06:45:39 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-04-29 06:45:38 ----N---- C:\WINDOWS\system32\iernonce.dll
2009-04-29 06:45:38 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-04-29 06:45:38 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-04-29 06:45:36 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-04-29 06:45:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-04-29 06:45:35 ----A---- C:\WINDOWS\system32\icardie.dll
2009-04-29 06:45:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-04-29 06:45:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-04-29 06:45:34 ----A---- C:\WINDOWS\system32\advpack.dll
2009-04-28 11:06:24 ----N---- C:\WINDOWS\system32\ieudinit.exe
2009-04-28 11:06:24 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-04-25 07:26:23 ----N---- C:\WINDOWS\system32\ieakui.dll
2009-04-15 22:13:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-15 20:06:10 ----D---- C:\WINDOWS\system32\wbem
2009-04-15 20:06:10 ----D---- C:\WINDOWS\AppPatch
2009-04-15 16:53:29 ----A---- C:\WINDOWS\system32\rpcrt4.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 11264]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-10-10 52128]
R1 vcsmpdrv;vcsmpdrv; C:\WINDOWS\System32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-10-11 278984]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-04-27 18048]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-21 462940]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-02-09 19200]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-31 1333760]
R3 axsaki;axsaki; C:\WINDOWS\system32\DRIVERS\axsaki.sys [2003-03-30 102624]
R3 axskbus;axskbus; C:\WINDOWS\system32\DRIVERS\axskbus.sys [2003-03-28 8640]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-04-24 41984]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2003-01-21 210024]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2003-01-17 507008]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2003-01-17 39348]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys); C:\WINDOWS\System32\Drivers\e4ldr.sys [2006-03-02 63555]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture; C:\WINDOWS\System32\Drivers\M9205.sys [2005-10-14 70272]
S3 e4usbaw;USB ADSL2 WAN Adapter; C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 114616]
S3 gel90xne;gel90xne; \??\C:\DOCUME~1\BRACQ\LOCALS~1\Temp\gel90xne.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-09-26 20240]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-09-26 35472]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-09-26 37392]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-09-26 28816]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX; C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 37248]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2003-01-21 1290312]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2004-05-14 32896]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2003-01-17 162136]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 RecAgent;recagent; \??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2003-01-21 84784]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS []
S3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-31 376832]
R2 CanalPlus.VOD;CanalPlus.VOD; C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2009-04-29 188416]
R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 UxTuneUp;Extension de conception TuneUp; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version); C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-30 516096]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-01-17 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2004-05-14 86016]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

   
Répondre à TITI5969

11

TITI5969, le 5 jui 2009 à 19:44:49

Et pour finir sur les rotules le pc et moi resultat info.txt
Merci de me dire ce que je dois faire maintenant




