Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Infection de mon PC (trojan) rapport joint

Dernière réponse le 18 déc 2008 à 22:00:19 iceti76, le 16 déc 2008 à 11:54:56

Signaler ce message aux modérateurs

Bonjour,
j'ai un soucis de blocage de mon navigateur FIREFOX. Internet Explorer lui m'ouvre des fenetres non souhaitées.
Avast m'a envoyé avant des alertes sur des connections douteuses mais n'a manifestement pas pu bloquer l'infection.
Je vous joints le rapport :
-HIJACKTHIS pour une aide sur les moyens à utiliser pour la désinfection.
-Les dernières alertes AVAST

Merci de votre aide

AVAST
Sign of "VBS:Malware-gen" has been found in "C:\Documents and Settings\All Users\Documents\XXX.folder" file.
30/12/2008 23:01:56 SYSTEM 1536 Sign of "JS:FakeAV-A [Trj]" has been found in "http://pro-scanner-online.com/2009/1/fr/_freescan.php?nu=770522170802" file.
30/12/2008 12:19:00 SYSTEM 1536 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUMENTS AND SETTINGS\T!BO\APPLICATION DATA\MICROSOFT\MODèLES\NORMAL.DOT (C:\DOCUMENTS AND SETTINGS\T!BO\APPLICATION DATA\MICROSOFT\MODèLES\NORMAL.DOT) returning error, 00000005.
30/12/2008 09:44:50 SYSTEM 1536 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUME~1\DELPHINE\LOCALS~1\TEMP\~DF432B.TMP (C:\DOCUME~1\DELPHINE\LOCALS~1\TEMP\~DF432B.TMP) returning error, 00000005.
29/12/2008 18:49:21 SYSTEM 1508 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUMENTS AND SETTINGS\T!BO\APPLICATION DATA\THUNDERBIRD\PROFILES\AK4D2F88.DEFAULT\PREFS.JS (C:\DOCUMENTS AND SETTINGS\T!BO\APPLICATION DATA\THUNDERBIRD\PROFILES\AK4D2F88.DEFAULT\PREFS.JS) returning error, 00000005.
29/12/2008 16:51:25 SYSTEM 1508 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: C:\DOCUMENTS AND SETTINGS\T!BO\APPLICATION DATA\MICROSOFT\MODèLES\NORMAL.DOT (C:\DOCUMENTS AND SETTINGS\T!BO\APPLICATION DATA\MICROSOFT\MODèLES\NORMAL.DOT) returning error, 00000005.
14/12/2008 18:20:05 SYSTEM 1572 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\SYSTEM32\DIYORINU.DLL" file.
13/12/2008 18:13:44 SYSTEM 1568 Sign of "HTML:Iframe-inf" has been found in "http://bigmp3online.com/?sid=aff0043\?sid=aff0043" file.
10/12/2008 20:49:50 SYSTEM 1572 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\SYSTEM32\VANUVERA.DLL" file.
09/12/2008 21:37:46 SYSTEM 1580 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\SYSTEM32\VANUVERA.DLL" file.
09/12/2008 09:59:13 SYSTEM 1580 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\SYSTEM32\VANUVERA.DLL" file.
07/12/2008 16:44:45 SYSTEM 1572 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\SYSTEM32\VANUVERA.DLL" file.
07/12/2008 16:44:45 SYSTEM 1572 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\SYSTEM32\VANUVERA.DLL" file.
07/12/2008 16:17:43 SYSTEM 1572 Sign of "JS:FakeAV-A [Trj]" has been found in "http://antivirus-computer-scan.com/2009/1/fr/_freescan.php?nu=770522170802" file.
07/12/2008 13:37:40 SYSTEM 1572 Sign of "JS:FakeAV-A [Trj]" has been found in "http://antivirus-computer-scan.com/2009/1/fr/_freescan.php?nu=770522170802" file.
07/12/2008 12:12:51 SYSTEM 1572 Sign of "JS:FakeAV-A [Trj]" has been found in "http://antivirus-computer-scan.com/2009/1/fr/_freescan.php?nu=770522170802" file.
07/12/2008 09:15:59 SYSTEM 1572 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\SYSTEM32\VANUVERA.DLL" file.
06/12/2008 18:04:47 SYSTEM 1580 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\SYSTEM32\VANUVERA.DLL" file.
05/12/2008 14:59:25 SYSTEM 1532 Sign of "JS:FakeAV-A [Trj]" has been found in "http://antivirus-computer-scan.com/2009/1/fr/_freescan.php?nu=770522170802" file.
05/12/2008 11:44:32 SYSTEM 1532 Sign of "JS:FakeAV-A [Trj]" has been found in "http://antivirus-computer-scan.com/2009/1/fr/_freescan.php?nu=770522170802" file.
04/12/2008 21:45:55 SYSTEM 1576 Sign of "JS:FakeAV-A [Trj]" has been found in "http://pro-scanner-online.com/2009/1/fr/_freescan.php?nu=770522170802" file.
04/12/2008 17:01:48 SYSTEM 1576 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\tukusoki.dll" file.
04/12/2008 17:01:44 SYSTEM 1576 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\tukusoki.dll" file.
04/12/2008 17:01:34 SYSTEM 1576 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\tukusoki.dll" file.
04/12/2008 17:01:23 SYSTEM 1576 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\SYSTEM32\TUKUSOKI.DLL" file.

HIJACKTHIS
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:10:36, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Apps\Softex\OmniPass\scureapp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://click.real.com/?href=http://www.film.com&pageid=IPM_mov_020807
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {f1ea43b1-f174-4dbd-960b-60fc8e6003fb} - C:\WINDOWS\system32\fuwoduke.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [EULA] C:\APPS\PB_TB\EULALauncher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [c0f01e4f] rundll32.exe "C:\WINDOWS\system32\zawibavu.dll",b
O4 - HKLM\..\Run: [bafubebeno] Rundll32.exe "C:\WINDOWS\system32\wutivoba.dll",s
O4 - HKLM\..\Run: [CPMc3c32dd3] Rundll32.exe "c:\windows\system32\mekijoru.dll",a
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [CPMc3c32dd3] Rundll32.exe "c:\windows\system32\mekijoru.dll",a
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0936C226-212F-4E7B-80E0-26F43A4556A3}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{0936C226-212F-4E7B-80E0-26F43A4556A3}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{0936C226-212F-4E7B-80E0-26F43A4556A3}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{0936C226-212F-4E7B-80E0-26F43A4556A3}: NameServer = 212.27.54.252,212.27.53.252
O20 - AppInit_DLLs: c:\windows\system32\basukavu.dll c:\windows\system32\wiwuzoza.dll c:\windows\system32\zinakumu.dll c:\windows\system32\mekijoru.dll c:\windows\system32\jigefuwi.dll C:\WINDOWS\system32\wadavuro.dll c:\windows\system32\meseleru.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\basukavu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\basukavu.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
End of file - 10628 bytes

Merci de votre aide
T!bO

Configuration: Windows XP
Firefox et Internet Explorer 6.0

Meilleures réponses pour « Infection de mon PC (trojan) rapport joint » dans :

Infection,pc bloqué,téléchargement impossible (Résolu) Voir

Pc infecté virus bagle rapport findykill Voir

Infecté par Trojan.DNSChanger (Résolu) Voir

Infecté par Trojan Skintrim - Plus Internet (Résolu) Voir

PC infecter par trojan W32 Looksky (Résolu) Voir

[virus] infecté par trojan.dropper vb (Résolu) Voir

Posez votre question Répondre

sKe69, le 16 déc 2008 à 12:03:27

Salut,

belle infection Vundo avec en prime une infection par support amovible ...

fais ceci pour approfondir Hijackthis :

Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Ferme bien toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...

( Note : Si la dernière version de HijackThis n'est pas détectée sur ton PC, RSIT le téléchargera et te demandera d'accepter la licence.)

-> laisse faire le scan et ne touche pas au PC ...

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante ... si tu essaies de poster les deux en même temps,
cela risque d'être trop long pour le forum ...
Et si "log.txt" seul, ne passe pas non plus , fais le en 2 fois ... merci ...

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )

"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne
vous l'a pas dit !

Répondre à sKe69

iceti76, le 16 déc 2008 à 12:18:02

Bonjour Ske69
Voici le premier rapport:

Logfile of random's system information tool 1.04 (written by random/random)
Run by T!bO at 2008-12-16 12:13:13
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 116 GB (39%) free of 297 GB
Total RAM: 2046 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:13:17, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Apps\Softex\OmniPass\scureapp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
G:\telechargement\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\T!bO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/...
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://click.real.com/?href=http://www.film.com&pageid=IPM_mov_020807
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {f1ea43b1-f174-4dbd-960b-60fc8e6003fb} - C:\WINDOWS\system32\fuwoduke.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [EULA] C:\APPS\PB_TB\EULALauncher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [c0f01e4f] rundll32.exe "C:\WINDOWS\system32\zawibavu.dll",b
O4 - HKLM\..\Run: [bafubebeno] Rundll32.exe "C:\WINDOWS\system32\wutivoba.dll",s
O4 - HKLM\..\Run: [CPMc3c32dd3] Rundll32.exe "c:\windows\system32\zinakumu.dll",a
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [CPMc3c32dd3] Rundll32.exe "c:\windows\system32\mekijoru.dll",a
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0936C226-212F-4E7B-80E0-26F43A4556A3}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{0936C226-212F-4E7B-80E0-26F43A4556A3}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{0936C226-212F-4E7B-80E0-26F43A4556A3}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{0936C226-212F-4E7B-80E0-26F43A4556A3}: NameServer = 212.27.54.252,212.27.53.252
O20 - AppInit_DLLs: c:\windows\system32\basukavu.dll c:\windows\system32\wiwuzoza.dll c:\windows\system32\zinakumu.dll c:\windows\system32\mekijoru.dll c:\windows\system32\jigefuwi.dll C:\WINDOWS\system32\wadavuro.dll c:\windows\system32\meseleru.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mekijoru.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\mekijoru.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
End of file - 10631 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-28 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-28 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-28 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f1ea43b1-f174-4dbd-960b-60fc8e6003fb}]
C:\WINDOWS\system32\fuwoduke.dll [2008-09-16 68325]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"DriveIcons"=C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe [2005-12-09 656896]
"NECHotkey"=C:\WINDOWS\mHotkey.exe [2006-01-11 548864]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-28 16248320]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ATICCC"=c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-28 136600]
"ATSwpNav"=C:\Program Files\Fingerprint Sensor\ATSwpNav -run []
"DetectorApp"=C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe [2005-10-20 102400]
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup []
"ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe -start []
"OmniPass"=C:\Apps\Softex\OmniPass\scureapp.exe [2005-08-12 1859584]
"EULA"=C:\APPS\PB_TB\EULALauncher.exe [2006-09-29 18944]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"VX6000"=C:\WINDOWS\vVX6000.exe [2006-10-13 994096]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2006-10-13 277296]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-09-26 267064]
"c0f01e4f"=C:\WINDOWS\system32\zawibavu.dll [2008-12-16 90172]
"bafubebeno"=C:\WINDOWS\system32\wutivoba.dll [2008-09-16 68325]
"CPMc3c32dd3"=c:\windows\system32\wiwuzoza.dll [2008-12-12 90241]
"OoPDFSettingsv6.exe"=C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe [2006-12-28 493568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SmpcSys"=C:\APPS\SMP\SmpSys.exe [2005-11-17 975360]
"CPMc3c32dd3"=c:\windows\system32\mekijoru.dll [2008-12-13 91233]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
OFFICE One Notes v6.5.lnk - C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="c:\windows\system32\basukavu.dll c:\windows\system32\wiwuzoza.dll c:\windows\system32\zinakumu.dll c:\windows\system32\mekijoru.dll c:\windows\system32\jigefuwi.dll C:\WINDOWS\system32\wadavuro.dll c:\windows\system32\meseleru.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-07-18 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Apps\Softex\OmniPass\opxpgina.dll [2005-08-12 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wiwuzoza.dll [2008-12-12 90241]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\wiwuzoza.dll [2008-12-12 90241]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
C:\WINDOWS\system32\wadavuro.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInternetIcon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\Program Files\adslTV\adslTV.exe"="C:\Program Files\adslTV\adslTV.exe:*:Enabled:adslTV"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\FileZilla\FileZilla.exe"="C:\Program Files\FileZilla\FileZilla.exe:*:Enabled:FileZilla"
"C:\Program Files\AOL 9.0\aol.exe"="C:\Program Files\AOL 9.0\aol.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL 9.0"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\APPS\Inventime\my.exe"="C:\APPS\Inventime\my.exe:*:Disabled:INVENTIME"
"C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Disabled:PANDORA"
"C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Disabled:SPLINTER CELL PANDORA"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Java\jre6\bin\jqs.exe"="C:\Program Files\Java\jre6\bin\jqs.exe:*:Enabled:jqs"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe:*:Enabled:ashMaiSv"
"C:\Program Files\Microsoft LifeCam\MSCamS32.exe"="C:\Program Files\Microsoft LifeCam\MSCamS32.exe:*:Enabled:MSCamS32"
"C:\WINDOWS\system32\wbem\wmiapsrv.exe"="C:\WINDOWS\system32\wbem\wmiapsrv.exe:*:Enabled:wmiapsrv"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:userinit"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:thunderbird"
"C:\Program Files\Packard Bell\SrvCDEject.exe"="C:\Program Files\Packard Bell\SrvCDEject.exe:*:Enabled:SrvCDEject"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1105e106-8c41-11dd-acbf-001731731699}]
shell\AutoRun\command - E:\LaunchU3.exe -a

