Actualité informatique
Test comparatif matériel informatique
Jeux vidéo
Astuces informatique
Vidéo
Télécharger
Services en ligne
Forum informatique
01Business

|-  SECURITE


|||-  

Bonne Annee !! Au secours : PC poussif [résolu]

 

Ajouter une réponse
 

 
Page photos
 
     
Vider la liste des messages à citer
 
 Page :
1
Auteur
 Sujet :

Bonne Annee !! Au secours : PC poussif [résolu]

Prévenir les modérateurs en cas d'abus 
jaku1
jaku1
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 02/01/2009 à 12:35:23  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Bonojur a tous et Bonne et heureuse annee.
 La mienne commence avec un PC lent et poussif. Qui porrait me faire la cadeau sympa d'un diagnostic. Mon hijack :

 Logfile of HijackThis v1.99.1
 Scan saved at 12:25:29, on 02/01/2009
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v8.00 (8.00.6001.18241)

 EDITION MODERATEUR : Règle du forum à respecter :

 Pas de rapport avant qu'il ne soit demandé !!!

 Veuillez lire l'article suivant :

 http://forum.telecharger.com/t [...] ges-1.html

 Merci d'en prendre connaissance.

 


 Merci par avance.
 J.

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 02/01/2009 à 13:33:23  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut jaku1


 Supprime cette vieille version de HJT, télécharge Hijackthis V 2.02 sur le bureau :

 http://www.trendsecure.com/por [...] nstall.exe


 - Double clique sur HJTInstall.exe sur le bureau

 - Clique sur Install ensuite sur I Accept

 - ferme toutes les fenêtres, HJT doit être exécuté seul (tout autre programme fermé).

 - double clique sur le raccourci d'HijackThis sur ton Bureau
 (Pour Vista, clique droit sur le raccourci d'HijackThis sur ton Bureau, puis "Exécuter en tant qu'administrateur".
 - et clique sur Do a system scan and save a logfile pour lancer le scan

 Quand le rapport apparaît dans le bloc note, allez dans Edition, puis Sélectionner Tout, le texte est alors sélectionné, retourne dans Edition toujours en laissant le texte sélectionné, et cliquez sur copier.

 Dans ta prochaine réponse, faire un clic droit et coller, je procéderai a son analyse.
 Ferme le bloc note et la fenêtre de HJT


 Aide : http://forum.telecharger.01net [...] ges-1.html


 @++   :)

(Publicité)
jaku1
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 02/01/2009 à 14:16:26  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Merci Dedetraque,

 J'ai obtenu ceci :

 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 14:14:37, on 02/01/2009
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v8.00 (8.00.6001.18241)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 C:\Program Files\Bonjour\mDNSResponder.ex​e
 C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
 C:\WINDOWS\System32\nvsvc32.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
 C:\Program Files\Apoint2K\Apoint.exe
 C:\WINDOWS\system32\TFNF5.exe
 C:\WINDOWS\system32\TPWRTRAY.E​XE
 C:\Program Files\Apoint2K\Apntex.exe
 C:\WINDOWS\system32\conime.exe
 C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
 C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
 C:\Program Files\Java\jre1.6.0_07\bin\jus​ched.exe
 C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
 C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
 C:\Program Files\QuickTime\QTTask.exe
 C:\Program Files\Common Files\Real\Update_OB\realsched​.exe
 C:\Program Files\Messenger\msmsgs.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
 C:\WINDOWS\system32\wuauclt.ex​e
 C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
 C:\Program Files\uTorrent\utorrent.exe
 C:\WINDOWS\explorer.exe
 C:\Program Files\Internet Explorer\iexplore.exe
 C:\Program Files\Internet Explorer\iexplore.exe
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e

 R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A636​60E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.​DLL
 R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a11​5230949} - C:\Program Files\free-downloads.net\tbfre​1.dll
 O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C091​46192CA} - C:\Program Files\Real\RealPlayer\rpbrowse​rrecordplugin.dll
 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7​942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv​.dll
 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF105​77473F7} - c:\program files\google\googletoolbar2.dl​l
 O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B​5AD205D} - C:\Program Files\Google\GoogleToolbarNoti​fier\2.0.301.7164\swg.dll
 O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a11​5230949} - C:\Program Files\free-downloads.net\tbfre​1.dll
 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-00902​7A5CD4F} - c:\program files\google\googletoolbar2.dl​l
 O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a11​5230949} - C:\Program Files\free-downloads.net\tbfre​1.dll
 O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD​80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
 O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
 O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
 O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
 O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
 O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.​Exe"
 O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
 O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
 O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
 O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMI​G.EXE" /Spoil /RemAdvDef /Migration32
 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMI​G.EXE
 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTL​GNT\ImScInst.exe" /SYNC
 O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTL​GNT\TINTSETP.EXE" /SYNC
 O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTL​GNT\TINTSETP.EXE" /IMEName
 O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.ex​e
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
 O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched​.exe"  -osboot
 O4 - HKLM\..\Run: [Canal Widget] "c:\Program Files\Canal\Canal Widget\Launcher.exe"
 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAA​D.exe
 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
 O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
 O4 - HKCU\..\Run: [Livestation] C:\Program Files\Livestation\Livestation.​exe -startup
 O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Off​ice10\EXCEL.EXE/3000
 O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INT​EGRATION_MENU_SEARCHEXT
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv​.dll
 O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D360​5EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.​EXE
 O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D360​5EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.​EXE
 O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4​F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.​EXE
 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F​0318AFE} - C:\WINDOWS\System32\Shdocvw.dl​l
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
 O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O15 - Trusted Zone: *.canalplay.com (HKLM)
 O15 - Trusted Zone: *.canalplusactive.com (HKLM)
 O15 - ESC Trusted Zone: http://*.update.microsoft.com
 O16 - DPF: {17492023-C23A-453E-A040-C7C58​0BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4​f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelpe​r.dll
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04​F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840 [...] scan53.cab
 O16 - DPF: {80DD2229-B8E4-4C77-B72F-F2297​2D723EA} - http://www.inoculer.com/antivi [...] fender.cab
 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
 O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\System32\aspimgr.ex​e (file missing)
 O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.ex​e
 O23 - Service: CanalPlus.VOD - Canal+ Active - c:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\115​0\Intel 32\IDriverT.exe
 O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
 O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
 O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.ex​e
 O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe (file missing)
 O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
 O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

 --
 End of file - 10021 bytes

 C'est grave docteur ?

 J.