info.txt logfile of random's system information tool 1.06 2009-07-05 19:35:41

======Uninstall list======

"Equitation & Magie - Sarah et la licorne"-->C:\Program Files\Gost Publishing\Einhorn\uninst.exe
-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{09B44E78-A988-4BC0-962F-63ECD3333708} /l1036
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove
-->C:\WINDOWS\System32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.EXE" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\SETUP.EXE" -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A174402A-2EE6-4B86-A930-7BC85A9933BD}\SETUP.EXE" -l0x40c
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 7.0.9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002}
Alcohol 120%-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
Alexandra Ledermann 6 - L'Ecole des Champions-->C:\Program Files\UbiSoft\Lexis Numérique\Alexandra Ledermann 6\Desinst.exe
Ankh-->"C:\Program Files\Micro Application\Ankh\uninstall.exe"
AnswerWorks Runtime-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\WexTech\AnswerWorks\Uninst.isu"
AnyDVD-->"C:\Program Files\SlySoft\AnyDVD\AnyDVD-uninst.exe" /D="C:\Program Files\SlySoft\AnyDVD"
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
ATI Control Panel-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Barbie(TM) et le Cheval Magique-->C:\Program Files\Fichiers communs\Vivendi Universal Games\Uninstall\PegasusUn.exe
Barbie(TM) Horse Adventures(TM)-->C:\Program Files\Fichiers communs\Vivendi Universal Games\Uninstall\HorseUn.exe
Brain Coaching-->MsiExec.exe /I{42AD6CE4-B761-4ED1-9A3C-3E168F256504}
CANAL WIDGET-->MsiExec.exe /X{09B6B322-325F-4A5F-9051-830ED194A1A7}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Correctif pour Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
DANCE DANCE DANCE-->MsiExec.exe /X{34675F5A-0E6C-488D-8F7E-40F0ACFDD535}
DVD Shrink 3.2-->"C:\Program Files\DVD Shrink\unins000.exe"
EasyCleaner-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F5346614-B7C4-4E94-826A-E2363155233D}\setup.exe" -l0x9 -removeonly
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Environnement d'exécution Java 2, Standard Edition v1.3.1_01-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\JavaSoft\JRE\1.3.1_01\Uninst.isu"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
hp deskjet 3320 series (Supprimer uniquement)-->C:\Program Files\hp deskjet 3320 series\hpfiui.exe -c -vdivid=HPF -vpnum=95 -vinstport=USB001 -vproduct=3320 -huninstall
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java Runtime Environment 1.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\JavaSoft\JRE\1.1\lib\DeIsL1.isu"
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JS Star-->MsiExec.exe /I{1BD68BBD-329B-46CC-9DDD-65F2F65DACA1}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Les Sims 2 Fun en Famille Kit-->C:\Program Files\EA GAMES\Les Sims 2 Fun en Famille Kit\EAUninstall.exe
Les Sims 2 : La bonne affaire-->C:\Program Files\EA GAMES\Les Sims 2  La bonne affaire\EAUninstall.exe
Les Sims 2-->C:\Program Files\EA GAMES\Les Sims 2\EAUninstall.exe
Les Sims™ 2 Jour de fête ! Kit -->C:\Program Files\EA GAMES\Les Sims 2 Jour de fête ! Kit \EAUninstall.exe
Les Sims™ 2 Kit Glamour-->C:\Program Files\EA GAMES\Les Sims 2 Kit Glamour\EAUninstall.exe
Les Sims™ 2 La Vie en Appartement-->C:\Program Files\EA GAMES\Les Sims 2 La Vie en Appartement\EAUninstall.exe
Les Sims™ 2 Au fil des saisons-->C:\Program Files\EA GAMES\Les Sims 2 Au fil des saisons\EAUninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002-->MsiExec.exe /I{911B040C-6000-11D3-8CFE-0050048383C9}
Mise à jour critique pour Lecteur Windows Media 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Mission Equitation-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DA98964-804D-4DCF-AD6A-DE9D9EF3A825}\setup.exe" -l0x40c -removeonly
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NeroVision Express 2-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
Odebit Multimédia V3.2-->"C:\Program Files\Odebit Multimédia\V3.2\unins000.exe"
Orange WebTV Player 1.28884-->"C:\Program Files\Orange\Orange WebTV Player\unins000.exe"
Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0-->"C:\Program Files\Orban\AAC-aacPlus Plugin\unins000.exe"
P2P-Radio 2.0 - Windows Edition-->"C:\Program Files\P2P-Radio\unins000.exe"
Packard Bell InfoCentre-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{07A1C2E1-76DD-11D6-9922-009027E9C183}\setup.exe"
PeerTV 0.4.1-->"C:\Program Files\PeerTV\uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
ProtectDisc Driver, Version 11-->C:\Program Files\ProtectDisc Driver Installer\uninstall_v11.exe
PS TO USB CONVERTOR-->C:\PROGRA~1\PSTOUS~1\UNWISE.EXE C:\PROGRA~1\PSTOUS~1\INSTALL.LOG
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
SAGEM F@st 800-840-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}\Setup.exe" -l0x40c
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Spirit (remove only)-->"C:\Program Files\THQ\Spirit\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Titeuf Méga-Compet'-->"C:\Program Files\Atari\Titeuf\unins000.exe"
TMPGEnc DVD Author 1.5-->MsiExec.exe /I{4A8A0AE0-8F80-4621-AD2F-E2F8FE0CC7FD}
TuneUp Utilities 2006-->MsiExec.exe /I{868D7896-99D4-4513-BC62-2B3AD3E24926}
upapp-->MsiExec.exe /I{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Video Convert Master v3.1-->"C:\Program Files\Video Convert Master\unins000.exe"
VideoLAN VLC media player 0.8.6a-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtua Tennis-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EADF648F-1711-11D6-AFAD-0040052179B6}\setup.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinPcap 3.1 beta3-->"C:\Program Files\WinPcap\Uninstall.exe" "C:\Program Files\WinPcap\install.log"
WM Recorder + RM Recorder 10.1-->C:\WINDOWS\iun6002.exe "C:\Program Files\WM Recorder 10\irunin.ini"
Xvid 1.1.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Hosts File======

127.0.0.1
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: SN100951600004
Event Code: 62486
Message: Invalid parameters

Record Number: 738116
Source Name: ati2mtag
Time Written: 20090626233314.000000+120
Event Type: Informations
User:

Computer Name: SN100951600004
Event Code: 62486
Message: Invalid parameters

Record Number: 738115
Source Name: ati2mtag
Time Written: 20090626230020.000000+120
Event Type: Informations
User:

Computer Name: SN100951600004
Event Code: 62486
Message: Invalid parameters

Record Number: 738114
Source Name: ati2mtag
Time Written: 20090626230020.000000+120
Event Type: Informations
User:

Computer Name: SN100951600004
Event Code: 62486
Message: Invalid parameters

Record Number: 738113
Source Name: ati2mtag
Time Written: 20090626230020.000000+120
Event Type: Informations
User:

Computer Name: SN100951600004
Event Code: 62486
Message: Invalid parameters

Record Number: 738112
Source Name: ati2mtag
Time Written: 20090626230020.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: SN100951600004
Event Code: 5000
Message: Service McShield démarré.

Version du moteur : 5301.4018

Version du fichier DAT : 5666.0000



Nombre de signatures dans le fichier EXTRA.DAT : None

Nom des menaces pouvant être détectées par EXTRA.DAT : None

Record Number: 21958
Source Name: McLogEvent
Time Written: 20090705172543.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: SN100951600004
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 21957
Source Name: SecurityCenter
Time Written: 20090705172536.000000+120
Event Type: Informations
User:

Computer Name: SN100951600004
Event Code: 0
Message:
Record Number: 21956
Source Name: McAfee SiteAdvisor Service
Time Written: 20090705172514.000000+120
Event Type: Informations
User:

Computer Name: SN100951600004
Event Code: 105
Message: The service was started.

Record Number: 21955
Source Name: ATI Smart
Time Written: 20090705172501.000000+120
Event Type: Informations
User:

Computer Name: SN100951600004
Event Code: 101
Message: msnmsgr (1392) Le moteur de base de données est arrêté.