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 2 months======

2009-01-01 08:53:13 ----SH---- C:\WINDOWS\system32\asopifov.ini
2008-12-30 18:34:31 ----SH---- C:\WINDOWS\system32\obapiwol.ini
2008-12-28 08:18:36 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-28 08:18:36 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-28 08:18:36 ----A---- C:\WINDOWS\system32\java.exe
2008-12-28 08:18:36 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-16 12:13:13 ----D---- C:\rsit
2008-12-16 11:09:18 ----D---- C:\Program Files\Trend Micro
2008-12-16 10:43:11 ----SH---- C:\WINDOWS\system32\uvabiwaz.ini
2008-12-14 15:37:47 ----SH---- C:\WINDOWS\system32\egamihip.ini
2008-12-13 18:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-13 18:20:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-13 18:19:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-13 18:19:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-13 18:18:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-13 17:35:40 ----A---- C:\WINDOWS\system32\SET91.tmp
2008-12-13 17:35:38 ----A---- C:\WINDOWS\system32\SET93.tmp
2008-12-13 17:35:38 ----A---- C:\WINDOWS\system32\SET92.tmp
2008-12-13 17:35:37 ----A---- C:\WINDOWS\system32\SET94.tmp
2008-12-13 14:49:20 ----SH---- C:\WINDOWS\system32\enijokir.ini
2008-12-12 11:01:24 ----SH---- C:\WINDOWS\system32\uniroyid.ini
2008-12-12 10:02:34 ----SH---- C:\WINDOWS\system32\uwihumoz.ini
2008-12-10 10:46:56 ----SH---- C:\WINDOWS\system32\udekukev.ini
2008-12-09 09:59:34 ----SH---- C:\WINDOWS\system32\utodejey.ini
2008-12-07 09:16:16 ----SH---- C:\WINDOWS\system32\evefapum.ini
2008-12-06 10:37:47 ----SH---- C:\WINDOWS\system32\igidobum.ini
2008-12-05 21:08:10 ----SH---- C:\WINDOWS\system32\udolaziv.ini
2008-12-05 19:17:46 ----A---- C:\WINDOWS\system32\~.exe
2008-12-05 17:23:47 ----SH---- C:\WINDOWS\system32\obavibut.tmp
2008-12-05 08:13:41 ----SH---- C:\WINDOWS\system32\obavibut.ini
2008-12-04 17:42:26 ----SH---- C:\WINDOWS\system32\oheroyem.ini
2008-12-03 11:01:51 ----SH---- C:\WINDOWS\system32\ikosukut.ini
2008-12-02 23:01:22 ----SH---- C:\WINDOWS\system32\ugogefup.ini
2008-12-02 11:01:15 ----SH---- C:\WINDOWS\system32\eyazeded.ini
2008-11-12 12:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 12:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 12:24:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-29 03:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-23 13:36:51 ----A---- C:\WINDOWS\system32\SET7E.tmp

======List of files/folders modified in the last 2 months======

2009-01-01 09:19:09 ----D---- C:\Documents and Settings\T!bO\Application Data\SolidWorks
2009-01-01 08:53:13 ----N---- C:\WINDOWS\system32\vofiposa.dll
2009-01-01 08:53:13 ----ASH---- C:\WINDOWS\system32\fogehile.dll
2009-01-01 07:52:51 ----ASH---- C:\WINDOWS\system32\benituyo.dll
2008-12-30 18:34:29 ----N---- C:\WINDOWS\system32\lowipabo.dll
2008-12-30 18:34:29 ----ASH---- C:\WINDOWS\system32\vanuvera.dll
2008-12-30 10:22:20 ----D---- C:\Program Files\eMule
2008-12-28 08:18:55 ----SHD---- C:\WINDOWS\Installer
2008-12-28 08:18:18 ----D---- C:\Program Files\Java
2008-12-16 12:12:53 ----D---- C:\WINDOWS\Prefetch
2008-12-16 11:18:35 ----D---- C:\Program Files\Mozilla Firefox
2008-12-16 11:09:18 ----RD---- C:\Program Files
2008-12-16 10:44:41 ----D---- C:\Program Files\Mozilla Thunderbird
2008-12-16 10:43:25 ----D---- C:\WINDOWS
2008-12-16 10:43:15 ----D---- C:\WINDOWS\system32
2008-12-16 09:04:59 ----D---- C:\WINDOWS\Temp
2008-12-16 09:04:47 ----ASH---- C:\WINDOWS\system32\gizisuyo.dll
2008-12-16 09:04:46 ----ASH---- C:\WINDOWS\system32\zawibavu.dll
2008-12-16 09:04:46 ----ASH---- C:\WINDOWS\system32\meseleru.dll
2008-12-16 09:04:37 ----D---- C:\WINDOWS\Registration
2008-12-16 09:04:33 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-14 22:36:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-14 15:36:18 ----ASH---- C:\WINDOWS\system32\pihimage.dll
2008-12-14 15:36:18 ----ASH---- C:\WINDOWS\system32\jigefuwi.dll
2008-12-13 18:21:36 ----D---- C:\WINDOWS\inf
2008-12-13 18:21:07 ----A---- C:\WINDOWS\imsins.BAK
2008-12-13 18:20:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-13 18:20:38 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 16:12:21 ----A---- C:\Log.txt
2008-12-13 14:47:56 ----ASH---- C:\WINDOWS\system32\rikojine.dll
2008-12-13 14:47:56 ----ASH---- C:\WINDOWS\system32\mekijoru.dll
2008-12-12 11:01:25 ----ASH---- C:\WINDOWS\system32\zinakumu.dll
2008-12-12 10:01:21 ----N---- C:\WINDOWS\system32\zomuhiwu.dll
2008-12-12 10:01:20 ----ASH---- C:\WINDOWS\system32\wiwuzoza.dll
2008-12-12 10:01:20 ----ASH---- C:\WINDOWS\system32\juyadewi.dll
2008-12-10 10:50:32 ----A---- C:\WINDOWS\system32\basukavu.dll
2008-12-10 10:45:24 ----ASH---- C:\WINDOWS\system32\vekukedu.dll
2008-12-09 10:02:37 ----A---- C:\WINDOWS\system32\jefaduku.dll
2008-12-09 09:57:34 ----ASH---- C:\WINDOWS\system32\yejedotu.dll
2008-12-07 19:16:44 ----A---- C:\WINDOWS\hppsapp.INI
2008-12-07 08:54:36 ----ASH---- C:\WINDOWS\system32\dutudari.dll
2008-12-07 08:54:35 ----N---- C:\WINDOWS\system32\mupafeve.dll
2008-12-06 15:41:04 ----D---- C:\Program Files\NetMeeting
2008-12-06 10:36:26 ----ASH---- C:\WINDOWS\system32\vuverisa.dll
2008-12-06 10:36:25 ----N---- C:\WINDOWS\system32\mubodigi.dll
2008-12-05 21:08:10 ----ASH---- C:\WINDOWS\system32\zogetana.dll
2008-12-05 21:08:10 ----ASH---- C:\WINDOWS\system32\vizalodu.dll
2008-12-05 20:07:56 ----ASH---- C:\WINDOWS\system32\zizakohe.dll
2008-12-05 20:07:56 ----ASH---- C:\WINDOWS\system32\patafudi.dll
2008-12-05 08:12:41 ----A---- C:\WINDOWS\system32\tubivabo.dll
2008-12-05 08:07:36 ----ASH---- C:\WINDOWS\system32\takavere.dll
2008-12-04 17:42:26 ----ASH---- C:\WINDOWS\system32\kiviyehi.dll
2008-12-04 17:42:25 ----N---- C:\WINDOWS\system32\meyoreho.dll
2008-12-04 16:41:58 ----ASH---- C:\WINDOWS\system32\viliwesi.dll
2008-12-04 16:41:58 ----ASH---- C:\WINDOWS\system32\nozuzito.dll
2008-12-03 11:01:50 ----ASH---- C:\WINDOWS\system32\mobeteda.dll
2008-12-02 23:01:22 ----N---- C:\WINDOWS\system32\pufegogu.dll
2008-12-02 23:01:22 ----ASH---- C:\WINDOWS\system32\lobumije.dll
2008-12-02 11:01:16 ----ASH---- C:\WINDOWS\system32\tuhenato.dll
2008-12-02 11:01:15 ----N---- C:\WINDOWS\system32\dedezaye.dll
2008-11-26 18:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-23 14:23:47 ----D---- C:\WINDOWS\Help
2008-11-12 14:45:32 ----D---- C:\Documents and Settings\T!bO\Application Data\U3
2008-11-12 12:24:34 ----D---- C:\WINDOWS\system32\drivers
2008-11-12 12:24:15 ----D---- C:\WINDOWS\WinSxS
2008-11-11 20:44:22 ----A---- C:\WINDOWS\maplev5.ini
2008-10-29 01:52:43 ----D---- C:\Program Files\adslTV
2008-10-29 00:53:20 ----D---- C:\Documents and Settings\T!bO\Application Data\vlc
2008-10-28 08:21:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-23 11:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-21 19:04:41 ----D---- C:\Documents and Settings\T!bO\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-02 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R3 3xHybrid;ASUSTek SAA713x PCI Card; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 882688]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-07-18 1675776]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2005-03-29 116594]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 RTSTOR;USB Mass Stroage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2005-12-21 20096]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 X10Hid;X10 Hid Device; C:\WINDOWS\System32\Drivers\x10hid.sys [2005-11-28 7040]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CEBDALDR;DVB-T USB BDA firmware loader; C:\WINDOWS\System32\Drivers\CEBDALDR.sys [2005-08-26 16768]
S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VX6000;Microsoft LifeCam VX-6000; C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-10-13 2383152]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [2004-04-08 1135728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-07-18 401408]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-28 152984]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 207664]
R2 omniserv;Softex OmniPass Service; C:\Apps\Softex\OmniPass\Omniserv.exe [2005-08-12 32768]
R2 SrvCDEject;SrvCDEject; C:\Program Files\Packard Bell\SrvCDEject.exe [2006-07-25 613376]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 USBDeviceService;USBDeviceService; C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe [2005-10-20 90112]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Répondre à iceti76

iceti76, le 16 déc 2008 à 12:19:52

Et le deuxième qui suit
info.txt logfile of random's system information tool 1.04 2008-12-16 12:13:20