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 02/01/2009 à 14:26:17  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut jaku1


 Rien de concret, télécharge RSIT (de random/random) sur le bureau ici :
 http://images.malwareremoval.com/random/RSIT.exe

 - Double clique sur RSIT.exe qui est sur le bureau
 - Clique sur Continue dans la fenêtre
 - RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
 - Poste le contenue des deux rapports, log.txt et info.txt à la fin de l’analyse


 -----

 Télécharge Toolbar-S&D (de la Team IDN) sur ton Bureau.

 http://eric.71.mespages.google [...] lBarSD.exe

 - Double clique l’icône ToolBar S&D sur le bureau
 - Choisi F pour français et valide
 - Au menu principal de ToolBar S&D choisi l’option 1 (Recherche)
 - Le menu Démarrer et les icônes vont disparaîtrent, c'est normal
 - La recherche s'effectue, cela peut prendre plusieurs minutes, ne touche à rien.
 - Une fois l'analyse terminée, le rapport de recherche s'ouvre dans le Bloc-Note. (Dans le cas où le rapport ne s'ouvre pas, ce dernier se trouve sur C:\TB.txt)


 Copier/coller le rapport dans ton prochain poste


 @++  :)

jaku1
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 02/01/2009 à 14:39:24  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 

 Salut,

 Voila les 3 fichiers demandes :

 log.txt :

 Logfile of random's system information tool 1.05 (written by random/random)
 Run by Jean-Francois at 2009-01-02 14:29:10
 Microsoft Windows XP Home Edition Service Pack 2
 System drive C: has 610 MB (3%) free of 19 GB
 Total RAM: 511 MB (35% free)

 Logfile of Trend Micro HijackThis v2.0.2
 Scan saved at 14:29:15, on 02/01/2009
 Platform: Windows XP SP2 (WinNT 5.01.2600)
 MSIE: Internet Explorer v8.00 (8.00.6001.18241)
 Boot mode: Normal

 Running processes:
 C:\WINDOWS\System32\smss.exe
 C:\WINDOWS\system32\winlogon.e​xe
 C:\WINDOWS\system32\services.e​xe
 C:\WINDOWS\system32\lsass.exe
 C:\WINDOWS\system32\svchost.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\WINDOWS\system32\spoolsv.ex​e
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 C:\Program Files\Bonjour\mDNSResponder.ex​e
 C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
 C:\WINDOWS\System32\nvsvc32.ex​e
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
 C:\WINDOWS\System32\svchost.ex​e
 C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
 C:\Program Files\Apoint2K\Apoint.exe
 C:\WINDOWS\system32\TFNF5.exe
 C:\WINDOWS\system32\TPWRTRAY.E​XE
 C:\Program Files\Apoint2K\Apntex.exe
 C:\WINDOWS\system32\conime.exe
 C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
 C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
 C:\Program Files\Java\jre1.6.0_07\bin\jus​ched.exe
 C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
 C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
 C:\Program Files\QuickTime\QTTask.exe
 C:\Program Files\Common Files\Real\Update_OB\realsched​.exe
 C:\Program Files\Messenger\msmsgs.exe
 C:\WINDOWS\system32\ctfmon.exe
 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe
 C:\WINDOWS\system32\wuauclt.ex​e
 C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
 C:\WINDOWS\explorer.exe
 C:\Program Files\Internet Explorer\iexplore.exe
 C:\Program Files\Internet Explorer\iexplore.exe
 F:\Softwares\RSIT.exe
 C:\Program Files\Trend Micro\HijackThis\Jean-Francois​.exe

 R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A636​60E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.​DLL
 R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a11​5230949} - C:\Program Files\free-downloads.net\tbfre​1.dll
 O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C091​46192CA} - C:\Program Files\Real\RealPlayer\rpbrowse​rrecordplugin.dll
 O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7​942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
 O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF​1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv​.dll
 O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF105​77473F7} - c:\program files\google\googletoolbar2.dl​l
 O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B​5AD205D} - C:\Program Files\Google\GoogleToolbarNoti​fier\2.0.301.7164\swg.dll
 O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a11​5230949} - C:\Program Files\free-downloads.net\tbfre​1.dll
 O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-00902​7A5CD4F} - c:\program files\google\googletoolbar2.dl​l
 O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a11​5230949} - C:\Program Files\free-downloads.net\tbfre​1.dll
 O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD​80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
 O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" NvQTwk,NvCplDaemon initialize
 O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /installquiet
 O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
 O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
 O4 - HKLM\..\Run: [TouchED] "C:\Program Files\TOSHIBA\TouchED\TouchED.​Exe"
 O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
 O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
 O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
 O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMI​G.EXE" /Spoil /RemAdvDef /Migration32
 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMI​G.EXE
 O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\System32\IME\PINTL​GNT\ImScInst.exe" /SYNC
 O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTL​GNT\TINTSETP.EXE" /SYNC
 O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTL​GNT\TINTSETP.EXE" /IMEName
 O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.ex​e
 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jus​ched.exe"
 O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
 O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
 O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched​.exe"  -osboot
 O4 - HKLM\..\Run: [Canal Widget] "c:\Program Files\Canal\Canal Widget\Launcher.exe"
 O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
 O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~2\SsAA​D.exe
 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
 O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
 O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
 O4 - HKCU\..\Run: [CanalPlayer] C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe
 O4 - HKCU\..\Run: [Livestation] C:\Program Files\Livestation\Livestation.​exe -startup
 O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ?
 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Off​ice10\EXCEL.EXE/3000
 O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INT​EGRATION_MENU_SEARCHEXT
 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv​.dll
 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401​C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv​.dll
 O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D360​5EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.​EXE
 O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D360​5EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.​EXE
 O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4​F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.​EXE
 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F​0318AFE} - C:\WINDOWS\System32\Shdocvw.dl​l
 O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
 O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB​36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04​F795683} - C:\Program Files\Messenger\msmsgs.exe
 O15 - Trusted Zone: *.canalplay.com (HKLM)
 O15 - Trusted Zone: *.canalplusactive.com (HKLM)
 O15 - ESC Trusted Zone: http://*.update.microsoft.com
 O16 - DPF: {17492023-C23A-453E-A040-C7C58​0BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
 O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4​f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelpe​r.dll
 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04​F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840 [...] scan53.cab
 O16 - DPF: {80DD2229-B8E4-4C77-B72F-F2297​2D723EA} - http://www.inoculer.com/antivi [...] fender.cab
 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
 O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\System32\aspimgr.ex​e (file missing)
 O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.ex​e
 O23 - Service: CanalPlus.VOD - Canal+ Active - c:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe
 O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe
 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\115​0\Intel 32\IDriverT.exe
 O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
 O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
 O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.ex​e
 O23 - Service: RdnaoFlSvc - Unknown owner - C:\Program Files\rnamfler\naofsvc.exe (file missing)
 O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
 O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

 --
 End of file - 10007 bytes

 ======Scheduled tasks folder======

 C:\WINDOWS\tasks\1 Copernic Intra-Daily ~YOUR-Q94BJVTL0R Jean-Francois.job
 C:\WINDOWS\tasks\2 Copernic Daily ~YOUR-Q94BJVTL0R Jean-Francois.job
 C:\WINDOWS\tasks\3 Copernic Weekly ~YOUR-Q94BJVTL0R Jean-Francois.job
 C:\WINDOWS\tasks\4 Copernic Monthly ~YOUR-Q94BJVTL0R Jean-Francois.job
 C:\WINDOWS\tasks\AppleSoftware​Update.job
 C:\WINDOWS\tasks\At1.job
 C:\WINDOWS\tasks\At10.job
 C:\WINDOWS\tasks\At11.job
 C:\WINDOWS\tasks\At12.job
 C:\WINDOWS\tasks\At13.job
 C:\WINDOWS\tasks\At14.job
 C:\WINDOWS\tasks\At15.job
 C:\WINDOWS\tasks\At16.job
 C:\WINDOWS\tasks\At17.job
 C:\WINDOWS\tasks\At18.job
 C:\WINDOWS\tasks\At19.job
 C:\WINDOWS\tasks\At2.job
 C:\WINDOWS\tasks\At20.job
 C:\WINDOWS\tasks\At21.job
 C:\WINDOWS\tasks\At22.job
 C:\WINDOWS\tasks\At23.job
 C:\WINDOWS\tasks\At24.job
 C:\WINDOWS\tasks\At3.job
 C:\WINDOWS\tasks\At4.job
 C:\WINDOWS\tasks\At5.job
 C:\WINDOWS\tasks\At6.job
 C:\WINDOWS\tasks\At7.job
 C:\WINDOWS\tasks\At8.job
 C:\WINDOWS\tasks\At9.job
 C:\WINDOWS\tasks\User_Feed_Syn​chronization-{5E8EFA59-067B-48​A7-8868-9BCEFD962138}.job