Record Number: 21954
Source Name: ESENT
Time Written: 20090705164440.000000+120
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\FICHIE~1\TVNAVI~1;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\ATI Technologies\ATI Control Panel
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=0a00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"="C:\Program Files\JavaSoft\JRE\1.3.1_01\lib\ext\QTJava.zip"
"QTJAVA"="C:\Program Files\JavaSoft\JRE\1.3.1_01\lib\ext\QTJava.zip"
"FP_NO_HOST_CHECK"=NO

-----------------EOF-----------------

   
Répondre à TITI5969

12

jacques.gache, le 5 jui 2009 à 21:50:23

As tu fais l'option 2 de findykill car j'ai pas vu le rapport je te demandais de faire l'option 2 ( suppression ) dans le message 5 si tu avais le rapport merci si tu ne la pas fais tu le fais et tu le poste , Merci Attention !! la surmultiplication de logiciels de sécurité n­e 
protège pas mieux voire peut engendrer des conflits et
des plantages. " mais chacun reste maître de son PC "

   
Répondre à jacques.gache

13

TITI5969, le 5 jui 2009 à 21:59:17

Le voici


############################## | FindyKill V6.002 |

# User : BRACQ (Administrateurs) # SN100951600004
# Update on 03/07/09 by Chiquitine29 & C_XX
# Start at: 17:25:56 | 05/07/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html

# AMD Athlon(tm) XP 2500+
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.11
# Windows Firewall Status : Disabled
# AV : McAfee VirusScan [ Enabled | Updated ]
# FW : McAfee Personal Firewall[ Enabled ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 70,52 Go (16,36 Go free) [HDD] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque CD-ROM
# F:\ # Disque fixe local # 4 Go (334,88 Mo free) [RESTDONE] # NTFS
# G:\ # Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\MSC\mcregist.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee\msc\mcoemmgr.exe
C:\WINDOWS\system32\ctfmon.exe

################## | Fichiers # Dossiers infectieux |


################## | C:\Documents and Settings\BRACQ\Temporary Internet Files |


################## | All Drives ... |

Supprimé ! C:\FLIPART.EXE
Supprimé ! C:\GETBOOTD.BAT

################## | Autres ... |


################## | Registre # Clés Run infectieuses |

Supprimé ! HKU\S-1-5-21-3280389273-3996981173-2354660383-1007\Software\UBISOFT

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{e1ae5b25-cad7-11dd-a1d7-000c7683fb91}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[27/02/2004 19:32|--a------|207] - C:\ace.log
[14/10/2004 22:18|--a------|291506] - C:\AnalysisLog.sr0
[04/03/2009 14:53|--ahs----|302] - C:\BOOT.INI
[30/08/2002 14:00|-rahs----|4952] - C:\Bootfont.bin
[19/11/2006 01:00|--a------|18137] - C:\checkrun.txt
[30/08/2002 14:00|-rahs----|249136] - C:\cmldr
[28/01/2007 22:06|--a------|4335] - C:\default.asp
[23/05/2007 16:38|--a------|34532] - C:\divx.log
[06/11/2003 17:12|--a------|6324] - C:\DWNLOG.TXT
[24/11/2007 21:00|--a------|157] - C:\error.txt
[23/02/2005 19:45|--a------|378] - C:\ezMDSetup_NEC_Silent.log
[23/02/2005 19:45|--a------|389] - C:\ezSetup.log
[05/07/2009 17:48|--a------|3379] - C:\FindyKill.txt
[23/01/2009 22:45|--a------|117] - C:\finfos.txt
[29/08/2002 16:03|--a------|6384] - C:\GETDRIVE.EXE
[30/06/2009 19:26|--a------|445009] - C:\hpfr3320.log
[01/09/2004 22:11|--a------|2352] - C:\INSTALL.LOG
[09/01/2004 17:37|-rahs----|0] - C:\IO.SYS
[06/11/2003 16:31|--ah-----|456] - C:\IPH.PH
[10/08/2006 13:27|--a------|3158] - C:\LogFile.log
[22/01/2009 21:24|--a------|647] - C:\mpeg.txt
[09/01/2004 17:37|-rahs----|0] - C:\MSDOS.SYS
[19/02/2005 13:57|-rahs----|47564] - C:\NTDETECT.COM
[19/07/2008 11:45|-rahs----|252240] - C:\ntldr
[||] - C:\pagefile.sys
[19/11/2006 01:05|--a------|3584] - C:\PclePctv300iPreview.failed.grf
[01/07/2009 13:53|--a------|2482] - C:\rapport.txt
[06/11/2003 16:20|--a------|20] - C:\realquas.TAG
[25/04/2008 22:10|--a------|159] - C:\Setup.log
[12/09/2006 21:16|--a------|1295] - C:\slmh.log
[14/06/2009 23:46|--ah-----|232] - C:\sqmdata00.sqm
[15/06/2009 19:04|--ah-----|232] - C:\sqmdata01.sqm
[01/07/2009 20:36|--ah-----|268] - C:\sqmdata02.sqm
[01/07/2009 20:36|--ah-----|232] - C:\sqmdata03.sqm
[01/07/2009 20:36|--ah-----|232] - C:\sqmdata04.sqm
[02/07/2009 19:15|--ah-----|268] - C:\sqmdata05.sqm
[05/07/2009 11:04|--ah-----|268] - C:\sqmdata06.sqm
[14/06/2009 23:25|--ah-----|232] - C:\sqmdata07.sqm
[14/06/2009 23:25|--ah-----|232] - C:\sqmdata08.sqm
[14/06/2009 23:25|--ah-----|232] - C:\sqmdata09.sqm
[14/06/2009 23:25|--ah-----|232] - C:\sqmdata10.sqm
[14/06/2009 23:26|--ah-----|232] - C:\sqmdata11.sqm
[14/06/2009 23:26|--ah-----|232] - C:\sqmdata12.sqm
[14/06/2009 23:26|--ah-----|232] - C:\sqmdata13.sqm
[14/06/2009 23:29|--ah-----|232] - C:\sqmdata14.sqm
[14/06/2009 23:29|--ah-----|232] - C:\sqmdata15.sqm
[14/06/2009 23:30|--ah-----|232] - C:\sqmdata16.sqm
[14/06/2009 23:30|--ah-----|232] - C:\sqmdata17.sqm
[14/06/2009 23:31|--ah-----|232] - C:\sqmdata18.sqm
[14/06/2009 23:46|--ah-----|232] - C:\sqmdata19.sqm
[14/06/2009 23:46|--ah-----|244] - C:\sqmnoopt00.sqm
[15/06/2009 19:04|--ah-----|244] - C:\sqmnoopt01.sqm
[01/07/2009 20:36|--ah-----|244] - C:\sqmnoopt02.sqm
[01/07/2009 20:36|--ah-----|244] - C:\sqmnoopt03.sqm
[01/07/2009 20:36|--ah-----|244] - C:\sqmnoopt04.sqm
[02/07/2009 19:15|--ah-----|244] - C:\sqmnoopt05.sqm
[05/07/2009 11:04|--ah-----|244] - C:\sqmnoopt06.sqm
[14/06/2009 23:25|--ah-----|244] - C:\sqmnoopt07.sqm
[14/06/2009 23:25|--ah-----|244] - C:\sqmnoopt08.sqm
[14/06/2009 23:25|--ah-----|244] - C:\sqmnoopt09.sqm
[14/06/2009 23:25|--ah-----|244] - C:\sqmnoopt10.sqm
[14/06/2009 23:26|--ah-----|244] - C:\sqmnoopt11.sqm
[14/06/2009 23:26|--ah-----|244] - C:\sqmnoopt12.sqm
[14/06/2009 23:26|--ah-----|244] - C:\sqmnoopt13.sqm
[14/06/2009 23:29|--ah-----|244] - C:\sqmnoopt14.sqm
[14/06/2009 23:29|--ah-----|244] - C:\sqmnoopt15.sqm
[14/06/2009 23:30|--ah-----|244] - C:\sqmnoopt16.sqm
[14/06/2009 23:30|--ah-----|244] - C:\sqmnoopt17.sqm
[14/06/2009 23:31|--ah-----|244] - C:\sqmnoopt18.sqm
[14/06/2009 23:46|--ah-----|244] - C:\sqmnoopt19.sqm
[24/05/2001 13:59|--a------|162304] - C:\UNWISE.EXE
[23/01/2009 23:10|--a------|205472] - C:\video.pass
[13/05/2009 20:23|--a------|183] - C:\VundoFix.txt