======Uninstall list======

-->"c:\apps\skype\phone\unins000.exe"
-->"C:\Program Files\Fichiers communs\aolshare\Coach\AolCInUn.exe" -lang="fr-fr"
-->C:\PROGRA~1\FICHIE~1\AOL\ACS\AcsUninstall.exe /c
-->C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
-->C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x40c
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}\setup.exe" -l0x40c
-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop 7.0-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Adobe\Photoshop 7.0\Uninst.isu"
Adobe Reader 7.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A71000000002}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
ALZip-->"C:\Program Files\ESTsoft\ALZip\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{3EBD3749-304E-4A4C-9575-C00E5F015217}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI Catalyst Control Center-->MsiExec.exe /I{2852AC2C-B2FC-4F4A-A573-D466C872E688}
ATNavigation-->MsiExec.exe /I{FB159DD9-6E5F-4C94-B288-E9D1D9FAFBA1}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Bibble Pro-->C:\WINDOWS\unvise32.exe C:\Program Files\Bibble Labs\Prouninstal.log
Browser Address Error Redirector-->regsvr32 /u /s "C:\APPS\BAE\BAE.dll"
Canon iP4300-->"C:\WINDOWS\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300 /L0x000c
Canon Setup Utility 2.3-->"C:\Program Files\Canon\Canon Setup Utility 2.3\Maint.exe" /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.3\uninst.ini
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE
CD-LabelPrint-->"C:\Program Files\Canon\CD-LabelPrint\Uninstal.exe" Canon.CDLabelPrint.Application
Codeur Windows Media Série 9-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Codeur Windows Media Série 9-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Correctif n° 2 pour Windows XP Édition Media Center 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
eDrawings 2005-->MsiExec.exe /I{071D088C-6DF6-4F1B-B024-DA10896AF66D}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Enregistrement utilisateur de Canon iP4300-->C:\Program Files\Canon\IJEREG\iP4300\UNINST.EXE
FastStone Capture 4.8-->C:\Program Files\FastStone Capture\uninst.exe
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
FreeUndelete-->C:\Program Files\FreeUndelete\GLFEE.exe /handle:fru
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
HP PrecisionScan LTX-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\Uninst.isu" -c"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan LTX\HPUninstallIs.dll"
Image Resizer Powertoy for Windows XP-->MsiExec.exe /I{1CB92574-96F2-467B-B793-5CEB35C40C29}
ISSENDIS WebUpdate v6-->"C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\unins000.exe"
iTunes-->MsiExec.exe /I{B045B608-4A47-4C77-9EAD-06C394503306}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Macromedia Dreamweaver 8-->MsiExec.exe /I{5FD788ED-1A37-4496-9BDD-463F493B27FA}
Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76}
Macromedia Flash Player 8-->MsiExec.exe /X{5E8A1B08-0FBD-4543-9646-F2C2D0D05750}
Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
Maple V Release 5 - Server-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Maple V Release 5 - Server\UninstNS.isu"
MCE Software Encoder 1.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7655E113-C306-11D9-A373-0050BAE317E1}\setup.exe" -uninstall
Meca3d SolidWorks v6.0 SP0-->"C:\Program Files\Meca3D SolidWorks v6.0\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft LifeCam-->MsiExec.exe /X{3C137BCF-8ADC-430D-B01C-A45593AC512B}
Microsoft Office 2000 Small Business-->MsiExec.exe /I{0003040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mise à jour de sécurité pour le Codeur Windows Media (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Lecteur Windows Media 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Mise à jour pour Lecteur Windows Media 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Mise à jour pour Lecteur Windows Media 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
MotionWorks 2005-->C:\Program Files\Solid Dynamics\Uninstall 2005.exe
Mozilla Firefox (2.0.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Sunbird (0.3)-->C:\Program Files\Mozilla Sunbird\uninstall\uninst.exe
Mozilla Thunderbird (2.0.0.18)-->C:\PROGRA~1\Mozilla Thunderbird\uninstall\helper.exe
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NEC Back to School Keyboard 2005-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{70001F01-A93D-40A4-B832-123F54A2068E}\setup.exe" -l0x40c
Noiseware Community Edition-->MsiExec.exe /I{CB3B7C24-30A1-4961-8039-94919F5ED2EE}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUI
OFFICE One 150 Modèles de documents-->"C:\Program Files\OFFICE ONE6.5\Modeles\unins000.exe"
OFFICE One 450 Fonts-->C:\WINDOWS\Fonts\unins000.exe
OFFICE One 6.5 Bureautique désinstallation complète 6.5-->"C:\Program Files\OFFICE One6.5\Uninstall All\SETUP\setup.exe" /u
OFFICE One 6.5-->c:\Program Files\OFFICE ONE6.5\program\setup.exe -deinstall
OFFICE One Guide 6.5-->"C:\Program Files\OFFICE ONE6.5\Guide\SETUP\setup.exe" /u
OFFICE One Notes 6.5-->"C:\Program Files\OFFICE ONE6.5\OFFICE One Notes\SETUP\setup.exe" /u
OFFICE One PDF Manager 6.5-->"C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\SETUP\setup.exe" /u
OFFICE One Zip v6-->"C:\Program Files\OFFICE ONE6.5\OFFICE One Zip v6\unins000.exe"
PENTAX Digital Camera Utility-->C:\PROGRA~1\PENTAX\DIGITA~1\UNINST.EXE C:\PROGRA~1\PENTAX\DIGITA~1\INSTALL.LOG
Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
ProfNOTE 8.0-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7EF56BA-5603-472C-ACAE-E05E21A86E14}\Setup.exe" -l0x40c -uninst
QuickTime-->MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
SAMSUNG Mobile USB Modem ^^-->C:\WINDOWS\system32\Samsung_USB_Drivers\4\SSVDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly
Samsung PC Studio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -l0x40c -removeonly
Schématrice-->"C:\Program Files\Schématrice\unins000.exe"
SmartSound Quicktracks Plugin-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SolidWorks 2005 SP03.1-->MsiExec.exe /I{820AD75D-C3A5-49EF-9E8B-8A957371FC0D}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Ulead PhotoImpact 10 SE-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5A065EA0-0EEC-4E94-A2A0-40812576C122}\setup.exe" -l0x40c
Ulead VideoStudio 9.0 SE DVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}\setup.exe" -l0x40c
Universal Monsters (TM) - Monsterville-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EBFCC0F-FAD6-11D5-9E0F-00A0244BD83C}\setup.exe"
VideoLAN VLC media player 0.8.6d-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinHTTrack Website Copier 3.40-2-->"C:\Program Files\WinHTTrack\unins000.exe"
X10 Hardware(TM)-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 081214-0]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Apps\Softex\OmniPass;C:\Program Files\Fichiers communs\Ulead Systems\MPEG;C:\Program Files\ESTsoft\ALZip\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 75 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4b02
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

Répondre à iceti76

sKe69, le 16 déc 2008 à 12:28:57

Et bien !

pas mal de choses !

commence par faire ceci dans l'ordre stp :

1- Avoir accès aux fichiers cachés :

Va dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valide la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )

2- rends toi sur cette page :

http://upload.malekal.com/

* Dans le champs à coté de "parcourrir" , copie/colle ceci :

C:\WINDOWS\system32\~.exe

vérifie que " choisir le dossier de destination " soit sur malware .

* Puis clique sur [envoyer le fichier] et laisse faire l'envoye ...

Merci d'avance pour cette petite participation à la lutte anti-malware ! ... ;)

==========================

2- Télécharge UsbFix ( de Chiquitine29 et Chimay8 ) sur ton bureau :

http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

! Déconnecte toi d'internet et ferme toutes applications en cours !

--> Double-clique sur l' .exe pour lancer l'installation de l'outil ( ne touche pas aux paramètres d'installe ) .

Impératif :
Branche toutes tes unités externes à ton PC (clé USB, DD externe, flash disk, lecteur MP3, etc...) succeptibles d'avoir été infectés, ainsi que les CD et DVD rom dont tu te sers éventuellement le plus souvent ( mais sans les ouvrir ! ) .

--> Double-clique sur le raccourci "UsbFix" qui est sur ton bureau pour lancer l'outil :

* Tape sur 1 ( option " nettoyage " ) puis sur [entrée] et suis les instructions ...

--> Le pc va redémarrer ... laisse travailler l'outil et ne touche à rien ...
( Note : pour les unités externes non utlisées, clique sur "continuer" lors du message d'avertissement )

--> Une fois de retour à ton bureau , attends le message de fin du nettoyage ,
puis appuie sur une touche pour que le rapport "UsbFix.txt" s'affiche .

Fais un copier/coller de son contenu dans ta prochaine réponse pour analyse et attends la suite ....

( Note : le rapport UsbFix.txt est sauvegardé a la racine du disque dur > C:\UsbFix.txt )

PS : Si le Bureau ne réapparait pas, presse Ctrl + Alt + Suppr , Onglet "Fichier"-> "Nouvelle tâche":
tape explorer.exe et valides .

======================

3- Télécharge MalwareByte's :
ici http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebytes anti malware
ou ici : http://www.malwarebytes.org/mbam.php

* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : http://www.malekal.com/download/comctl32.ocx )

* Potasse le tuto pour te familiariser avec le prg :
http://forum.pcastuces.com/sujet.asp?f=31&s=3
( cela dis, il est très simple d'utilisation ).

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Rapide" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date),
accompagné d'un nouveau rapport RSIT (log.txt) pour analyse ...

"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne
vous l'a pas dit !

Répondre à sKe69

iceti76, le 16 déc 2008 à 13:09:33

Le premier lancement de USBFIX m'a laissé une fenêtre rouge avec un curseur clignotant...
Deuxième lancement en là je peux sélectionner nettoyage.
Le PC redemarre mais la fenêtre USBFIX est comme au premier lancement (pas d'info de fin de nettoyage et pas de fichier à la racine de C).
Dois-je relancer un nettoyage?

Répondre à iceti76

iceti76, le 16 déc 2008 à 13:23:42

J'ai pris l'initiative de relancer USBFIX.
Maintenant et après un nouveau redemarrage, il semble que le programme bloque sur "Suppression de fichiers / dossier". Ca fait bien 10mn?
Je relance encore?