 ======Registry dump======

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
 RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowse​rrecordplugin.dll [2008-05-25 308856]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
 Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-01-28 1554256]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
 SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv​.dll [2008-06-10 509328]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
 Google Toolbar Helper - c:\program files\google\googletoolbar2.dl​l [2007-08-15 2403392]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
 Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNoti​fier\2.0.301.7164\swg.dll [2007-08-15 325048]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
 free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre​1.dll [2008-05-17 1470488]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Toolbar]
 {2318C2B1-4965-11d4-9B18-00902​7A5CD4F} - &Google - c:\program files\google\googletoolbar2.dl​l [2007-08-15 2403392]
 {ecdee021-0d17-467f-a1ff-c7a11​5230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfre​1.dll [2008-05-17 1470488]
 {F2E259E8-0FC8-438C-A6E0-342DD​80FA53E} - Copernic Agent - C:\Program Files\Copernic Agent\CopernicAgentExt.dll [2004-12-02 1142744]

 [HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Run]
 "NvCplDaemon"=NvQTwk []
 "nwiz"=nwiz.exe /installquiet []
 "Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2002-07-15 126976]
 "TFNF5"=C:\WINDOWS\system32\TF​NF5.exe [2001-08-03 73728]
 "TouchED"=C:\Program Files\TOSHIBA\TouchED\TouchED.​Exe [2002-07-31 126976]
 "Tpwrtray"=C:\WINDOWS\system32​\TPWRTRAY.EXE [2002-03-20 217088]
 "TFncKy"=TFncKy.exe /Type 20 []
 "TosHKCW.exe"=C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe [2002-01-23 49152]
 "IMJPMIG8.1"=C:\WINDOWS\IME\im​jp8_1\IMJPMIG.EXE [2004-08-04 208952]
 "IMEKRMIG6.1"=C:\WINDOWS\ime\i​mkr6_1\IMEKRMIG.EXE [2001-08-18 44032]
 "MSPY2002"=C:\WINDOWS\System32​\IME\PINTLGNT\ImScInst.exe [2002-08-29 59392]
 "PHIME2002ASync"=C:\WINDOWS\Sy​stem32\IME\TINTLGNT\TINTSETP.E​XE [2002-08-29 455168]
 "PHIME2002A"=C:\WINDOWS\System​32\IME\TINTLGNT\TINTSETP.EXE [2002-08-29 455168]
 "ezShieldProtector for Px"=C:\WINDOWS\System32\ezSP_P​x.exe []
 "SunJavaUpdateSched"=C:\Progra​m Files\Java\jre1.6.0_07\bin\jus​ched.exe [2008-06-10 144784]
 "Autoconfigurateur WiFi Neuf"=C:\Program Files\Neuf\Kit\WiFi\9wifi.exe [2007-04-23 181752]
 "SMSTray"=C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe [2007-02-23 126976]
 "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-18 266497]
 "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
 "TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched​.exe [2008-05-25 185896]
 "Canal Widget"=c:\Program Files\Canal\Canal Widget\Launcher.exe [2008-12-28 105528]

 [HKEY_CURRENT_USER\Software\Mic​rosoft\Windows\CurrentVersion\​Run]
 "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
 "ctfmon.exe"=C:\WINDOWS\system​32\ctfmon.exe [2004-08-04 15360]
 "SsAAD.exe"=C:\PROGRA~1\Sony\S​ONICS~2\SsAAD.exe [2006-05-08 81920]
 "Skype"=C:\Program Files\Skype\Phone\Skype.exe /nosplash /minimized []
 "NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]
 "SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-01-28 2097488]
 "CanalPlayer"=C:\Program Files\Lecteur CANALPLAY\CanalPlayer.exe []
 "Livestation"=C:\Program Files\Livestation\Livestation.​exe [2008-10-02 1789952]

 C:\Documents and Settings\All Users\Start Menu\Programs\Startup
 WG111v2 Smart Wizard Wireless Setting.lnk - C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Explorer\ShellExecuteHooks]
 "{88485281-8b4b-4f8d-9ede-82e2​9a064277}"=C:\PROGRA~1\MarkAny​\CONTEN~1\MACSMA~1.DLL [2004-11-23 192512]
 "{650CA63D-4A01-4BF8-A608-9B1E​BB36292E}"=C:\WINDOWS\System32​\pRDfOMpJ.dll []

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\Lsa]
 "authentication packages"=msv1_0
 C:\WINDOWS\System32\ursrp.dll

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\AVG Anti-Spyware Driver]

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\AVG Anti-Spyware Guard]

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\network\AVG Anti-Spyware Driver]

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\network\AVG Anti-Spyware Guard]

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\network\UploadMgr]

 [HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Policies\System]
 "dontdisplaylastusername"=0
 "legalnoticecaption"=
 "legalnoticetext"=
 "shutdownwithoutlogon"=1
 "undockwithoutlogon"=1

 [HKEY_CURRENT_USER\Software\Mic​rosoft\Windows\CurrentVersion\​Policies\explorer]
 "NoDriveTypeAutoRun"=145

 [HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Windows\CurrentVersion​\Policies\explorer]
 "NoDriveAutoRun"=
 "NoDriveTypeAutoRun"=

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\services\shareda​ccess\parameters\firewallpolic​y\standardprofile\authorizedap​plications\list]
 "C:\Program Files\uTorrent\utorrent.exe"="​C:\Program Files\uTorrent\utorrent.exe:*:​Enabled:μTorrent"

 [HKEY_LOCAL_MACHINE\system\curr​entcontrolset\services\shareda​ccess\parameters\firewallpolic​y\domainprofile\authorizedappl​ications\list]
 "%windir%\system32\sessmgr.exe​"="%windir%\system32\sessmgr.e​xe:*:enabled:@xpsp2res.dll,-22​019"

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{68336f0​3-6397-11db-9363-00038a000015}​]
 shell\AutoRun\command - E:\LaunchU3.exe -a


 ======List of files/folders created in the last 1 months======

 2009-01-02 14:29:10 ----D---- C:\rsit
 2009-01-02 14:13:58 ----D---- C:\Program Files\Trend Micro
 2008-12-31 18:30:29 ----A---- C:\WINDOWS\system32\vfwwdm32.d​ll
 2008-12-30 21:08:23 ----D---- C:\Program Files\GIBCOM
 2008-12-30 21:08:09 ----A---- C:\WINDOWS\system32\FM20FRA.DL​L
 2008-12-30 20:59:47 ----D---- C:\Program Files\MP3Gain
 2008-12-06 17:59:56 ----D---- C:\downloads
 2008-12-06 17:59:56 ----D---- C:\Documents and Settings\Jean-Francois\Applica​tion Data\GrabPro
 2008-12-06 17:59:45 ----D---- C:\Documents and Settings\Jean-Francois\Applica​tion Data\Orbit
 2008-12-06 17:54:53 ----D---- C:\Program Files\IVCsoft