################## | Vaccination |

# C:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.
# F:\autorun.inf ( # Not infected ) -> Folder created by FindyKill.

################## | Etat / Services / Informations |

# Mode sans echec : OK


# Affichage des fichiers cachés : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

################## | PEH ... |


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # FindyKill V6.002 ! |

   
Répondre à TITI5969

14

jacques.gache, le 5 jui 2009 à 22:18:04

Ok poste un nouveau hijackthis pour finaliser le nettoyage , Merci Attention !! la surmultiplication de logiciels de sécurité n­e 
protège pas mieux voire peut engendrer des conflits et
des plantages. " mais chacun reste maître de son PC "

   
Répondre à jacques.gache

15

TITI5969, le 5 jui 2009 à 22:56:33

Je l'avais posté avant mais it's not a problem

Logfile of random's system information tool 1.06 (written by random/random)
Run by BRACQ at 2009-07-05 22:54:18
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 17 GB (23%) free of 72 GB
Total RAM: 1023 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:33, on 05/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\apps\ABoard\ABoard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\TITI\LOGICIEL\TROJAN\RSIT.exe
C:\Program Files\trend micro\BRACQ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0866c11f-a44a-426c-be51-0352201c6065} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/...
O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_8884.cab
O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} (Java Plug-in 1.3.1_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
End of file - 6884 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ADD77E6F9390FBF3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0866c11f-a44a-426c-be51-0352201c6065}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A114D52B-870C-4F15-8021-B6D7F91A054B}]
iFinger plugin / Browser helper object - C:\PROGRA~1\iFinger\plugins\IE.ifp [2001-07-09 349184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
"ACTIVBOARD"=c:\apps\ABoard\ABoard.exe [2003-05-02 24576]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-30 344064]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-08-28 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-31 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\loviheti.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95000000
"NoCD-Burning"=1
"NoLogoff"=0
"NoClose"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\WM Recorder 10\WMR90.exe"="C:\Program Files\WM Recorder 10\WMR90.exe:*:Disabled:Windows Media (TM) Stream Recorder"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\McAfee\MPF\MpfSrv.exe"="C:\Program Files\McAfee\MPF\MpfSrv.exe:*:Enabled:MPFSrv"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Fichiers communs\McAfee\McProxy\McProxy.exe"="C:\Program Files\Fichiers communs\McAfee\McProxy\McProxy.exe:*:Enabled:mcproxy"
"C:\WINDOWS\system32\FTRTSVC.exe"="C:\WINDOWS\system32\FTRTSVC.exe:*:Enabled:FTRTSVC"
"C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"="C:\Program Files\McAfee\SiteAdvisor\McSACore.exe:*:Enabled:McSACore"
"C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2009-07-05 17:49:00 ----RASHD---- C:\autorun.inf
2009-07-05 17:48:59 ----A---- C:\UsbFix.txt
2009-07-05 16:49:17 ----D---- C:\FindyKill
2009-07-05 01:46:17 ----D---- C:\Program Files\WinRAR
2009-07-05 01:35:55 ----D---- C:\rsit
2009-07-03 22:37:23 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-03 22:37:09 ----D---- C:\Documents and Settings\BRACQ\Application Data\SUPERAntiSpyware.com
2009-07-02 23:53:19 ----D---- C:\Documents and Settings\BRACQ\Application Data\Malwarebytes
2009-07-02 23:53:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-02 23:53:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-02 21:39:16 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\unacev2.dll
2009-07-01 15:52:06 ----D---- C:\Program Files\McAfee.com
2009-07-01 15:51:57 ----D---- C:\Program Files\Fichiers communs\McAfee
2009-07-01 15:51:40 ----D---- C:\Program Files\McAfee
2009-07-01 13:15:58 ----A---- C:\WINDOWS\system32\Process.exe
2009-06-24 11:26:05 ----D---- C:\Program Files\Microsoft Silverlight
2009-06-22 17:36:31 ----D---- C:\Documents and Settings\BRACQ\Application Data\Mindscape
2009-06-22 17:36:09 ----D---- C:\Program Files\Mindscape
2009-06-20 09:17:43 ----D---- C:\Program Files\Kellogg's Afrique
2009-06-10 10:39:07 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 10:38:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-10 10:38:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 10:38:39 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-03 17:51:48 ----D---- C:\Program Files\Kellogg's Amérique
2009-05-22 00:43:38 ----D---- C:\Documents and Settings\BRACQ\Application Data\Yahoo!
2009-05-21 22:58:27 ----D---- C:\Program Files\Mozilla Firefox
2009-05-21 18:23:40 ----D---- C:\Documents and Settings\BRACQ\Application Data\Mozilla
2009-05-20 18:10:07 ----D---- C:\Program Files\CCleaner
2009-05-18 23:37:11 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-05-14 00:06:11 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\swsc.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\swreg.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-05-13 23:56:57 ----A---- C:\WINDOWS\system32\tmp.txt
2009-05-13 23:56:39 ----A---- C:\rapport.txt
2009-05-13 19:48:28 ----A---- C:\VundoFix.txt
2009-05-13 16:53:55 ----D---- C:\Documents and Settings\BRACQ\Application Data\Talkback
2009-05-02 23:10:23 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-05-02 23:10:13 ----D---- C:\Program Files\Orange
2009-04-15 22:29:09 ----D---- C:\Documents and Settings\BRACQ\Application Data\ProtectDisc
2009-04-15 16:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 16:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 16:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 16:18:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 16:18:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 16:18:16 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