Répondre à iceti76

iceti76, le 16 déc 2008 à 13:38:22

Patience et longueur de temps...
C'est good!?

Voici le rapport de USBFIX:

-------------- UsbFix V2.413.4 ---------------

* User : T!bO - PackardBell
* Outils mis a jours le 11/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 13:16:30 le 16/12/2008
* Windows Xp - Internet Explorer 6.0.2900.5512

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\userinit.exe
C:\DOCUME~1\T!bO\LOCALS~1\Temp\3.tmp\b2e.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe E: - Lecteur de CD-ROM G: - Lecteur amovible H: - Lecteur amovible
+- Contenu de l'autorun : E:\autorun.inf

[AutoRun]
open=LaunchU3.exe -a
icon=LaunchU3.exe,0
action=Run U3 Launchpad

[Definitions]
Launchpad=LaunchPad.exe
Vtype=2

[CopyFiles]
FileNumber=1
File1=LaunchPad.zip

[Update]
URL=http://u3.sandisk.com/download/lp_installer.asp?custom=1.6.1.2&brand=PelicanBFG

[Comment]
brand=PelicanBFG

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe
+- Listing des fichiers présents :

[10/08/2004 14:00][--a------] C:\NTDETECT.COM
[23/12/2006 16:07][-rahs----] C:\BOOT.INI
[24/11/2006 07:07][--a------] C:\DWNLOG.TXT
[24/11/2006 07:07][--a------] C:\Log.txt
[24/11/2006 07:07][--a------] C:\SAUDIT.TXT
[24/11/2006 07:07][--a------] C:\UsbFix.txt
[][] C:\hiberfil.sys
[][] C:\IO.SYS
[][] C:\MSDOS.SYS
[][] C:\pagefile.sys

--------------- [ Lecteur E ] ----------------

E: - Lecteur de CD-ROM
+- Listing des fichiers présents :

[23/10/2007 08:45][-r-------] E:\LaunchU3.exe
[06/05/2008 13:26][-r-------] E:\autorun.inf

--------------- [ Lecteur G ] ----------------

G: - Lecteur amovible
+- Listing des fichiers présents :

[23/10/2007 10:45][-ra------] G:\LaunchU3.exe
[16/12/2008 11:47][--a------] G:\rapport avast.txt
[16/12/2008 11:47][--a------] G:\log RSIT.txt
[16/12/2008 11:47][--a------] G:\info RSIT.txt

--------------- [ Lecteur H ] ----------------

H: - Lecteur amovible
+- Listing des fichiers présents :

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
SmpcSys=C:\APPS\SMP\SmpSys.exe
CPMc3c32dd3=Rundll32.exe "c:\windows\system32\mekijoru.dll",a

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
ehTray=C:\WINDOWS\ehome\ehtray.exe
DriveIcons="C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"
NECHotkey=mHotkey.exe
RTHDCPL=RTHDCPL.EXE
SkyTel=SkyTel.EXE
Alcmtr=ALCMTR.EXE
ATICCC="c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
ATSwpNav="C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
DetectorApp=C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
ISUSPM Startup=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
ISUSScheduler="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
OmniPass=C:\Apps\Softex\OmniPass\scureapp.exe
EULA=C:\APPS\PB_TB\EULALauncher.exe
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Easy-PrintToolBox=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
VX6000=C:\WINDOWS\vVX6000.exe
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
LifeCam="C:\Program Files\Microsoft LifeCam\LifeExp.exe"
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
c0f01e4f=rundll32.exe "C:\WINDOWS\system32\zawibavu.dll",b
CPMc3c32dd3=Rundll32.exe "c:\windows\system32\basukavu.dll",a
OoPDFSettingsv6.exe=C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Echec de la supression !! - [06/05/2008 13:26] E:\autorun.inf
Echec de la supression !! - [06/05/2008 13:26] E:\autorun.inf
Echec de la supression !! - [06/05/2008 13:26] E:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[10/08/2004 14:00][--a------] C:\NTDETECT.COM
[23/12/2006 16:07][-rahs----] C:\BOOT.INI
[23/10/2007 08:45][-r-------] E:\LaunchU3.exe
[06/05/2008 13:26][-r-------] E:\autorun.inf
[23/10/2007 10:45][-ra------] G:\LaunchU3.exe

--------------- ! Fin du rapport ! ----------------

Répondre à iceti76

sKe69, le 16 déc 2008 à 13:39:26

Passe à la suite ....

PS : tu as envoyé le fichier comme je t'ai demandé ? ....

"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne
vous l'a pas dit !

Répondre à sKe69

iceti76, le 16 déc 2008 à 13:42:18

Le fichier est bien parti, je passe à la suite.

Répondre à iceti76

sKe69, le 16 déc 2008 à 13:48:37

;-) "Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne
vous l'a pas dit !

Répondre à sKe69

iceti76, le 16 déc 2008 à 14:39:43

Gros nettoyage de MalwareByte's . Au deuxième scan il n'a rien trouvé, voici le rapport :
Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1506
Windows 5.1.2600 Service Pack 3

16/12/2008 14:29:12
mbam-log-2008-12-16 (14-29-12).txt

Type de recherche: Examen rapide
Eléments examinés: 64612
Temps écoulé: 13 minute(s), 38 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Répondre à iceti76

iceti76, le 16 déc 2008 à 14:42:16

le dernier LOG de RIST:
Le dangers est-il ecarté?

Logfile of random's system information tool 1.04 (written by random/random)
Run by T!bO at 2008-12-16 14:32:08
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 116 GB (39%) free of 297 GB
Total RAM: 2046 MB (73% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:32:11, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
G:\telechargement\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\T!bO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://click.real.com/?href=http://www.film.com&pageid=IPM_mov_020807
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [EULA] C:\APPS\PB_TB\EULALauncher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0936C226-212F-4E7B-80E0-26F43A4556A3}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{0936C226-212F-4E7B-80E0-26F43A4556A3}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS2\Services\Tcpip\..\{0936C226-212F-4E7B-80E0-26F43A4556A3}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS3\Services\Tcpip\..\{0936C226-212F-4E7B-80E0-26F43A4556A3}: NameServer = 212.27.54.252,212.27.53.252
O20 - AppInit_DLLs:
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
End of file - 9689 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-28 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-28 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-28 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"DriveIcons"=C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe [2005-12-09 656896]
"NECHotkey"=C:\WINDOWS\mHotkey.exe [2006-01-11 548864]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-28 16248320]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ATICCC"=c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-28 136600]
"ATSwpNav"=C:\Program Files\Fingerprint Sensor\ATSwpNav -run []
"DetectorApp"=C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe [2005-10-20 102400]
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup []
"ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe -start []
"OmniPass"=C:\Apps\Softex\OmniPass\scureapp.exe [2005-08-12 1859584]
"EULA"=C:\APPS\PB_TB\EULALauncher.exe [2006-09-29 18944]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"VX6000"=C:\WINDOWS\vVX6000.exe [2006-10-13 994096]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2006-10-13 277296]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-09-26 267064]
"OoPDFSettingsv6.exe"=C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe [2006-12-28 493568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"SmpcSys"=C:\APPS\SMP\SmpSys.exe [2005-11-17 975360]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
OFFICE One Notes v6.5.lnk - C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-07-18 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Apps\Softex\OmniPass\opxpgina.dll [2005-08-12 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoInternetIcon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\Program Files\adslTV\adslTV.exe"="C:\Program Files\adslTV\adslTV.exe:*:Enabled:adslTV"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\FileZilla\FileZilla.exe"="C:\Program Files\FileZilla\FileZilla.exe:*:Enabled:FileZilla"
"C:\Program Files\AOL 9.0\aol.exe"="C:\Program Files\AOL 9.0\aol.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL 9.0"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\APPS\Inventime\my.exe"="C:\APPS\Inventime\my.exe:*:Disabled:INVENTIME"
"C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Disabled:PANDORA"
"C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Disabled:SPLINTER CELL PANDORA"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Java\jre6\bin\jqs.exe"="C:\Program Files\Java\jre6\bin\jqs.exe:*:Enabled:jqs"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe:*:Enabled:ashMaiSv"
"C:\Program Files\Microsoft LifeCam\MSCamS32.exe"="C:\Program Files\Microsoft LifeCam\MSCamS32.exe:*:Enabled:MSCamS32"
"C:\WINDOWS\system32\wbem\wmiapsrv.exe"="C:\WINDOWS\system32\wbem\wmiapsrv.exe:*:Enabled:wmiapsrv"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:userinit"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:thunderbird"
"C:\Program Files\Packard Bell\SrvCDEject.exe"="C:\Program Files\Packard Bell\SrvCDEject.exe:*:Enabled:SrvCDEject"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe:*:Enabled:mbamgui.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1105e106-8c41-11dd-acbf-001731731699}]
shell\AutoRun\command - E:\LaunchU3.exe -a

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 2 months======

2008-12-28 08:18:36 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-28 08:18:36 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-28 08:18:36 ----A---- C:\WINDOWS\system32\java.exe
2008-12-28 08:18:36 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-16 13:45:13 ----D---- C:\Documents and Settings\T!bO\Application Data\Malwarebytes
2008-12-16 13:45:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-16 13:45:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-16 13:16:30 ----A---- C:\UsbFix.txt
2008-12-16 12:38:55 ----D---- C:\Program Files\UsbFix
2008-12-16 12:13:13 ----D---- C:\rsit
2008-12-16 11:09:18 ----D---- C:\Program Files\Trend Micro
2008-12-13 18:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-13 18:20:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-13 18:19:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-13 18:19:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-13 18:18:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-13 17:35:40 ----A---- C:\WINDOWS\system32\SET91.tmp
2008-12-13 17:35:38 ----A---- C:\WINDOWS\system32\SET93.tmp
2008-12-13 17:35:38 ----A---- C:\WINDOWS\system32\SET92.tmp
2008-12-13 17:35:37 ----A---- C:\WINDOWS\system32\SET94.tmp
2008-12-12 11:01:24 ----SH---- C:\WINDOWS\system32\uniroyid.ini
2008-12-05 17:23:47 ----SH---- C:\WINDOWS\system32\obavibut.tmp
2008-12-03 11:01:51 ----SH---- C:\WINDOWS\system32\ikosukut.ini
2008-11-12 12:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 12:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 12:24:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-29 03:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-23 13:36:51 ----A---- C:\WINDOWS\system32\SET7E.tmp