 ======List of files/folders modified in the last 1 months======

 2009-01-02 14:29:08 ----D---- C:\WINDOWS\Prefetch
 2009-01-02 14:13:58 ----RD---- C:\Program Files
 2009-01-02 14:11:56 ----D---- C:\Documents and Settings\Jean-Francois\Applica​tion Data\uTorrent
 2009-01-02 12:45:35 ----A---- C:\WINDOWS\NeroDigital.ini
 2009-01-02 11:51:00 ----D---- C:\Program Files\Mozilla Firefox
 2009-01-02 10:43:03 ----D---- C:\WINDOWS\Temp
 2009-01-02 10:41:21 ----D---- C:\WINDOWS\system32\CatRoot2
 2009-01-02 01:00:00 ----A---- C:\WINDOWS\SchedLgU.Txt
 2009-01-01 22:29:10 ----SHD---- C:\WINDOWS\Installer
 2009-01-01 22:29:10 ----D---- C:\Config.Msi
 2009-01-01 10:11:29 ----D---- C:\WINDOWS
 2008-12-31 22:05:54 ----D---- C:\Program Files\eMule
 2008-12-31 20:57:10 ----D---- C:\WINDOWS\system32\drivers
 2008-12-31 20:57:08 ----D---- C:\WINDOWS\system32
 2008-12-31 18:30:56 ----HD---- C:\WINDOWS\inf
 2008-12-30 21:37:45 ----A---- C:\WINDOWS\ODBC.INI
 2008-12-30 21:37:42 ----A---- C:\WINDOWS\ODBCINST.INI
 2008-12-30 21:08:07 ----HD---- C:\Program Files\InstallShield Installation Information
 2008-12-30 21:07:31 ----A---- C:\WINDOWS\NAVIGMA.INI
 2008-12-15 07:49:45 ----D---- C:\Program Files\Zattoo
 2008-12-06 16:55:46 ----RSD---- C:\WINDOWS\assembly
 2008-12-06 16:53:52 ----D---- C:\WINDOWS\system32\DirectX

 ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 R1 avgntdd;avgntdd; C:\WINDOWS\SYSTEM32\DRIVERS\av​gntdd.sys [2008-07-18 45376]
 R1 avipbb;avipbb; C:\WINDOWS\System32\DRIVERS\av​ipbb.sys [2008-11-26 75072]
 R1 FsVga;FsVga; C:\WINDOWS\System32\DRIVERS\fs​vga.sys [2001-08-18 12160]
 R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fw​drv.sys [2006-07-18 284184]
 R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\in​telppm.sys [2004-08-04 36096]
 R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\kh​ips.sys [2006-07-18 91672]
 R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\pr​odrv06.sys [2004-08-09 53920]
 R1 ssmdrv;ssmdrv; C:\WINDOWS\System32\DRIVERS\ss​mdrv.sys [2007-03-01 28352]
 R2 EAPPkt;Realtek EAPPkt Protocol; C:\WINDOWS\System32\DRIVERS\EA​PPkt.sys [2005-04-01 66048]
 R2 irda;IrDA Protocol; C:\WINDOWS\System32\DRIVERS\ir​da.sys [2004-08-04 87424]
 R2 tmcomm;tmcomm; \??\C:\WINDOWS\System32\driver​s\tmcomm.sys []
 R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\WINDOWS\System32\DRIVERS\Ap​filtr.sys [2002-05-16 63501]
 R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\System32\DRIVERS\Cm​Batt.sys [2004-08-04 14080]
 R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e1​00b325.sys [2001-11-16 119808]
 R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hi​dusb.sys [2001-08-17 9600]
 R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mo​uhid.sys [2001-08-17 12160]
 R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv​4_mini.sys [2002-04-18 911661]
 R3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PC​ASp50.sys [2005-11-19 20096]
 R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\ra​sirda.sys [2001-08-17 19584]
 R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\wg​111v2.sys [2006-03-16 167808]
 R3 SjyPkt;SjyPkt; \??\C:\WINDOWS\System32\Driver​s\SjyPkt.sys []
 R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\sm​cirda.sys [2001-09-11 38425]
 R3 TOSHIBASoftModem;TOSHIBA Software Modem; C:\WINDOWS\System32\DRIVERS\LT​SM.sys [2001-09-26 799816]
 R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\us​bhub.sys [2004-08-04 57600]
 R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\US​BSTOR.SYS [2004-08-04 26496]
 R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\us​buhci.sys [2004-08-04 20480]
 R3 WDM_YAMAHAAC97;YAMAHA AC-XG Audio Device; C:\WINDOWS\system32\drivers\ya​cxgc.sys [2002-07-25 202880]
 S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac​97intc.sys [2001-08-17 96256]
 S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\ar​p1394.sys [2004-08-04 60800]
 S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CC​DECODE.sys [2004-08-04 17024]
 S3 gmer;gmer; C:\WINDOWS\System32\DRIVERS\gm​er.sys [2008-02-16 85713]
 S3 hcw95bda;Hauppauge MOD7700 Tuner Driver; C:\WINDOWS\System32\Drivers\hc​w95bda.sys [2008-09-09 562176]
 S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MP​E.sys [2004-08-04 15360]
 S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MS​TEE.sys [2004-08-04 5504]
 S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NA​BTSFEC.sys [2004-08-04 85376]
 S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\Nd​isIP.sys [2004-08-04 10880]
 S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\ni​c1394.sys [2004-08-04 61824]
 S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCAMPR​5.SYS []
 S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\System32\PCANDI​S5.SYS []
 S3 pciSd;pciSd; C:\WINDOWS\System32\DRIVERS\to​ssdpci.sys [2002-01-07 15111]
 S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SL​IP.sys [2004-08-04 11136]
 S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\St​reamIP.sys [2004-08-04 15360]
 S3 tsdhd;TOSHIBA SD Card Host Controller Driver; C:\WINDOWS\System32\DRIVERS\ts​dhd.sys [2002-04-04 23392]
 S3 USB_RNDIS;AOLbox; C:\WINDOWS\System32\DRIVERS\us​b8023.sys [2004-08-04 12672]
 S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\us​bscan.sys [2004-08-04 15104]
 S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\System32\DRIVERS\wa​natw4.sys []
 S3 wlluc48;Wireless LAN PC Card Driver; C:\WINDOWS\System32\DRIVERS\wl​luc48.sys [2002-08-29 154624]
 S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wp​dusb.sys [2005-01-28 18944]
 S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WS​TCODEC.SYS [2004-08-04 19328]

 ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
 R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
 R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe [2008-10-01 116040]
 R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.ex​e [2008-08-29 238888]
 R2 Irmon;Infrared Monitor; C:\WINDOWS\System32\svchost.ex​e [2004-08-04 14336]
 R2 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2006-07-18 1205784]
 R2 NVSvc;NVIDIA Driver Helper Service; C:\WINDOWS\System32\nvsvc32.ex​e [2002-04-18 61440]
 R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\System32\wdfmgr.exe [2005-01-28 38912]
 S2 aspimgr;Microsoft ASPI Manager; C:\WINDOWS\System32\aspimgr.ex​e []
 S2 CanalPlus.VOD;CanalPlus.VOD; c:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2008-12-28 61440]
 S2 RdnaoFlSvc;RdnaoFlSvc; C:\Program Files\rnamfler\naofsvc.exe []
 S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Frame​work\v2.0.50727\aspnet_state.e​xe [2005-09-23 29896]
 S3 clr_optimization_v2.0.50727_32​;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Frame​work\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
 S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.e​xe [2007-08-15 138168]
 S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\115​0\Intel 32\IDriverT.exe [2005-11-14 69632]
 S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2006-04-27 53337]
 S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2006-04-27 69718]
 S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2006-05-08 69632]
 S4 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2006-04-27 49241]