======List of files/folders modified in the last 3 months======

2009-07-05 22:54:21 ----D---- C:\WINDOWS\Temp
2009-07-05 22:54:21 ----D---- C:\Program Files\Trend Micro
2009-07-05 20:17:26 ----D---- C:\WINDOWS\Prefetch
2009-07-05 19:57:35 ----D---- C:\WINDOWS
2009-07-05 17:50:51 ----D---- C:\WINDOWS\system32
2009-07-05 17:50:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-05 17:49:33 ----SHD---- C:\RECYCLER
2009-07-05 17:25:01 ----D---- C:\WINDOWS\Debug
2009-07-05 17:24:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-05 15:21:37 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-05 12:40:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-05 01:46:17 ----RD---- C:\Program Files
2009-07-05 01:08:36 ----D---- C:\Config.Msi
2009-07-05 00:21:17 ----SHD---- C:\WINDOWS\Installer
2009-07-05 00:21:17 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-07-04 14:56:53 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-03 23:11:58 ----D---- C:\WINDOWS\system32\drivers
2009-07-01 16:49:31 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-07-01 16:49:19 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-07-01 16:49:14 ----HD---- C:\WINDOWS\inf
2009-07-01 16:02:26 ----SD---- C:\WINDOWS\Tasks
2009-07-01 15:51:57 ----D---- C:\Program Files\Fichiers communs
2009-06-24 17:59:31 ----D---- C:\WINDOWS\Microsoft.NET
2009-06-22 17:36:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-10 10:45:14 ----D---- C:\Program Files\Internet Explorer
2009-06-10 10:39:35 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-06-10 10:39:32 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-10 10:39:18 ----D---- C:\WINDOWS\ie7updates
2009-06-10 10:37:57 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-29 22:48:40 ----D---- C:\Documents and Settings\BRACQ\Application Data\Adobe
2009-05-23 23:14:16 ----D---- C:\WINDOWS\Help
2009-05-14 21:08:44 ----SHD---- C:\System Volume Information
2009-05-14 21:08:44 ----D---- C:\WINDOWS\system32\Restore
2009-05-14 13:35:56 ----D---- C:\Program Files\TuneUp Utilities 2006
2009-05-14 09:46:38 ----A---- C:\WINDOWS\wininit.ini
2009-05-07 17:33:02 ----N---- C:\WINDOWS\system32\localspl.dll
2009-05-02 23:10:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-02 23:10:32 ----D---- C:\WINDOWS\system32\DirectX
2009-04-29 06:45:44 ----A---- C:\WINDOWS\system32\wininet.dll
2009-04-29 06:45:43 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-04-29 06:45:43 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-04-29 06:45:43 ----A---- C:\WINDOWS\system32\url.dll
2009-04-29 06:45:42 ----N---- C:\WINDOWS\system32\occache.dll
2009-04-29 06:45:42 ----N---- C:\WINDOWS\system32\mstime.dll
2009-04-29 06:45:42 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-04-29 06:45:42 ----A---- C:\WINDOWS\system32\msrating.dll
2009-04-29 06:45:42 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-04-29 06:45:41 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-04-29 06:45:40 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-04-29 06:45:40 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-04-29 06:45:39 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-04-29 06:45:38 ----N---- C:\WINDOWS\system32\iernonce.dll
2009-04-29 06:45:38 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-04-29 06:45:38 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-04-29 06:45:36 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-04-29 06:45:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-04-29 06:45:35 ----A---- C:\WINDOWS\system32\icardie.dll
2009-04-29 06:45:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-04-29 06:45:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-04-29 06:45:34 ----A---- C:\WINDOWS\system32\advpack.dll
2009-04-28 11:06:24 ----N---- C:\WINDOWS\system32\ieudinit.exe
2009-04-28 11:06:24 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-04-25 07:26:23 ----N---- C:\WINDOWS\system32\ieakui.dll
2009-04-15 22:13:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-15 20:06:10 ----D---- C:\WINDOWS\system32\wbem
2009-04-15 20:06:10 ----D---- C:\WINDOWS\AppPatch
2009-04-15 16:53:29 ----A---- C:\WINDOWS\system32\rpcrt4.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 11264]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-10-10 52128]
R1 vcsmpdrv;vcsmpdrv; C:\WINDOWS\System32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-10-11 278984]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-04-27 18048]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-21 462940]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-02-09 19200]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-31 1333760]
R3 axsaki;axsaki; C:\WINDOWS\system32\DRIVERS\axsaki.sys [2003-03-30 102624]
R3 axskbus;axskbus; C:\WINDOWS\system32\DRIVERS\axskbus.sys [2003-03-28 8640]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-04-24 41984]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2003-01-21 210024]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2003-01-17 507008]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2003-01-17 39348]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys); C:\WINDOWS\System32\Drivers\e4ldr.sys [2006-03-02 63555]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture; C:\WINDOWS\System32\Drivers\M9205.sys [2005-10-14 70272]
S3 e4usbaw;USB ADSL2 WAN Adapter; C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 114616]
S3 gel90xne;gel90xne; \??\C:\DOCUME~1\BRACQ\LOCALS~1\Temp\gel90xne.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-09-26 20240]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-09-26 35472]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-09-26 37392]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-09-26 28816]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX; C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 37248]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2003-01-21 1290312]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2004-05-14 32896]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2003-01-17 162136]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 RecAgent;recagent; \??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2003-01-21 84784]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS []
S3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-31 376832]
R2 CanalPlus.VOD;CanalPlus.VOD; C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2009-04-29 188416]
R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 UxTuneUp;Extension de conception TuneUp; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version); C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-30 516096]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-01-17 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2004-05-14 86016]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