======List of files/folders modified in the last 2 months======

2009-01-01 09:19:09 ----D---- C:\Documents and Settings\T!bO\Application Data\SolidWorks
2009-01-01 07:52:51 ----ASH---- C:\WINDOWS\system32\benituyo.dll
2008-12-30 10:22:20 ----D---- C:\Program Files\eMule
2008-12-28 08:18:55 ----SHD---- C:\WINDOWS\Installer
2008-12-28 08:18:18 ----D---- C:\Program Files\Java
2008-12-16 14:11:55 ----D---- C:\WINDOWS
2008-12-16 14:11:09 ----D---- C:\WINDOWS\Temp
2008-12-16 14:10:00 ----D---- C:\WINDOWS\Registration
2008-12-16 14:09:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-16 14:09:25 ----D---- C:\WINDOWS\system32\drivers
2008-12-16 14:09:25 ----D---- C:\WINDOWS\system32
2008-12-16 13:45:06 ----RD---- C:\Program Files
2008-12-16 13:13:23 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-16 13:01:40 ----D---- C:\WINDOWS\Prefetch
2008-12-16 11:18:35 ----D---- C:\Program Files\Mozilla Firefox
2008-12-16 10:44:41 ----D---- C:\Program Files\Mozilla Thunderbird
2008-12-16 09:04:47 ----ASH---- C:\WINDOWS\system32\gizisuyo.dll
2008-12-13 18:21:36 ----D---- C:\WINDOWS\inf
2008-12-13 18:21:07 ----A---- C:\WINDOWS\imsins.BAK
2008-12-13 18:20:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-13 18:20:38 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-13 16:12:21 ----A---- C:\Log.txt
2008-12-09 10:02:37 ----A---- C:\WINDOWS\system32\jefaduku.dll
2008-12-07 19:16:44 ----A---- C:\WINDOWS\hppsapp.INI
2008-12-06 15:41:04 ----D---- C:\Program Files\NetMeeting
2008-12-05 20:07:56 ----ASH---- C:\WINDOWS\system32\zizakohe.dll
2008-12-04 16:41:58 ----ASH---- C:\WINDOWS\system32\viliwesi.dll
2008-11-26 18:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-23 14:23:47 ----D---- C:\WINDOWS\Help
2008-11-12 14:45:32 ----D---- C:\Documents and Settings\T!bO\Application Data\U3
2008-11-12 12:24:15 ----D---- C:\WINDOWS\WinSxS
2008-11-11 20:44:22 ----A---- C:\WINDOWS\maplev5.ini
2008-10-29 01:52:43 ----D---- C:\Program Files\adslTV
2008-10-29 00:53:20 ----D---- C:\Documents and Settings\T!bO\Application Data\vlc
2008-10-28 08:21:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-23 11:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-21 19:04:41 ----D---- C:\Documents and Settings\T!bO\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-02 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R3 3xHybrid;ASUSTek SAA713x PCI Card; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 882688]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-07-18 1675776]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2005-03-29 116594]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 RTSTOR;USB Mass Stroage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2005-12-21 20096]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 X10Hid;X10 Hid Device; C:\WINDOWS\System32\Drivers\x10hid.sys [2005-11-28 7040]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CEBDALDR;DVB-T USB BDA firmware loader; C:\WINDOWS\System32\Drivers\CEBDALDR.sys [2005-08-26 16768]
S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VX6000;Microsoft LifeCam VX-6000; C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-10-13 2383152]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [2004-04-08 1135728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-07-18 401408]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-28 152984]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 207664]
R2 omniserv;Softex OmniPass Service; C:\Apps\Softex\OmniPass\Omniserv.exe [2005-08-12 32768]
R2 SrvCDEject;SrvCDEject; C:\Program Files\Packard Bell\SrvCDEject.exe [2006-07-25 613376]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 USBDeviceService;USBDeviceService; C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe [2005-10-20 90112]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Répondre à iceti76

sKe69, le 16 déc 2008 à 14:47:33

Poste moi le premier rapport de MBAM stp , celui ou on voit les objets infectés et les suppression ! .... merci ^^

il en reste encore pas mal !

fais ceci :

Télécharge MSNFix.zip (de !aur3n7) :
http://sosvirus.changelog.fr/MSNFix.zip
--> décompresse-le sur le Bureau ( = extraire tout ).

Déplace ensuite le dossier que tu viens d'extraire directement sous ton disque dure ,
c'est à dire ici -> C:\MSNFix .
( c'est très important pour le bon fonctionnement de l'outil ! ).

Impératif : Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...

Lance le fichier MSNFix.bat qui se trouve dans le dossier MSNfix, sur le bureau.
- Exécute l'option R (recherche).
- Si l'infection est détectée, exécute l'option N (nettoyage) .

-> Une fois finit, sauvegardes le rapport généré sur ton bureau .
Redémarre ton PC ( = retour au mode normal ).

-> il se peut aussi que l'infection doit être nettoyer au redémarrage du PC : avant l'arrivée du bureau , une fenêtre demandant l'exécution de "MSNfix" s'ouvre .
-> clique sur ok pour que l'outil puisse finir de travailler (patiente jusqu'à l'apparition du bureau ... ceci peut s'avérer relativement long).
le rapport s'ouvrira à l'arrivée du bureau ...

---> poste moi ce rapport accompagné d'un nouveau rapport RSIT ( fait en mode normal ) dans ta prochaine réponse pour analyse ...

( PS : le rapport est en outre sauvegardé ici C:\MSNFix\"date_heure".txt et ici C:\WINDOWS\msnfix.txt )

"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne
vous l'a pas dit !

Répondre à sKe69

iceti76, le 16 déc 2008 à 15:16:59

Voici le premier rapport. Je passe à la suite...

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1506
Windows 5.1.2600 Service Pack 3

16/12/2008 14:08:02
mbam-log-2008-12-16 (14-08-02).txt

Type de recherche: Examen rapide
Eléments examinés: 71549
Temps écoulé: 17 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 6
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 12
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 57

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
c:\WINDOWS\system32\meseleru.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\jigefuwi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\mekijoru.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\zinakumu.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\wiwuzoza.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\basukavu.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\c0f01e4f (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmc3c32dd3 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpmc3c32dd3 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\meseleru.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\meseleru.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\jigefuwi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\jigefuwi.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\mekijoru.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\mekijoru.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\zinakumu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\zinakumu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\wiwuzoza.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\wiwuzoza.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\basukavu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\basukavu.dll -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\dedezaye.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eyazeded.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowipabo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\obapiwol.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\meyoreho.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\oheroyem.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mubodigi.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\igidobum.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mupafeve.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\evefapum.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pihimage.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\egamihip.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pufegogu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ugogefup.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rikojine.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\enijokir.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tubivabo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\obavibut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vekukedu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\udekukev.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vizalodu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\udolaziv.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vofiposa.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\asopifov.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yejedotu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\utodejey.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zawibavu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uvabiwaz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zomuhiwu.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\uwihumoz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mekijoru.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\meseleru.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\jigefuwi.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\zinakumu.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\wiwuzoza.dll (Trojan.Vundo) -> Delete on reboot.
c:\WINDOWS\system32\basukavu.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\dutudari.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fofajivo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fogehile.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jewesima.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\juyadewi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kiviyehi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lehebofi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lobumije.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\meyiyezi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mobeteda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nozuzito.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\patafudi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pidokobo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sinodisi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\takavere.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tuhenato.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vanuvera.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vuverisa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wuduzuli.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zogetana.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

Répondre à iceti76

iceti76, le 16 déc 2008 à 15:45:20

Pour MSN fix, le nettoyage complet à necessité un redemarrage. Il ne m'a rien demandé et j'ai cherché un fichier log sur le bureau et dans le repertoire de MSNFIX. Voilà ce que j'ai trouvé:
catchme.log
read file error: C:\DOCUME~1\T!bO\LOCALS~1\Temp\winlogon.exe, Le fichier spécifié est introuvable.
read file error: C:\DOCUME~1\T!bO\LOCALS~1\Temp\services.exe, Le fichier spécifié est introuvable.
read file error: C:\WINDOWS\system32\cftmon.exe, Le fichier spécifié est introuvable.

MD5.txt
winchat.exe
winhlp32.exe
winlogon.exe
winmine.exe
winmsd.exe
winspool.exe
winver.exe

temp.txt
[C:\WINDOWS\Fonts\unins000.exe] 89F1693BCA5D6AB02FF206DD2AB51B7A
[C:\WINDOWS\system32\winchat.exe] 2A99260794224489F29B628717B7947E
[C:\WINDOWS\system32\winhlp32.exe] 577624F19D0441C9111F2AF26C81E04D
[C:\WINDOWS\system32\winlogon.exe] DD73D6B9F6B4CB630CF35B438B540174
[C:\WINDOWS\system32\winmine.exe] EA682C022F7204CC8E8C9EF5DCE29356
[C:\WINDOWS\system32\winmsd.exe] 7EBF8A4B608AFB79C67F4E4A9C5885BB
[C:\WINDOWS\system32\winspool.exe] 0B4B94B78123E8035B84105BC024F9F8
[C:\WINDOWS\system32\winver.exe] 61E80B60CD30D995E80702623BE47B9D

le dernier rapport RIST

Logfile of random's system information tool 1.04 (written by random/random)
Run by T!bO at 2008-12-16 15:38:38
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 116 GB (39%) free of 297 GB
Total RAM: 2046 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:38:43, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\Program Files\Packard Bell\SrvCDEject.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Apps\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
c:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\Apps\Softex\OmniPass\scureapp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
C:\APPS\SMP\SmpSys.exe
C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
G:\telechargement\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\T!bO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://click.real.com/?href=http://www.film.com&pageid=IPM_mov_020807
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DriveIcons] "C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe"
O4 - HKLM\..\Run: [NECHotkey] mHotkey.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [OmniPass] C:\Apps\Softex\OmniPass\scureapp.exe
O4 - HKLM\..\Run: [EULA] C:\APPS\PB_TB\EULALauncher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: OFFICE One Notes v6.5.lnk = C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://format.packardbell.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0936C226-212F-4E7B-80E0-26F43A4556A3}: NameServer = 212.27.54.252,212.27.53.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{0936C226-212F-4E7B-80E0-26F43A4556A3}: NameServer = 212.27.54.252,212.27.53.252
O20 - AppInit_DLLs:
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: SrvCDEject - Unknown owner - C:\Program Files\Packard Bell\SrvCDEject.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
End of file - 9419 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-28 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-28 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-28 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-10 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-10 455168]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"DriveIcons"=C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe [2005-12-09 656896]
"NECHotkey"=C:\WINDOWS\mHotkey.exe [2006-01-11 548864]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-06-28 16248320]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ATICCC"=c:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-28 136600]
"ATSwpNav"=C:\Program Files\Fingerprint Sensor\ATSwpNav -run []
"DetectorApp"=C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe [2005-10-20 102400]
"ISUSPM Startup"=C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup []
"ISUSScheduler"=C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe -start []
"OmniPass"=C:\Apps\Softex\OmniPass\scureapp.exe [2005-08-12 1859584]
"EULA"=C:\APPS\PB_TB\EULALauncher.exe [2006-09-29 18944]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"VX6000"=C:\WINDOWS\vVX6000.exe [2006-10-13 994096]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-06-29 286720]
"LifeCam"=C:\Program Files\Microsoft LifeCam\LifeExp.exe [2006-10-13 277296]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-09-26 267064]
"OoPDFSettingsv6.exe"=C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe [2006-12-28 493568]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"=C:\APPS\SMP\SmpSys.exe [2005-11-17 975360]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
OFFICE One Notes v6.5.lnk - C:\Program Files\OFFICE One6.5\OFFICE One Notes\oonotesv65.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-07-18 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OPXPGina]
C:\Apps\Softex\OmniPass\opxpgina.dll [2005-08-12 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoInternetIcon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\Program Files\adslTV\adslTV.exe"="C:\Program Files\adslTV\adslTV.exe:*:Enabled:adslTV"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\FileZilla\FileZilla.exe"="C:\Program Files\FileZilla\FileZilla.exe:*:Enabled:FileZilla"
"C:\Program Files\AOL 9.0\aol.exe"="C:\Program Files\AOL 9.0\aol.exe:*:Disabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL 9.0"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\APPS\Inventime\my.exe"="C:\APPS\Inventime\my.exe:*:Disabled:INVENTIME"
"C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Disabled:PANDORA"
"C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="C:\Program Files\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Disabled:SPLINTER CELL PANDORA"
"C:\Program Files\Microsoft LifeCam\LifeExp.exe"="C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe"
"C:\Program Files\Microsoft LifeCam\LifeCam.exe"="C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Explorer"
"C:\WINDOWS\system32\logonui.exe"="C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui"
"C:\WINDOWS\system32\winlogon.exe"="C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\Program Files\Java\jre6\bin\jqs.exe"="C:\Program Files\Java\jre6\bin\jqs.exe:*:Enabled:jqs"
"C:\WINDOWS\system32\lsass.exe"="C:\WINDOWS\system32\lsass.exe:*:Enabled:lsass"
"C:\WINDOWS\system32\services.exe"="C:\WINDOWS\system32\services.exe:*:Enabled:services"
"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe:*:Enabled:ashMaiSv"
"C:\Program Files\Microsoft LifeCam\MSCamS32.exe"="C:\Program Files\Microsoft LifeCam\MSCamS32.exe:*:Enabled:MSCamS32"
"C:\WINDOWS\system32\wbem\wmiapsrv.exe"="C:\WINDOWS\system32\wbem\wmiapsrv.exe:*:Enabled:wmiapsrv"
"C:\WINDOWS\system32\userinit.exe"="C:\WINDOWS\system32\userinit.exe:*:Enabled:userinit"
"C:\Program Files\iPod\bin\iPodService.exe"="C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:thunderbird"
"C:\Program Files\Packard Bell\SrvCDEject.exe"="C:\Program Files\Packard Bell\SrvCDEject.exe:*:Enabled:SrvCDEject"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe:*:Enabled:mbamgui.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1105e106-8c41-11dd-acbf-001731731699}]
shell\AutoRun\command - E:\LaunchU3.exe -a