 -----------------EOF----------​-------


 Puis info.txt :

 info.txt logfile of random's system information tool 1.05 2009-01-02 14:29:28

 ======Uninstall list======

 -->C:\Program Files\Common Files\Real\Update_OB\r1puninst​.exe RealNetworks|RealPlayer|6.0
 -->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
 -->Dummy
 -->rundll32.exe setupapi.dll,InstallHinfSectio​n DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
 μTorrent-->"C:\Program Files\uTorrent\uninstall.exe"
 Acoustica CD Label Maker 1.10-->C:\PROGRA~1\ACOUST~1\UN​WISE.EXE C:\PROGRA~1\ACOUST~1\INSTALL.L​OG
 Ad-Aware SE Personal-->C:\PROGRA~1\Lavasof​t\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\​INSTALL.LOG
 Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Ado​be AIR Updater.exe -arp:uninstall
 Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC​7E13DB92E}
 Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\​Macromed\Flash\FlashUtil9b.exe -uninstallDelete
 Adobe Flash Player ActiveX-->C:\WINDOWS\System32\​Macromed\Flash\uninstall_activ​eX.exe
 Adobe Reader Japanese Fonts-->MsiExec.exe /I{AC76BA86-7AD7-5760-0000-705​000000001}
 Adobe Shockwave Player 11-->C:\WINDOWS\System32\adobe​\SHOCKW~1\UNWISE.EXE C:\WINDOWS\System32\Adobe\SHOC​KW~1\Install.log
 ALPS Touch Pad Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA​5-B483-143980AFD6FD}\setup.exe​" UNINSTALL
 Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF8​95E28F2E6}
 Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F4​95BE32033}
 Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
 Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
 Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
 AxCrypt (Remove Only)-->"C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
 Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{40EF8CEA-ACC4-4C03-824C-55A​F8B8EAAE6}
 Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15​DDC5B0959}
 BSPlayer-->"C:\Program Files\Webteh\BSplayerPro\unins​tall.exe"
 CANAL WIDGET-->MsiExec.exe /X{04DA096D-6236-4A5D-8FB6-308​1E67009BA}
 Copernic Agent Professional-->"C:\WINDOWS\Cop​ernicAgentUninstall.exe"  /ARGSFILE="C:\Program Files\Copernic Agent\unwise.dat"
 CoupeFichier 1.1-->"C:\Program Files\CoupeFichier\uninstall.e​xe"
 eMule-->"C:\Program Files\eMule\Uninstall.exe"
 foobar2000-->"C:\Program Files\foobar2000\uninstall.exe​"
 Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
 free-downloads.net Toolbar-->C:\PROGRA~1\FREE-D~1​.NET\UNWISE.EXE C:\PROGRA~1\FREE-D~1.NET\INSTA​LL.LOG
 Galswin-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\Ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{F131DCE7-7D20-11D​5-BC42-00A0C9E23766}\setup.exe​"
 Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C​4EF0CFA29}
 Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dl​l"
 HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e" /uninstall
 Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUn​installKB952287$\spuninst\spun​inst.exe"
 Intel(R) PRO Ethernet Adapter and Software-->Prounstl.exe
 InterVideo WinDVD 4-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B​8-A172-74842B764777}\setup.exe​" REMOVEALL
 iWizz-->C:\Program Files\iWizz\uninstall.exe
 iWizz-->C:\Program Files\iWizz\uninstall.exe
 J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B​0D0150110}
 J2SE Runtime Environment 5.0 Update 9-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B​0D0150090}
 Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B​0D0160020}
 Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B​0D0160070}
 KC Softwares KFK-->"C:\Program Files\KC Softwares\KFK\unins000.exe"
 K-Lite Codec Pack 2.77 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
 Lame ACM MP3 Codec-->"C:\WINDOWS\IFinst26.e​xe" -UC:\Program Files\Lame MP3 Codec\IFU153.inf
 Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stun​inst.exe
 Lecteur Windows Media?10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
 Livestation-->MsiExec.exe /X{EED949A1-E2FC-442C-B5F6-C79​4F05E74DD}
 Mario Forever v 2.16 !-->C:\Program Files\Mario\UnMario.exe
 Micro Application - KIPULKAI The legend of the 3 Masks-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\Ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{129AB175-D071-4D0​6-A6C2-A13E4375F33C}\Setup.exe​" -remove
 Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Micro​soft.NET\Framework\v1.1.4322\U​pdates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Fram​ework\v1.1.4322\Updates\M92836​6\M928366Uninstall.msp"
 Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52E​AE172A1}
 Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F5​2EAE172A1}
 Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET​\Framework\v2.0.50727\Microsof​t .NET Framework 2.0\install.exe
 Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-005​0048383C9}
 Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B25​85E8E76B7}
 Mortimer Beckett And The Time Paradox FINAL 1.00-->C:\Program Files\Games\Mortimer Beckett And The Time Paradox FINAL\Uninstall.exe
 Mozilla Firefox (2.0.0.18)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
 MP3 Sound Cutter 1.40-->C:\PROGRA~1\MP3CUT~1\UN​WISE.EXE C:\PROGRA~1\MP3CUT~1\INSTALL.L​OG
 mp3DirectCut 2.03-->"C:\Program Files\mp3DirectCut\uninstall.e​xe"
 MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-696​9D703A9EF}
 MTP Porting Kit-->MsiExec.exe /I{353B1E6D-7073-4450-8C80-699​BD8FCFB49}
 Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNN​ERO.exe /UNINSTALL
 Network Device Switch 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\Ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{364F2A4B-C161-4E2​C-8627-1440BC2E8030}\Setup.exe​"
 Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
 Neuf Giga Drive v2.8.0-->"C:\Program Files\Neuf\Neuf Giga Drive\unins000.exe"
 NVIDIA Windows 2000/XP Display Drivers-->rundll32.exe C:\WINDOWS\System32\nvinstnt.d​ll,NvUninstallNT4 nvts.inf
 OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
 OpenMG AAC Add-on Module 1.0.00-->C:\PROGRA~1\COMMON~1\​INSTAL~1\Driver\1150\INTEL3~1\​IDriver.exe /M{23BE930B-6AC4-4D0D-B5C3-030​62A2BF2A3} UNINSTALL
 OpenMG Limited Patch 4.5-06-05-12-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4​.5-06-05-12-01\HotFixSetup\set​up.exe /u
 OpenMG Secure Module 4.5.01-->C:\PROGRA~1\COMMON~1\​INSTAL~1\Driver\1150\INTEL3~1\​IDriver.exe /M{3633BA28-67CE-4AC8-A677-340​6CA84C3D8} UNINSTALL
 OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3​F6C885FB9}
 PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
 QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C1​4D24602DB}
 RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst​.exe RealNetworks|RealPlayer|6.0
 RSSOwl-->C:\Program Files\RSSOwl\Uninstall.exe
 Samsung Media Studio-->C:\Program Files\InstallShield Installation Information\{C20CE592-B0F8-4D2​0-BF31-0151CA6331A6}\Setup.exe -runfromtemp -l0x0011 -removeonly
 Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUn​installKB898458$\spuninst\spun​inst.exe"
 Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUn​installKB923723$\spuninst\spun​inst.exe"
 Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUn​installKB911564$\spuninst\spun​inst.exe"
 Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUn​installKB917734_WMP10$\spunins​t\spuninst.exe"
 Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUn​installKB936782_WMP10$\spunins​t\spuninst.exe"
 Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUn​installKB925398_WMP64$\spunins​t\spuninst.exe"
 Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUn​installKB890046$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUn​installKB893756$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUn​installKB896358$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUn​installKB896423$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB896424)-->"C:\WINDOWS\$NtUn​installKB896424$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUn​installKB896428$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUn​installKB899587$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUn​installKB899591$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUn​installKB900725$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUn​installKB901017$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB901190)-->"C:\WINDOWS\$NtUn​installKB901190$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUn​installKB901214$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUn​installKB902400$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB904706)-->"C:\WINDOWS\$NtUn​installKB904706$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUn​installKB905414$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUn​installKB905749$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUn​installKB908519$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUn​installKB911562$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUn​installKB911927$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUn​installKB912919$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUn​installKB913580$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUn​installKB914388$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUn​installKB914389$