   
Répondre à TITI5969

16

TITI5969, le 5 jui 2009 à 22:57:18

Et l'info au cas ou

Logfile of random's system information tool 1.06 (written by random/random)
Run by BRACQ at 2009-07-05 22:54:18
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 17 GB (23%) free of 72 GB
Total RAM: 1023 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:33, on 05/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\apps\ABoard\ABoard.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\AOSD.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
F:\TITI\LOGICIEL\TROJAN\RSIT.exe
C:\Program Files\trend micro\BRACQ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0866c11f-a44a-426c-be51-0352201c6065} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/...
O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_8884.cab
O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} (Java Plug-in 1.3.1_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
End of file - 6884 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\ADD77E6F9390FBF3.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0866c11f-a44a-426c-be51-0352201c6065}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A114D52B-870C-4F15-8021-B6D7F91A054B}]
iFinger plugin / Browser helper object - C:\PROGRA~1\iFinger\plugins\IE.ifp [2001-07-09 349184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-15 57344]
"ACTIVBOARD"=c:\apps\ABoard\ABoard.exe [2003-05-02 24576]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-08-30 344064]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-08-03 582992]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-08-28 98304]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-08-31 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\loviheti.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=95000000
"NoCD-Burning"=1
"NoLogoff"=0
"NoClose"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\WM Recorder 10\WMR90.exe"="C:\Program Files\WM Recorder 10\WMR90.exe:*:Disabled:Windows Media (TM) Stream Recorder"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\McAfee\MPF\MpfSrv.exe"="C:\Program Files\McAfee\MPF\MpfSrv.exe:*:Enabled:MPFSrv"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Fichiers communs\McAfee\McProxy\McProxy.exe"="C:\Program Files\Fichiers communs\McAfee\McProxy\McProxy.exe:*:Enabled:mcproxy"
"C:\WINDOWS\system32\FTRTSVC.exe"="C:\WINDOWS\system32\FTRTSVC.exe:*:Enabled:FTRTSVC"
"C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"="C:\Program Files\McAfee\SiteAdvisor\McSACore.exe:*:Enabled:McSACore"
"C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 3 months======

2009-07-05 17:49:00 ----RASHD---- C:\autorun.inf
2009-07-05 17:48:59 ----A---- C:\UsbFix.txt
2009-07-05 16:49:17 ----D---- C:\FindyKill
2009-07-05 01:46:17 ----D---- C:\Program Files\WinRAR
2009-07-05 01:35:55 ----D---- C:\rsit
2009-07-03 22:37:23 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-03 22:37:09 ----D---- C:\Documents and Settings\BRACQ\Application Data\SUPERAntiSpyware.com
2009-07-02 23:53:19 ----D---- C:\Documents and Settings\BRACQ\Application Data\Malwarebytes
2009-07-02 23:53:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-02 23:53:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-02 21:39:16 ----D---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2009-07-02 20:00:21 ----A---- C:\WINDOWS\system32\unacev2.dll
2009-07-01 15:52:06 ----D---- C:\Program Files\McAfee.com
2009-07-01 15:51:57 ----D---- C:\Program Files\Fichiers communs\McAfee
2009-07-01 15:51:40 ----D---- C:\Program Files\McAfee
2009-07-01 13:15:58 ----A---- C:\WINDOWS\system32\Process.exe
2009-06-24 11:26:05 ----D---- C:\Program Files\Microsoft Silverlight
2009-06-22 17:36:31 ----D---- C:\Documents and Settings\BRACQ\Application Data\Mindscape
2009-06-22 17:36:09 ----D---- C:\Program Files\Mindscape
2009-06-20 09:17:43 ----D---- C:\Program Files\Kellogg's Afrique
2009-06-10 10:39:07 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 10:38:59 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-10 10:38:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 10:38:39 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-03 17:51:48 ----D---- C:\Program Files\Kellogg's Amérique
2009-05-22 00:43:38 ----D---- C:\Documents and Settings\BRACQ\Application Data\Yahoo!
2009-05-21 22:58:27 ----D---- C:\Program Files\Mozilla Firefox
2009-05-21 18:23:40 ----D---- C:\Documents and Settings\BRACQ\Application Data\Mozilla
2009-05-20 18:10:07 ----D---- C:\Program Files\CCleaner
2009-05-18 23:37:11 ----A---- C:\WINDOWS\system32\MRT.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-05-14 00:06:26 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-05-14 00:06:11 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\swsc.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\swreg.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-05-14 00:05:55 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-05-13 23:56:57 ----A---- C:\WINDOWS\system32\tmp.txt
2009-05-13 23:56:39 ----A---- C:\rapport.txt
2009-05-13 19:48:28 ----A---- C:\VundoFix.txt
2009-05-13 16:53:55 ----D---- C:\Documents and Settings\BRACQ\Application Data\Talkback
2009-05-02 23:10:23 ----A---- C:\WINDOWS\system32\d3dx9_36.dll
2009-05-02 23:10:13 ----D---- C:\Program Files\Orange
2009-04-15 22:29:09 ----D---- C:\Documents and Settings\BRACQ\Application Data\ProtectDisc
2009-04-15 16:19:18 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-04-15 16:19:11 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-04-15 16:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-04-15 16:18:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-04-15 16:18:31 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2009-04-15 16:18:16 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$