======File associations======

.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"

======List of files/folders created in the last 2 months======

2008-12-28 08:18:36 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-28 08:18:36 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-28 08:18:36 ----A---- C:\WINDOWS\system32\java.exe
2008-12-28 08:18:36 ----A---- C:\WINDOWS\system32\deploytk.dll
2008-12-16 15:28:35 ----A---- C:\WINDOWS\msnfix.txt
2008-12-16 15:27:18 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-16 15:24:58 ----AD---- C:\MSNFix
2008-12-16 13:45:13 ----D---- C:\Documents and Settings\T!bO\Application Data\Malwarebytes
2008-12-16 13:45:07 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-12-16 13:45:06 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-12-16 13:16:30 ----A---- C:\UsbFix.txt
2008-12-16 12:38:55 ----D---- C:\Program Files\UsbFix
2008-12-16 12:13:13 ----D---- C:\rsit
2008-12-16 11:09:18 ----D---- C:\Program Files\Trend Micro
2008-12-13 18:21:28 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-13 18:20:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$
2008-12-13 18:19:51 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-13 18:19:22 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-13 18:18:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-13 17:35:40 ----A---- C:\WINDOWS\system32\SET91.tmp
2008-12-13 17:35:38 ----A---- C:\WINDOWS\system32\SET93.tmp
2008-12-13 17:35:38 ----A---- C:\WINDOWS\system32\SET92.tmp
2008-12-13 17:35:37 ----A---- C:\WINDOWS\system32\SET94.tmp
2008-12-12 11:01:24 ----SH---- C:\WINDOWS\system32\uniroyid.ini
2008-12-05 17:23:47 ----SH---- C:\WINDOWS\system32\obavibut.tmp
2008-12-03 11:01:51 ----SH---- C:\WINDOWS\system32\ikosukut.ini
2008-11-12 12:24:32 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-11-12 12:24:28 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-11-12 12:24:20 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-10-29 03:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-10-23 13:36:51 ----A---- C:\WINDOWS\system32\SET7E.tmp

======List of files/folders modified in the last 2 months======

2009-01-01 09:19:09 ----D---- C:\Documents and Settings\T!bO\Application Data\SolidWorks
2009-01-01 07:52:51 ----ASH---- C:\WINDOWS\system32\benituyo.dll
2008-12-30 10:22:20 ----D---- C:\Program Files\eMule
2008-12-28 08:18:55 ----SHD---- C:\WINDOWS\Installer
2008-12-28 08:18:18 ----D---- C:\Program Files\Java
2008-12-16 15:33:46 ----D---- C:\WINDOWS
2008-12-16 15:32:41 ----D---- C:\WINDOWS\Temp
2008-12-16 15:32:06 ----D---- C:\WINDOWS\Registration
2008-12-16 15:32:04 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-16 15:25:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-16 14:09:25 ----D---- C:\WINDOWS\system32\drivers
2008-12-16 14:09:25 ----D---- C:\WINDOWS\system32
2008-12-16 13:45:06 ----RD---- C:\Program Files
2008-12-16 13:01:40 ----D---- C:\WINDOWS\Prefetch
2008-12-16 11:18:35 ----D---- C:\Program Files\Mozilla Firefox
2008-12-16 10:44:41 ----D---- C:\Program Files\Mozilla Thunderbird
2008-12-16 09:04:47 ----ASH---- C:\WINDOWS\system32\gizisuyo.dll
2008-12-13 18:21:36 ----D---- C:\WINDOWS\inf
2008-12-13 18:21:07 ----A---- C:\WINDOWS\imsins.BAK
2008-12-13 18:20:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-13 18:20:38 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-09 10:02:37 ----A---- C:\WINDOWS\system32\jefaduku.dll
2008-12-07 19:16:44 ----A---- C:\WINDOWS\hppsapp.INI
2008-12-06 15:41:04 ----D---- C:\Program Files\NetMeeting
2008-12-05 20:07:56 ----ASH---- C:\WINDOWS\system32\zizakohe.dll
2008-12-04 16:41:58 ----ASH---- C:\WINDOWS\system32\viliwesi.dll
2008-11-26 18:21:30 ----A---- C:\WINDOWS\system32\aswBoot.exe
2008-11-23 14:23:47 ----D---- C:\WINDOWS\Help
2008-11-12 14:45:32 ----D---- C:\Documents and Settings\T!bO\Application Data\U3
2008-11-12 12:24:15 ----D---- C:\WINDOWS\WinSxS
2008-11-11 20:44:22 ----A---- C:\WINDOWS\maplev5.ini
2008-10-29 01:52:43 ----D---- C:\Program Files\adslTV
2008-10-29 00:53:20 ----D---- C:\Documents and Settings\T!bO\Application Data\vlc
2008-10-28 08:21:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-10-23 11:06:59 ----N---- C:\WINDOWS\system32\tzchange.exe
2008-10-21 19:04:41 ----D---- C:\Documents and Settings\T!bO\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-19 36864]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2007-02-02 5632]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R3 3xHybrid;ASUSTek SAA713x PCI Card; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 882688]
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-07-18 1675776]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500); C:\WINDOWS\System32\Drivers\ATSwpDrv.sys [2005-03-29 116594]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-06-28 4304384]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 RTSTOR;USB Mass Stroage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2005-12-21 20096]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [2003-01-10 33588]
R3 X10Hid;X10 Hid Device; C:\WINDOWS\System32\Drivers\x10hid.sys [2005-11-28 7040]
S3 catchme;catchme; \??\C:\DOCUME~1\T!bO\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CEBDALDR;DVB-T USB BDA firmware loader; C:\WINDOWS\System32\Drivers\CEBDALDR.sys [2005-08-26 16768]
S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MPE;Filtre BDA MPE; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VX6000;Microsoft LifeCam VX-6000; C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-10-13 2383152]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XUIF;X10 USB Wireless Transceiver; C:\WINDOWS\System32\Drivers\x10ufx2.sys [2005-05-19 17792]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AOL ACS;AOL Connectivity Service; C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe [2004-04-08 1135728]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-09-06 110592]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-07-18 401408]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]
R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-28 152984]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2006-10-13 207664]
R2 omniserv;Softex OmniPass Service; C:\Apps\Softex\OmniPass\Omniserv.exe [2005-08-12 32768]
R2 SrvCDEject;SrvCDEject; C:\Program Files\Packard Bell\SrvCDEject.exe [2006-07-25 613376]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152]
R2 USBDeviceService;USBDeviceService; C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe [2005-10-20 90112]
R2 x10nets;X10 Device Network Service; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [2001-11-12 20480]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 iPod Service;Service de l'iPod; C:\Program Files\iPod\bin\iPodService.exe [2007-09-26 503608]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

Répondre à iceti76

sKe69, le 16 déc 2008 à 16:42:36

Bien ...

Dans l'ordre :

1- supprime tout ce qui se trouve dans la quarantaine de Malwarebytes .

==================

2- Télécharge : - CCleaner
http://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corriger ton registre .
Lors de l'installation:
-choisis bien "francais" en langue .
-avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 premières.

Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

---> Utilisation:
! déconnecte toi et ferme toutes applications en cours !
* va dans "nettoyeur" : fais -analyse- puis -nettoyage-
* va dans "registre" : fais -chercher les erreurs- et -réparer toutes les erreurs-
( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

===================

3- Rends toi sur ce site :

http://www.virustotal.com/

Copies ce qui suit et colles le dans l'espace pour la recherche :
C:\WINDOWS\system32\SET93.tmp

Clique sur Send File ( = " Envoyer le fichier " ).

Un rapport va s'élaborer ligne à ligne.

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copie le dans ta prochaine réponse ...

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )

Fais de même pour :
C:\WINDOWS\system32\uniroyid.ini
C:\WINDOWS\system32\obavibut.tmp
C:\WINDOWS\system32\ikosukut.ini
C:\WINDOWS\system32\benituyo.dll
C:\WINDOWS\system32\gizisuyo.dll
C:\WINDOWS\system32\jefaduku.dll
C:\WINDOWS\hppsapp.INI
C:\WINDOWS\system32\zizakohe.dll
C:\WINDOWS\system32\viliwesi.dll
C:\WINDOWS\maplev5.ini

Poste moi donc ces 11 rapports ( surtout le début avec le listing des AV , et en précisant bien au début de chacuns à quel fichier ils correspondent ) et attends la suite ...

"Baby, I'm going on an airplane, And I don't know if I'll be back again"
IMPORTANT : ne vous croyez pas tiré d'affaire tant qu'on ne
vous l'a pas dit !