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUn​installKB917344$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUn​installKB917422$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUn​installKB917953$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUn​installKB918118$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUn​installKB919007$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUn​installKB920213$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUn​installKB920670$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUn​installKB920683$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUn​installKB920685$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB921398)-->"C:\WINDOWS\$NtUn​installKB921398$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUn​installKB921883$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUn​installKB922616$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUn​installKB922819$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUn​installKB923191$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUn​installKB923414$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUn​installKB923689$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUn​installKB923980$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUn​installKB924191$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUn​installKB924270$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUn​installKB924496$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUn​installKB924667$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUn​installKB925902$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUn​installKB926255$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUn​installKB926436$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUn​installKB927779$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUn​installKB927802$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUn​installKB928255$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUn​installKB928843$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUn​installKB929123$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUn​installKB930178$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUn​installKB931261$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUn​installKB931784$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUn​installKB932168$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUn​installKB933729$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUn​installKB935839$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUn​installKB935840$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB936021)-->"C:\WINDOWS\$NtUn​installKB936021$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUn​installKB938464$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUn​installKB941569$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB941693)-->"C:\WINDOWS\$NtUn​installKB941693$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUn​installKB943055$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUn​installKB943460$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUn​installKB943485$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUn​installKB944653$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUn​installKB945553$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUn​installKB946026$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUn​installKB946648$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB948590)-->"C:\WINDOWS\$NtUn​installKB948590$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUn​installKB950749$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUn​installKB950762$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUn​installKB950974$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUn​installKB951066$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$N​tUninstallKB951376-v2$\spunins​t\spuninst.exe"
 Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUn​installKB951698$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUn​installKB951748$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUn​installKB952954$\spuninst\spun​inst.exe"
 Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUn​installKB953839$\spuninst\spun​inst.exe"
 SLD Codec Pack-->C:\Program Files\SLD Codec Pack\uninstall.exe
 SonicStage 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​PROFES~1\RunTime\10\01\Intel32​\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E​6-879D-33D4B2102610}\setup.exe​" -l0x9 UNINSTALL -removeonly
 SonicStage Simple Burner 1.1-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\Ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{2A0E8EB8-85C9-461​A-B0C1-0DB7C21FA89A}\setup.exe​" -l0x9 /UNINSTALL
 Spybot - Search & Destroy 1.5.2.20-->"C:\WINDOWS\unins00​0.exe"
 Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
 Sunbelt Kerio Personal Firewall-->MsiExec.exe /X{E659E0EE-10E6-49B7-8696-60F​38D0EB174}
 TOSHIBA Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\Ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-430​8-9DE7-AD15288A8BDC}\Setup.exe​"  -uninst
 TOSHIBA Controls-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\Ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0​F-A8EB-D5B332454AC6}\Setup.exe​"
 Toshiba Hotkey Utility for Display Devices-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,De​faultUninstall,5
 TOSHIBA Power Saver-->TPWRDEL.EXE
 TOSHIBA Software Modem-->Tosmreg -U
 TOSHIBA TouchPad On/Off Utility V2.04.00-->C:\WINDOWS\IsUninst​.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.i​su" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst​.dll"
 TOSHIBA Utilities-->tutildel.exe
 TV sur PC-->C:\Program Files\Neuf\TV_PC\uninstall.exe
 Uninstall La Malediction-->D:\UNWISE.EXE C:\PROGRA~1\Papyrus\INSTALL.LO​G
 Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUn​installKB898461$\spuninst\spun​inst.exe"
 Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUn​installKB900485$\spuninst\spun​inst.exe"
 Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUn​installKB908531$\spuninst\spun​inst.exe"
 Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUn​installKB910437$\spuninst\spun​inst.exe"
 Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUn​installKB911280$\spuninst\spun​inst.exe"
 Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUn​installKB916595$\spuninst\spun​inst.exe"
 Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUn​installKB920872$\spuninst\spun​inst.exe"
 Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUn​installKB922582$\spuninst\spun​inst.exe"
 Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUn​installKB927891$\spuninst\spun​inst.exe"
 Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUn​installKB930916$\spuninst\spun​inst.exe"
 Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUn​installKB936357$\spuninst\spun​inst.exe"
 Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUn​installKB938828$\spuninst\spun​inst.exe"
 Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$N​tUninstallKB951072-v2$\spunins​t\spuninst.exe"
 VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.e​xe
 Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
 WG111v2 Configuration Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​PROFES~1\RunTime\10\50\Intel32​\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0F252A6-DE85-4E9​3-A93B-DFC3537B3965}\setup.exe​" -l0x9 REMOVE -removeonly
 Windows Internet Explorer 8 Beta 2-->"C:\WINDOWS\ie8\spuninst\s​puninst.exe"
 Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
 Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUnins​tallKB873339$\spuninst\spunins​t.exe
 Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUnins​tallKB885835$\spuninst\spunins​t.exe
 Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUnins​tallKB885836$\spuninst\spunins​t.exe
 Windows XP Hotfix - KB885884-->C:\WINDOWS\$NtUnins​tallKB885884$\spuninst\spunins​t.exe
 Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUnins​tallKB886185$\spuninst\spunins​t.exe
 Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUnins​tallKB887472$\spuninst\spunins​t.exe
 Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUnins​tallKB888302$\spuninst\spunins​t.exe
 Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUnin​stallKB890859$\spuninst\spunin​st.exe"
 Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUnins​tallKB891781$\spuninst\spunins​t.exe
 Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackU​ninstall$\spuninst\spuninst.ex​e
 Wireless Hotkey-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\Ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{7862BAD8-A379-412​8-8AA1-EFD5A9603C53}\Setup.exe​"
 YAMAHA AC-XG WDM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\​engine\6\INTEL3~1\ctor.dll,Lau​nchSetup "C:\Program Files\InstallShield Installation Information\{3663DDE0-D8AE-11D​3-9850-00C04F7AC096}\setup.exe​" maintenance

 ======Security center information======

 AV: Avira AntiVir PersonalEdition
 FW: Sunbelt Kerio Personal Firewall

 System event log

 Computer Name: YOUR-Q94BJVTL0R
 Event Code: 7901
 Message: The At17.job command failed to start due to the following error:
 %%2147942402