======List of files/folders modified in the last 3 months======

2009-07-05 22:54:21 ----D---- C:\WINDOWS\Temp
2009-07-05 22:54:21 ----D---- C:\Program Files\Trend Micro
2009-07-05 20:17:26 ----D---- C:\WINDOWS\Prefetch
2009-07-05 19:57:35 ----D---- C:\WINDOWS
2009-07-05 17:50:51 ----D---- C:\WINDOWS\system32
2009-07-05 17:50:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-05 17:49:33 ----SHD---- C:\RECYCLER
2009-07-05 17:25:01 ----D---- C:\WINDOWS\Debug
2009-07-05 17:24:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-05 15:21:37 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-05 12:40:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-05 01:46:17 ----RD---- C:\Program Files
2009-07-05 01:08:36 ----D---- C:\Config.Msi
2009-07-05 00:21:17 ----SHD---- C:\WINDOWS\Installer
2009-07-05 00:21:17 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-07-04 14:56:53 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-03 23:11:58 ----D---- C:\WINDOWS\system32\drivers
2009-07-01 16:49:31 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-07-01 16:49:19 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-07-01 16:49:14 ----HD---- C:\WINDOWS\inf
2009-07-01 16:02:26 ----SD---- C:\WINDOWS\Tasks
2009-07-01 15:51:57 ----D---- C:\Program Files\Fichiers communs
2009-06-24 17:59:31 ----D---- C:\WINDOWS\Microsoft.NET
2009-06-22 17:36:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-10 10:45:14 ----D---- C:\Program Files\Internet Explorer
2009-06-10 10:39:35 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-06-10 10:39:32 ----D---- C:\WINDOWS\system32\fr-fr
2009-06-10 10:39:18 ----D---- C:\WINDOWS\ie7updates
2009-06-10 10:37:57 ----HD---- C:\WINDOWS\$hf_mig$
2009-05-29 22:48:40 ----D---- C:\Documents and Settings\BRACQ\Application Data\Adobe
2009-05-23 23:14:16 ----D---- C:\WINDOWS\Help
2009-05-14 21:08:44 ----SHD---- C:\System Volume Information
2009-05-14 21:08:44 ----D---- C:\WINDOWS\system32\Restore
2009-05-14 13:35:56 ----D---- C:\Program Files\TuneUp Utilities 2006
2009-05-14 09:46:38 ----A---- C:\WINDOWS\wininit.ini
2009-05-07 17:33:02 ----N---- C:\WINDOWS\system32\localspl.dll
2009-05-02 23:10:39 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-05-02 23:10:32 ----D---- C:\WINDOWS\system32\DirectX
2009-04-29 06:45:44 ----A---- C:\WINDOWS\system32\wininet.dll
2009-04-29 06:45:43 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-04-29 06:45:43 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-04-29 06:45:43 ----A---- C:\WINDOWS\system32\url.dll
2009-04-29 06:45:42 ----N---- C:\WINDOWS\system32\occache.dll
2009-04-29 06:45:42 ----N---- C:\WINDOWS\system32\mstime.dll
2009-04-29 06:45:42 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-04-29 06:45:42 ----A---- C:\WINDOWS\system32\msrating.dll
2009-04-29 06:45:42 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-04-29 06:45:41 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-04-29 06:45:40 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-04-29 06:45:40 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-04-29 06:45:39 ----A---- C:\WINDOWS\system32\jsproxy.dll
2009-04-29 06:45:38 ----N---- C:\WINDOWS\system32\iernonce.dll
2009-04-29 06:45:38 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-04-29 06:45:38 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-04-29 06:45:36 ----N---- C:\WINDOWS\system32\ieencode.dll
2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\ieaksie.dll
2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\ieakeng.dll
2009-04-29 06:45:35 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-04-29 06:45:35 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-04-29 06:45:35 ----A---- C:\WINDOWS\system32\icardie.dll
2009-04-29 06:45:34 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-04-29 06:45:34 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-04-29 06:45:34 ----A---- C:\WINDOWS\system32\advpack.dll
2009-04-28 11:06:24 ----N---- C:\WINDOWS\system32\ieudinit.exe
2009-04-28 11:06:24 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-04-25 07:26:23 ----N---- C:\WINDOWS\system32\ieakui.dll
2009-04-15 22:13:45 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-15 20:06:10 ----D---- C:\WINDOWS\system32\wbem
2009-04-15 20:06:10 ----D---- C:\WINDOWS\AppPatch
2009-04-15 16:53:29 ----A---- C:\WINDOWS\system32\rpcrt4.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-08-06 11264]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2003-10-10 52128]
R1 vcsmpdrv;vcsmpdrv; C:\WINDOWS\System32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
R2 acedrv11;acedrv11; \??\C:\WINDOWS\system32\drivers\acedrv11.sys []
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-10-11 278984]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2005-04-21 10624]
R2 enodpl;enodpl; C:\WINDOWS\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2007-04-27 18048]
R2 tandpl;tandpl; C:\WINDOWS\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-14 404736]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-21 462940]
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2006-02-09 19200]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-08-31 1333760]
R3 axsaki;axsaki; C:\WINDOWS\system32\DRIVERS\axsaki.sys [2003-03-30 102624]
R3 axskbus;axskbus; C:\WINDOWS\system32\DRIVERS\axskbus.sys [2003-03-28 8640]
R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2003-04-24 41984]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2003-01-21 210024]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2003-01-17 507008]
R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2003-01-17 39348]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Pilote HID de clavier; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14720]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys); C:\WINDOWS\System32\Drivers\e4ldr.sys [2006-03-02 63555]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DSDrv4;DSDrv4; \??\C:\PROGRA~1\K!TV\Plugins\S_Bt8x8\DSDrv4.sys []
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture; C:\WINDOWS\System32\Drivers\M9205.sys [2005-10-14 70272]
S3 e4usbaw;USB ADSL2 WAN Adapter; C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 114616]
S3 gel90xne;gel90xne; \??\C:\DOCUME~1\BRACQ\LOCALS~1\Temp\gel90xne.sys []
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-09-26 20240]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-09-26 35472]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-09-26 37392]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-09-26 28816]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX; C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 37248]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2003-01-21 1290312]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\System32\DRIVERS\NMnt.sys [2008-04-13 40320]
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2004-05-14 32896]
S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2003-01-17 162136]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []
S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 RecAgent;recagent; \??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys []
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2003-01-21 84784]
S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMIDSCO;SYMIDSCO; \??\C:\WINDOWS\System32\Drivers\SYMIDSCO.SYS []
S3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-08-31 376832]
R2 CanalPlus.VOD;CanalPlus.VOD; C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2009-04-29 188416]
R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe [2003-06-20 322120]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 UxTuneUp;Extension de conception TuneUp; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version); C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2005-08-30 516096]
S2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-01-17 45056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2004-05-14 86016]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