Répondre à sKe69

iceti76, le 16 déc 2008 à 17:10:36

RESULTAT POUR C:\WINDOWS\system32\SET93.tmp

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.17.0 2008.12.16 -
AntiVir 7.9.0.45 2008.12.16 -
Authentium 5.1.0.4 2008.12.16 -
Avast 4.8.1281.0 2008.12.16 -
AVG 8.0.0.199 2008.12.16 -
BitDefender 7.2 2008.12.16 -
CAT-QuickHeal 10.00 2008.12.16 -
ClamAV 0.94.1 2008.12.16 -
Comodo 760 2008.12.15 -
DrWeb 4.44.0.09170 2008.12.16 -
eSafe 7.0.17.0 2008.12.16 -
eTrust-Vet 31.6.6263 2008.12.16 -
Ewido 4.0 2008.12.16 -
F-Prot 4.4.4.56 2008.12.16 -
F-Secure 8.0.14332.0 2008.12.16 -
Fortinet 3.117.0.0 2008.12.16 -
GData 19 2008.12.16 -
Ikarus T3.1.1.45.0 2008.12.16 -
K7AntiVirus 7.10.555 2008.12.16 -
Kaspersky 7.0.0.125 2008.12.16 -
McAfee 5465 2008.12.15 -
McAfee+Artemis 5465 2008.12.15 -
Microsoft 1.4205 2008.12.16 -
NOD32 3695 2008.12.16 -
Norman 5.80.02 2008.12.16 -
Panda 9.0.0.4 2008.12.15 -
PCTools 4.4.2.0 2008.12.16 -
Prevx1 V2 2008.12.16 -
Rising 21.08.12.00 2008.12.16 -
Sophos 4.36.0 2008.12.16 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.16 -
TheHacker 6.3.1.4.189 2008.12.16 -
TrendMicro 8.700.0.1004 2008.12.16 -
VBA32 3.12.8.10 2008.12.16 -
ViRobot 2008.12.16.1521 2008.12.16 -
VirusBuster 4.5.11.0 2008.12.16 -
Information additionnelle
File size: 1499648 bytes
MD5...: 76c9e5cfb8a15da15a85270493ae9e4f
SHA1..: f67a8d8bcd419b66af3408fba3b47d16fe01e408
SHA256: 20a6790213d53227f3b8ccd60bb34b08308b1108d7ee167c01307cf4d905432f
SHA512: b2fee022ce9071aaa8f3fbdb7f408089c5161fac72367ef5265ae3b286d6fd1e
1012cf53671d8b9b510438cf6e22b97c58353e4320c1f1955c9737751926706e
ssdeep: 24576:ly6alex97GaKMgjjI9hPJdo4bMYQluGX7xjBsPGtT:Lakx9E7jqPJ24Klu
GLxN4Gt
PEiD..: -
TrID..: File type identification
DirectShow filter (39.5%)
Windows OCX File (24.2%)
Win64 Executable Generic (16.7%)
Win32 EXE PECompact compressed (generic) (8.1%)
Win32 Executable MS Visual C++ (generic) (7.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x7e225ed1
timedatestamp.....: 0x48f69271 (Thu Oct 16 01:01:37 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xd8480 0xd8600 6.51 7ca10e9a243e6cc7a7ce1c252d559a68
.data 0xda000 0x1d30 0x1800 3.37 898f97f8510bb2b530ca92a7406a4750
.rsrc 0xdc000 0x88c04 0x88e00 5.34 207cb922bdc303506005e7e8e3da0337
.reloc 0x165000 0xb08c 0xb200 6.72 cbdf687fed340635a36a7a0fc5757f0e

( 8 imports )
> ADVAPI32.dll: RegCloseKey, RegOpenKeyExA, RegQueryValueExA, RegSetValueExA, RegCreateKeyExA, RegDeleteKeyA, IsValidSid, CopySid, GetLengthSid, GetTokenInformation, OpenProcessToken, EqualSid, RegOpenKeyExW, RegQueryValueExW, RegEnumValueA
> CRYPT32.dll: CryptQueryObject, CryptMsgGetParam, CertCloseStore, CryptMsgClose
> CRYPTUI.dll: CryptUIDlgViewSignerInfoW
> GDI32.dll: SetViewportOrgEx, SetWindowOrgEx, SetMapMode, SaveDC, LPtoDP, GetDeviceCaps, CreateRectRgnIndirect, DeleteMetaFile, CloseMetaFile, SetWindowExtEx, SetPaletteEntries, GetPaletteEntries, RealizePalette, SelectPalette, GetStockObject, CreatePalette, SetBkColor, SetBkMode, DeleteDC, SetTextColor, SelectObject, GetTextExtentPointW, IntersectClipRect, CreateDCA, CloseEnhMetaFile, CreateEnhMetaFileA, LineTo, MoveToEx, Rectangle, StretchBlt, CreateCompatibleDC, BitBlt, GetTextCharset, CreateCompatibleBitmap, GetTextExtentPoint32W, DeleteObject, RestoreDC
> KERNEL32.dll: SetCurrentDirectoryA, SetFilePointer, ReadFile, GetFileSize, WriteFile, FindClose, WaitForSingleObject, SetEvent, CreateFileA, ReleaseMutex, LocalFileTimeToFileTime, SystemTimeToFileTime, GetTempPathA, ExitProcess, GetCommandLineW, OpenMutexW, TlsGetValue, GetSystemTime, InterlockedCompareExchange, InterlockedExchange, GetCurrentProcessId, GlobalFlags, GlobalSize, GlobalReAlloc, TlsSetValue, GetLocalTime, FileTimeToSystemTime, DeleteCriticalSection, ReleaseSemaphore, UnhandledExceptionFilter, SetErrorMode, CreateDirectoryA, GetShortPathNameA, ResetEvent, HeapFree, GetProcessHeap, TerminateThread, GetExitCodeThread, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, FileTimeToLocalFileTime, HeapAlloc, GetLocaleInfoW, OpenProcess, LoadLibraryW, DosDateTimeToFileTime, GetModuleHandleW, CreateEventA, LoadLibraryA, VirtualFree, VirtualAlloc, lstrcpynW, InitializeCriticalSectionAndSpinCount, IsDBCSLeadByte, GetSystemTimeAsFileTime, FreeLibrary, InterlockedDecrement, InterlockedIncrement, lstrcmpiA, GetModuleHandleA, GetProcAddress, LocalFree, LocalAlloc, CompareFileTime, CreateThread, GetSystemDefaultLCID, GetSystemInfo, MultiByteToWideChar, GetVersionExA, lstrcmpA, GetSystemDirectoryA, LocalReAlloc, GetDriveTypeW, CreateMutexA, lstrlenA, Sleep, WideCharToMultiByte, lstrcpynA, GetUserDefaultLCID, GlobalFree, LocalSize, GetTickCount, GetLastError, LoadLibraryExA, SetLastError, GetCurrentThreadId, GetCurrentProcess, FlushInstructionCache, lstrlenW, GlobalAlloc, GlobalLock, GlobalUnlock, HeapDestroy, EnterCriticalSection, LeaveCriticalSection, MulDiv, DisableThreadLibraryCalls, InitializeCriticalSection, TlsAlloc, GetACP, CloseHandle, GetCurrentDirectoryA, TlsFree, RaiseException, OpenMutexA
> msvcrt.dll: _onexit, __dllonexit, _adjust_fdiv, _initterm, _ftol, wcslen, free, _vsnprintf, _except_handler3, _wcsnicmp, wcsrchr, _ltow, memmove, malloc, realloc, _vsnwprintf
> SHLWAPI.dll: -, -, SHDeleteKeyW, -, -, -, -, -, -, -, StrCpyNW, -, SHRegGetBoolUSValueW, -, -, -, -, -, -, -, -, PathCreateFromUrlW, StrChrW, -, -, SHStrDupW, -, -, -, -, PathFileExistsW, -, -, -, -, SHRegGetUSValueW, StrCmpNIW, StrStrIW, StrDupW, -, SHQueryValueExW, -, -, -, -, -, -, -, -, -, -, -, PathQuoteSpacesW, -, PathCombineW, -, -, PathRemoveFileSpecW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, StrCatBuffW, -, -, -, UrlCanonicalizeW, AssocQueryStringW, -, SHRegCloseUSKey, SHRegDeleteUSValueW, SHRegOpenUSKeyW, StrDupA, -, -, -, -, StrCmpW, StrCmpNW, -, -, -, -, PathUnquoteSpacesW, PathRemoveBlanksW, -, -, -, -, -, -, -, -, SHRegSetUSValueW, -, -, -, -, -, -, -, -, -, -, -, UrlGetPartW, StrStrW, StrChrIW, AssocGetPerceivedType, -, StrFormatByteSizeW, -, -, -, -, -, -, PathFindExtensionA, UrlCanonicalizeA, -, AssocIsDangerous, AssocCreate, -, PathUndecorateW, -, -, PathParseIconLocationW, -, -, -, PathCompactPathW, -, -, PathIsRelativeW, -, -, -, -, PathRemoveExtensionW, -, -, -, PathCommonPrefixW, UrlIsW, StrTrimW, -, PathAddBackslashW, SHQueryValueExA, StrCatBuffA, StrStrIA, PathFindFileNameA, StrCmpNIA, SHSetValueA, wnsprintfA, SHGetValueA, -, SHDeleteOrphanKeyA, PathRemoveFileSpecA, SHDeleteKeyA, SHDeleteValueA, -, SHDeleteValueW, -, -, -, StrToIntExW, -, -, -, -, UrlCombineW, -, UrlGetLocationW, StrToIntW, -, -, PathIsURLW, -, -, -, UrlHashW, StrRChrW, StrChrIA, -, -, -, -, wvnsprintfA, -, -, -, -, -, -, wvnsprintfW, SHOpenRegStream2W, -, -, -, -, PathIsPrefixW, PathSearchAndQualifyW, -, -, -, PathRenameExtensionW, -, -, -, -, -, -, -, -, -, -, StrTrimA, -, -, -, -, PathCombineA, PathGetArgsW, -, -, -, -, -, SHRegDuplicateHKey, -, -, -, -, -, -, -, StrRetToBufW, -, PathIsNetworkPathW, -, StrPBrkW, -, SHCreateStreamOnFileW, PathCompactPathExW, -, -, -, -, -, -, SHSkipJunction, -, -, AssocQueryKeyW, PathIsContentTypeW, UrlEscapeW, -, PathCanonicalizeW, UrlCreateFromPathW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, StrToIntExA, UrlUnescapeA, -, SHRegEnumUSValueW, UrlApplySchemeW, -, UrlIsNoHistoryW, StrCSpnW, StrSpnW, -, -, -, -, -, PathRemoveExtensionA, HashData, UrlUnescapeW, -, -, -, -, -, -, -, PathIsURLA, PathRemoveBackslashW, -, -, -, PathCreateFromUrlA, -, PathIsFileSpecW, PathIsDirectoryW, PathIsUNCW, SHAutoComplete, -, -, -, -, StrFormatKBSizeW, ChrCmpIW, -, -, SHRegGetValueW, -, StrRetToStrW, -, PathGetDriveNumberW, -, -, -, -, -, wnsprintfW, -, -, -, PathAppendW, -, -, -, PathFindExtensionW, PathFindFileNameW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHCreateShellPalette, -, -, SHSetValueW, SHGetValueW, StrCmpIW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, PathIsUNCServerShareW, PathStripToRootW, -, StrFromTimeIntervalW, -
> USER32.dll: IntersectRect, EndPaint, BeginPaint, IsChild, GetFocus, IsWindow, DestroyAcceleratorTable, GetKeyState, InvalidateRect, wsprintfW, SetFocus, GetParent, EndDialog, GetWindowLongA, IsWindowEnabled, SetCursor, SetForegroundWindow, SetRect, IsWindowVisible, GetLastActivePopup, GetCapture, GetMenuItemCount, TranslateMessage, ChildWindowFromPointEx, ScreenToClient, GetDlgCtrlID, IsDlgButtonChecked, EnableMenuItem, CheckMenuItem, GetMenuItemID, GetSubMenu, CheckDlgButton, CheckRadioButton, EnableWindow, GetDlgItem, GetDesktopWindow, RemoveMenu, GetMenuState, CreateMenu, MessageBeep, InflateRect, MoveWindow, PostQuitMessage, MapWindowPoints, GetDoubleClickTime, WaitMessage, GetAsyncKeyState, GetSystemMenu, CreatePopupMenu, SetParent, GetWindow, AdjustWindowRect, GetSysColor, GetNextDlgTabItem, CheckMenuRadioItem, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, MsgWaitForMultipleObjects, IsIconic, SetWindowPlacement, GetWindowPlacement, DdeCreateDataHandle, DdeDisconnect, DdeClientTransaction, DdeConnect, DdeFreeStringHandle, DdeUninitialize, DdeNameService, GetForegroundWindow, DdeFreeDataHandle, DdeGetData, CharLowerBuffA, RegisterWindowMessageA, CharNextA, GetActiveWindow, EnumWindows, ChildWindowFromPoint, SetMenuDefaultItem, GetMenuDefaultItem, GetSystemMetrics, SystemParametersInfoA, DrawIconEx, ChangeClipboardChain, SetClipboardViewer, CopyRect, IsRectEmpty, UpdateWindow, GetMessagePos, SetRectEmpty, CallNextHookEx, UnhookWindowsHookEx, GetWindowThreadProcessId, SetWindowLongA, SendMessageTimeoutA, IsHungAppWindow, LoadMenuA, LoadMenuW, InsertMenuA, InsertMenuW, DrawFocusRect, ShowWindowAsync, GetShellWindow, ReleaseCapture, SetCapture, GetWindowDC, TrackMouseEvent, GetCursorPos, CharNextW, RegisterClipboardFormatW, DrawTextExW, SendMessageW, SetWindowTextW, EqualRect, OffsetRect, SetWindowRgn, GetDC, ReleaseDC, UnionRect, PtInRect, SetTimer, GetSysColorBrush, FillRect, GetWindowRect, RedrawWindow, DestroyWindow, GetClientRect, AdjustWindowRectEx, SetWindowPos, KillTimer, ShowWindow, DestroyIcon, LoadStringA