 Record Number: 85727
 Source Name: Schedule
 Time Written: 20081104160000.000000+060
 Event Type: error
 User:

 Computer Name: YOUR-Q94BJVTL0R
 Event Code: 7901
 Message: The At16.job command failed to start due to the following error:
 %%2147942402

 Record Number: 85726
 Source Name: Schedule
 Time Written: 20081104150000.000000+060
 Event Type: error
 User:

 Computer Name: YOUR-Q94BJVTL0R
 Event Code: 7901
 Message: The At15.job command failed to start due to the following error:
 %%2147942402

 Record Number: 85725
 Source Name: Schedule
 Time Written: 20081104140000.000000+060
 Event Type: error
 User:

 Computer Name: YOUR-Q94BJVTL0R
 Event Code: 7901
 Message: The At14.job command failed to start due to the following error:
 %%2147942402

 Record Number: 85724
 Source Name: Schedule
 Time Written: 20081104130000.000000+060
 Event Type: error
 User:

 Computer Name: YOUR-Q94BJVTL0R
 Event Code: 7901
 Message: The At13.job command failed to start due to the following error:
 %%2147942402

 Record Number: 85723
 Source Name: Schedule
 Time Written: 20081104120000.000000+060
 Event Type: error
 User:

 Application event log

 Computer Name: YOUR-Q94BJVTL0R
 Event Code: 2002
 Message: EAPOL service was stopped successfully

 Record Number: 1044
 Source Name: EAPOL
 Time Written: 20080430185050.000000+120
 Event Type: information
 User:

 Computer Name: YOUR-Q94BJVTL0R
 Event Code: 2003
 Message: EAPOL service is running

 Record Number: 1043
 Source Name: EAPOL
 Time Written: 20080430185050.000000+120
 Event Type: information
 User:

 Computer Name: YOUR-Q94BJVTL0R
 Event Code: 4096
 Message:
 Record Number: 1042
 Source Name: Avira AntiVir
 Time Written: 20080430184208.000000+120
 Event Type: information
 User: NT AUTHORITY\SYSTEM

 Computer Name: YOUR-Q94BJVTL0R
 Event Code: 1002
 Message: Hanging application iexplore.exe, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 Record Number: 1041
 Source Name: Application Hang
 Time Written: 20080430183605.000000+120
 Event Type: error
 User:

 Computer Name: YOUR-Q94BJVTL0R
 Event Code: 1002
 Message: Hanging application iexplore.exe, version 6.0.2800.1106, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

 Record Number: 1040
 Source Name: Application Hang
 Time Written: 20080430183604.000000+120
 Event Type: error
 User:

 ======Environment variables======

 "ComSpec"=%SystemRoot%\system3​2\cmd.exe
 "Path"=%systemroot%\system32;%​systemroot%;%systemroot%\syste​m32\wbem;C:\WINDOWS\Microsoft.​NET\Framework\v1.1.4322;C:\Pro​gram Files\QuickTime\QTSystem\
 "windir"=%SystemRoot%
 "OS"=Windows_NT
 "PROCESSOR_ARCHITECTURE"=x86
 "PROCESSOR_LEVEL"=15
 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 7, GenuineIntel
 "PROCESSOR_REVISION"=0207
 "NUMBER_OF_PROCESSORS"=1
 "PATHEXT"=.COM;.EXE;.BAT;.CMD;​.VBS;.VBE;.JS;.JSE;.WSF;.WSH
 "TEMP"=%SystemRoot%\TEMP
 "TMP"=%SystemRoot%\TEMP
 "FP_NO_HOST_CHECK"=NO
 "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_07\lib\ext​\QTJava.zip
 "QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext​\QTJava.zip

 -----------------EOF----------​-------


 Et le dernier TB.txt :

-----------\\  ToolBar S&D 1.2.8   XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free :          Mobile Intel(R) Celeron(R) CPU 1.50GHz )

BIOS : v1.40

USER : Jean-Francois ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.30 (Activated)

Firewall  : Sunbelt Kerio Personal Firewall 4.3.268 T (Activated)

A:\ (USB)

C:\ (Local Disk) - NTFS - Total:18 Go (Free:0 Go)

D:\ (CD or DVD)

F:\ (Local Disk) - FAT32 - Total:55 Go (Free:13 Go)

G:\ (Local Disk) - NTFS - Total:596 Go (Free:527 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [1] ( 02/01/2009|14:33 )

-----------\\  Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\JEAN-F~1\LOCALS~1\​Temp\nsq10.tmp

C:\DOCUME~1\JEAN-F~1\LOCALS~1\​Temp\nsxF.tmp

-----------\\  [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Main]

"Start Page"="http://www.google.fr/"

"Search Page"="http://www.microsoft.co​m/isapi/redir.dll?prd=ie&ar=ie​search"

"Local Page"="C:\\WINDOWS\\system32\\​blank.htm"

"Url"="http://go.microsoft.com​/fwlink/?LinkId=68928"

"Url"="http://go.microsoft.com​/fwlink/?LinkId=68929"

[HKEY_LOCAL_MACHINE\Software\Mi​crosoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.​microsoft.com/fwlink/?LinkId=6​9157"

"Default_Search_URL"="http://g​o.microsoft.com/fwlink/?LinkId​=54896"

"Search Page"="http://go.microsoft.com​/fwlink/?LinkId=54896"

"Start Page"="http://go.microsoft.com​/fwlink/?LinkId=69157"

--------------------\\  Recherche d'autres infections

C:\WINDOWS\Tasks\At1.job

C:\WINDOWS\Tasks\At10.job

C:\WINDOWS\Tasks\At11.job

C:\WINDOWS\Tasks\At12.job

C:\WINDOWS\Tasks\At13.job

C:\WINDOWS\Tasks\At14.job

C:\WINDOWS\Tasks\At15.job

C:\WINDOWS\Tasks\At16.job

C:\WINDOWS\Tasks\At17.job

C:\WINDOWS\Tasks\At18.job

C:\WINDOWS\Tasks\At19.job

C:\WINDOWS\Tasks\At2.job

C:\WINDOWS\Tasks\At20.job

C:\WINDOWS\Tasks\At21.job

C:\WINDOWS\Tasks\At22.job

C:\WINDOWS\Tasks\At23.job

C:\WINDOWS\Tasks\At24.job

C:\WINDOWS\Tasks\At3.job

C:\WINDOWS\Tasks\At4.job

C:\WINDOWS\Tasks\At5.job

C:\WINDOWS\Tasks\At6.job

C:\WINDOWS\Tasks\At7.job

C:\WINDOWS\Tasks\At8.job

C:\WINDOWS\Tasks\At9.job

[HKEY_LOCAL_MACHINE\SYSTEM\Cont​rolSet002\..\{56FA3F6D-C964-40​0E-9E39-26DA187A4251}]

DhcpNameServer REG_SZ 85.255.113.107,85.255.112.182

==> WAREOUT <==

--------------------\\  Cracks & Keygens ..

C:\DOCUME~1\JEAN-F~1\Applicati​on Data\uTorrent\Adobe Acrobat 8 Professional Full with keygen by ..Rock..On.torrent

C:\DOCUME~1\JEAN-F~1\Applicati​on Data\uTorrent\Easy CD and DVD Cover Design Creator 4.13+ Keygen.rar.torrent

C:\DOCUME~1\JEAN-F~1\Applicati​on Data\uTorrent\SYSTRANSOFT SYSTRAN v6 Premium Translator with Crack.torrent

1 - "C:\ToolBar SD\TB_1.txt" - 02/01/2009|14:38 - Option : [1]

-----------\\  Fin du rapport a 14:38:45.22

 Bon courage !