   
Répondre à TITI5969

17

jacques.gache, le 5 jui 2009 à 23:12:23

Bon je te demandais un hijackthis pas un RSIT mais pas grave tu fais ce qui suis pour OTM tu posteras le rapports et la tu mettras un HIJACKTHIS , merci

1) déactives la protection résidente de spybot pour pas qu'il nous bloque le fixe
quand tu le réactiveras possible qu'il te demande d'accepter ou pas les modifications il faudra les accepter toutes
pour t'aider au cas ou : http://www.safer-networking.org/fr/howto/disable.hs.html


2) pour OTM

Télécharge OTM de OldTimer sur ton Bureau en cliquant sur ce lien :

http://oldtimer.geekstogo.com/OTM.exe


Double-clique sur OTM.exe pour le lancer.Si tu utilises Vista, fais un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur

Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.

Copie la liste qui se trouve en gras ci-dessous,

et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".


:processes
explorer.exe


:services
FTRTSVC

:files
c:\windows\system32\loviheti.dll
C:\WINDOWS\system32\tmp.txt
C:\WINDOWS\System32\FTRTSVC.exe

:commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Clique sur "MoveIt!" pour lancer la suppression.

Le résultat apparaitra dans le cadre "Results".

Clique sur "Exit" pour fermer.

Poste le rapport situé dans C:\_OTM\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .

Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.



3) postes un HIJACTHIS
il est présent sur ton pc car RSIT le télécharge pour son rapport tu le trouveras ici: C:\Program Files\trend micro\BRACQ.exe
.tu double cliques sur BRACQ.exe pour le lancer
.Cliques sur "Do a system scan and save the logfile"
.Cela va t'ouvrir un bloc note à la fin du scan.
.Copie son contenu et poste le dans ton prochain message. sinon le rapport est dans C:\Program Files\Trend Micro\HijackThis\ hijackthis "document texte"
Attention !! la surmultiplication de logiciels de sécurité ne 
protège pas mieux voire peut engendrer des conflits et
des plantages. " mais chacun reste maître de son PC "

   
Répondre à jacques.gache

18

TITI5969, le 5 jui 2009 à 23:45:09

En esperant que c'est bon

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========

Service\Driver FTRTSVC deleted successfully.
========== FILES ==========
File/Folder c:\windows\system32\loviheti.dll not found.
C:\WINDOWS\system32\tmp.txt moved successfully.
C:\WINDOWS\System32\FTRTSVC.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 188293 bytes

User: All Users

User: BRACQ
->Temp folder emptied: 61731 bytes
->Temporary Internet Files folder emptied: 200142 bytes
->Java cache emptied: 406768 bytes
->FireFox cache emptied: 36118124 bytes
->Google Chrome cache emptied: 448049 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 65938 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Propriétaire

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 43 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 35,82 mb


OTM by OldTimer - Version 3.0.0.4 log created on 07052009_233518

Files moved on Reboot...

Registry entries deleted on Reboot...

   
Répondre à TITI5969

19

TITI5969, le 5 jui 2009 à 23:48:15

Voila c'est fait
Je te remercie pour ton aide mais vu l'heure je vais me coucher, y'a boulot demain
Merci encore et bonne nuit

A demain je pense



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:24, on 05/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\BRACQ.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {0866c11f-a44a-426c-be51-0352201c6065} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\PROGRA~1\iFinger\plugins\IE.ifp
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/...
O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_8884.cab
O16 - DPF: {CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} (Java Plug-in 1.3.1_01) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CanalPlus.VOD - Canal+ Active - C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
End of file - 6650 bytes

   
Répondre à TITI5969
35 réponses 12 Suivant
Posez votre question Répondre
Ils ont besoin de votre aide