( 28 exports )
AddUrlToFavorites, DllCanUnloadNow, DllGetClassObject, DllGetVersion, DllInstall, DllRegisterServer, DllRegisterWindowClasses, DllUnregisterServer, DoAddToFavDlg, DoAddToFavDlgW, DoFileDownload, DoFileDownloadEx, DoOrganizeFavDlg, DoOrganizeFavDlgW, DoPrivacyDlg, HlinkFindFrame, HlinkFrameNavigate, HlinkFrameNavigateNHL, IEWriteErrorLog, ImportPrivacySettings, OpenURL, SHAddSubscribeFavorite, SHGetIDispatchForFolder, SetQueryNetSessionCount, SetShellOfflineState, SoftwareUpdateMessageBox, URLQualifyA, URLQualifyW

Répondre à iceti76

iceti76, le 16 déc 2008 à 17:15:50

RESULTAT POUR C:\WINDOWS\system32\uniroyid.ini
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.17.0 2008.12.16 -
AntiVir 7.9.0.45 2008.12.16 -
Authentium 5.1.0.4 2008.12.16 -
Avast 4.8.1281.0 2008.12.16 -
AVG 8.0.0.199 2008.12.16 -
BitDefender 7.2 2008.12.16 -
CAT-QuickHeal 10.00 2008.12.16 -
ClamAV 0.94.1 2008.12.16 -
Comodo 760 2008.12.15 -
DrWeb 4.44.0.09170 2008.12.16 -
eSafe 7.0.17.0 2008.12.16 -
eTrust-Vet 31.6.6263 2008.12.16 -
Ewido 4.0 2008.12.16 -
F-Prot 4.4.4.56 2008.12.16 -
F-Secure 8.0.14332.0 2008.12.16 Vundo.FBW
Fortinet 3.117.0.0 2008.12.16 -
GData 19 2008.12.16 -
Ikarus T3.1.1.45.0 2008.12.16 -
K7AntiVirus 7.10.555 2008.12.16 -
Kaspersky 7.0.0.125 2008.12.16 -
McAfee 5465 2008.12.15 -
McAfee+Artemis 5465 2008.12.15 -
Microsoft 1.4205 2008.12.16 -
NOD32 3695 2008.12.16 -
Norman 5.80.02 2008.12.16 -
Panda 9.0.0.4 2008.12.15 -
PCTools 4.4.2.0 2008.12.16 -
Prevx1 V2 2008.12.16 -
Rising 21.08.12.00 2008.12.16 -
SecureWeb-Gateway 6.7.6 2008.12.16 -
Sophos 4.36.0 2008.12.16 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.16 -
TheHacker 6.3.1.4.189 2008.12.16 -
TrendMicro 8.700.0.1004 2008.12.16 -
VBA32 3.12.8.10 2008.12.16 -
ViRobot 2008.12.16.1521 2008.12.16 -
VirusBuster 4.5.11.0 2008.12.16 -
Information additionnelle
File size: 1571236 bytes
MD5...: 5a4dae80167968de1c4e9b4a6af4d847
SHA1..: 740d8f512d541b8346e8af30ea386ae8c813dc93
SHA256: 49de8d88617704a99db21574c192556dd9bde0b784473d19297128c994778adf
SHA512: 0528fbac0ef6fa8c3b180c3f880585e78d1fabd4b1d0d861ef04e7b9357c102b
f3bb0bb6809e5c2de9993c40538a3375073693b033bc2fa3269a21d5abdc6899
ssdeep: 24576:ckTf2r57n3UGn+KToBu+u4udTRz7E3WddmK:c0f2r57n3UGn+KToBubz7E
3GmK
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

Répondre à iceti76

iceti76, le 16 déc 2008 à 17:19:25

RESULTAT POUR C:\WINDOWS\system32\obavibut.tmp

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.17.0 2008.12.16 -
AntiVir 7.9.0.45 2008.12.16 -
Authentium 5.1.0.4 2008.12.16 -
Avast 4.8.1281.0 2008.12.16 -
AVG 8.0.0.199 2008.12.16 -
BitDefender 7.2 2008.12.16 -
CAT-QuickHeal 10.00 2008.12.16 -
ClamAV 0.94.1 2008.12.16 -
Comodo 760 2008.12.15 -
DrWeb 4.44.0.09170 2008.12.16 -
eSafe 7.0.17.0 2008.12.16 -
eTrust-Vet 31.6.6263 2008.12.16 -
Ewido 4.0 2008.12.16 -
F-Prot 4.4.4.56 2008.12.16 -
F-Secure 8.0.14332.0 2008.12.16 Vundo.FBW
Fortinet 3.117.0.0 2008.12.16 -
GData 19 2008.12.16 -
Ikarus T3.1.1.45.0 2008.12.16 -
K7AntiVirus 7.10.555 2008.12.16 -
Kaspersky 7.0.0.125 2008.12.16 -
McAfee 5465 2008.12.15 -
McAfee+Artemis 5465 2008.12.15 -
Microsoft 1.4205 2008.12.16 -
NOD32 3695 2008.12.16 -
Norman 5.80.02 2008.12.16 -
Panda 9.0.0.4 2008.12.15 -
PCTools 4.4.2.0 2008.12.16 -
Prevx1 V2 2008.12.16 -
Rising 21.08.12.00 2008.12.16 -
SecureWeb-Gateway 6.7.6 2008.12.16 -
Sophos 4.36.0 2008.12.16 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.16 -
TheHacker 6.3.1.4.189 2008.12.16 -
TrendMicro 8.700.0.1004 2008.12.16 -
VBA32 3.12.8.10 2008.12.16 -
ViRobot 2008.12.16.1521 2008.12.16 -
VirusBuster 4.5.11.0 2008.12.16 -
Information additionnelle
File size: 1453558 bytes
MD5...: 2a9e2a793942224f6cc408538aafdb98
SHA1..: 23be83667622cf934c94e37aadc8143f51cdc8d8
SHA256: 518e0a31011e6c73b9845fe47da047ed567ed26c94cb87056bd626c71c8f62fc
SHA512: 3c2446e39ab8cbe52c9f0f2dc4d194f2eb799e9b5feb2450e6ee8365711c4acc
c7d75bdf036c422193a3593f62241d81e04279daad0821587642ab6204ef7e1c
ssdeep: 24576:DWIGaGwmjKNy/hEdfgu14udZjpaz7E5Q0gG:DWIGaGwmjKNy/hEdYz7E5Q
VG
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

Répondre à iceti76

iceti76, le 16 déc 2008 à 17:24:44

RESULTAT POUR C:\WINDOWS\system32\ikosukut.ini
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.12.17.0 2008.12.16 -
AntiVir 7.9.0.45 2008.12.16 -
Authentium 5.1.0.4 2008.12.16 -
Avast 4.8.1281.0 2008.12.16 -
AVG 8.0.0.199 2008.12.16 -
BitDefender 7.2 2008.12.16 -
CAT-QuickHeal 10.00 2008.12.16 -
ClamAV 0.94.1 2008.12.16 -
Comodo 760 2008.12.15 -
DrWeb 4.44.0.09170 2008.12.16 -
eSafe 7.0.17.0 2008.12.16 -
eTrust-Vet 31.6.6263 2008.12.16 -
Ewido 4.0 2008.12.16 -
F-Prot 4.4.4.56 2008.12.16 -
Fortinet 3.117.0.0 2008.12.16 -
GData 19 2008.12.16 -
Ikarus T3.1.1.45.0 2008.12.16 -
K7AntiVirus 7.10.555 2008.12.16 -
Kaspersky 7.0.0.125 2008.12.16 -
McAfee 5465 2008.12.15 -
McAfee+Artemis 5465 2008.12.15 -
Microsoft 1.4205 2008.12.16 -
NOD32 3695 2008.12.16 -
Norman 5.80.02 2008.12.16 -
Panda 9.0.0.4 2008.12.15 -
PCTools 4.4.2.0 2008.12.16 -
Rising 21.08.12.00 2008.12.16 -
SecureWeb-Gateway 6.7.6 2008.12.16 -
Sophos 4.36.0 2008.12.16 -
Sunbelt 3.2.1801.2 2008.12.11 -
Symantec 10 2008.12.16 -
TheHacker 6.3.1.4.189 2008.12.16 -
TrendMicro 8.700.0.1004 2008.12.16 -
VBA32 3.12.8.10 2008.12.16 -
ViRobot 2008.12.16.1521 2008.12.16 -
VirusBuster 4.5.11.0 2008.12.16 -
Information additionnelle
File size: 1453559 bytes
MD5...: f7c2c0708276ba8185ab30e3481b965f
SHA1..: 228ed2c02c1641449e2c014594e8e1b3c8c7dd6f
SHA256: b38af9493388c8a0ce828648eea8a77a6bfa577e48e5fcc0c0bc019c3d4e124b
SHA512: e47478cb5384acf1877562b15d7bfdaeaae18aefd44b7b888f3725fc3b462678
1cec742e783061e54e42f4e896e28edf6bb331d823734fa0c4b9cdc2bca5b909
ssdeep: 12288:BiWIGaGwmjKNy/7o9wGuHrrKeLEdfgJLN2HYR3G0HprTkrQdL:EWIGaGwm
jKNy/hEdfgxo4w0HdzdL
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -

Répondre à iceti76

49 réponses 12 3 Suivant

Posez votre question Répondre