 J.

(Publicité)
Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 02/01/2009 à 14:55:21  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut jaku1


 -Télécharge et installe MalwareByte's Anti-Malware
 http://www.malwarebytes.org/mb [...] -setup.exe

 - Mets le à jour

 ---

 - Redémarre en mode sans échec :

 Au redémarrage de ton PC tapote sur la touche F8 ou F5, sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur

 ---

 - Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
 - Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
 - clique sur Rechercher

 - Une fois le scan terminé, une fenêtre s'ouvre, clique sur  sur Ok

 - Si MalwareByte's n'a rien détecté, clique sur Ok  Un rapport va apparaître ferme-le.

 - Si MalwareByte's a détecté des infections, clique sur Afficher les résultats  ensuite sur Supprimer la sélection

 - Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

 Note : Si MalwareByte's  a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

 Tutoriel pour MalwareByte's ici :
 http://www.malekal.com/tutoria [...] alware.php


 @++   :)

jaku1
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2009 à 11:38:43  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Rebonjour,

 Je reprends le fil avec beaucoup de retard (toutes mes excuses) car j'ai eu beaucoup de mal a suivre tes recommandations :

 Tout d'abord : impossible de demarrer en mode sans echec. Mon PC s'arretait automatiquement des l'ouverture de ma session.
 J'ai cherche des conseils sur le net et j'ai fini par trouver :
 j'ai telecharge msconfig et en mode demarrage avec diagnostic, j'ai reussi a demarrer en mode sans echec.

 Second probleme : j'ai fait tourner malwarebyte mais a chaque fois, a la fin, il me demande si je veux afficher les resultats. Je clique OK et puis... rien ? De plus tous les onglets de malware sont devenus inactifs, je n'ai plus qu'a fermer.

 De plus, dans les parametres de malware, il est indique : "la base de donnees que vous utilisez est indisponible" ??

 Dernier point, a chaque recherche malware, il est dtecte le Trojan suivant : Crypt.ULPM

 La situation se complique donc.

 En esperant que je n'use pas trop ton temps et ta patience.

 Salutations.
 J.

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 03/01/2009 à 15:29:16  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut jaku1


 Télécharge combofix.exe (de sUBs) sur le bureau :

 http://download.bleepingcomput [...] mboFix.exe
 http://subs.geekstogo.com/ComboFix.exe

 Important Désactive ton Antivirus et antispyware avant le scan avec Combofix :
 http://forum.pcastuces.com/des [...] -f31s4.htm


 ==> Sauvegarde et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

 Double clique sur combofix.exe, clique sur OUI et valide par Entrée

 Il te sera demandé d’installer la console si elle n’est pas installer, clique sur NON

 Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

 NOTE : Le rapport se trouve également ici : C:\ Combofix.txt

 Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure


 @++  :)

(Publicité)
jaku1
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2009 à 17:03:28  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Ravi de te retrouver,

 Cette fois, ca a marche. Voila le rapport :

 ComboFix 09-01-01.02 - Jean-Francois 2009-01-03 16:22:24.3 - NTFSx86
 Microsoft Windows XP Home Edition  5.1.2600.2.932.81.1033.18.511.​252 [GMT 1:00]
 Running from: c:\documents and settings\Jean-Francois\Desktop​\ComboFix.exe
 AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
 FW: Sunbelt Kerio Personal Firewall *disabled*
 * Created a new restore point

 WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
 .

 ((((((((((((((((((((((((((((((​(((((((((   Other Deletions   ))))))))))))))))))))))))))))))​)))))))))))))))))))
 .

 c:\windows\db32.txt
 c:\windows\system32\0n6mvrMD.exe.a_a
 c:\windows\ws386.ini

 .
 ((((((((((((((((((((((((((((((​(((((((((   Drivers/Services   ))))))))))))))))))))))))))))))​)))))))))))))))))))
 .

 -------\Legacy_ASPIMGR
 -------\Service_aspimgr


 (((((((((((((((((((((((((   Files Created from 2008-12-03 to 2009-01-03  ))))))))))))))))))))))))))))))​)
 .

 2009-01-03 16:19 . 2009-01-03 16:19 <DIR> d-------- C:\32788R22FWJFW
 2009-01-03 11:02 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mb​amswissarmy.sys
 2009-01-03 11:02 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mb​am.sys
 2009-01-03 11:01 . 2009-01-03 11:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
 2009-01-03 06:21 . 2001-08-28 14:00 147,968 --a------ c:\windows\system32\msconfig.e​xe
 2009-01-02 18:27 . 2009-01-02 18:27 <DIR> d-------- c:\documents and settings\Jean-Francois\Applica​tion Data\Malwarebytes
 2009-01-02 18:27 . 2009-01-02 18:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
 2009-01-02 14:32 . 2009-01-02 14:38 <DIR> d-------- C:\ToolBar SD
 2009-01-02 14:29 . 2009-01-02 14:29 <DIR> d-------- C:\rsit
 2009-01-02 14:13 . 2009-01-02 14:13 <DIR> d-------- c:\program files\Trend Micro
 2008-12-31 18:30 . 2008-09-09 11:39 562,176 -ra------ c:\windows\system32\drivers\hc​w95bda.sys
 2008-12-31 18:30 . 2004-08-04 09:56 53,760 --a------ c:\windows\system32\vfwwdm32.d​ll
 2008-12-31 18:30 . 2008-09-09 11:41 15,616 -ra------ c:\windows\system32\drivers\hc​w95rc.sys
 2008-12-30 21:08 . 2008-12-30 21:08 <DIR> d-------- c:\program files\GIBCOM
 2008-12-30 21:08 . 1998-09-24 13:03 171,967 --a------ c:\windows\system32\Odbcjet.hl​p
 2008-12-30 21:08 . 1998-10-19 12:34 37,062 --a------ c:\windows\system32\odbcinst.h​lp
 2008-12-30 21:08 . 1997-01-27 02:00 28,432 --a------ c:\windows\system32\FM20FRA.DL​L
 2008-12-30 21:08 . 1998-09-24 13:03 7,348 --a------ c:\windows\system32\Odbcjet.cn​t
 2008-12-30 21:08 . 1998-10-19 12:34 324 --a------ c:\windows\system32\odbcinst.c​nt
 2008-12-30 20:59 . 2008-12-30 21:28 <DIR> d-------- c:\program files\MP3Gain
 2008-12-06 17:59 . 2008-12-06 17:59 <DIR> d-------- C:\downloads
 2008-12-06 17:59 . 2008-12-07 06:49 <DIR> d-------- c:\documents and settings\Jean-Francois\Applica​tion Data\Orbit
 2008-12-06 17:59 . 2008-12-06 17:59 <DIR> d-------- c:\documents and settings\Jean-Francois\Applica​tion Data\GrabPro
 2008-12-06 17:54 . 2008-12-08 23:22 <DIR> d-------- c:\program files\IVCsoft

 .
 ((((((((((((((((((((((((((((((​((((((((((   Find3M Report   ))))))))))))))))))))))))))))))​))))))))))))))))))))))
 .
 2009-01-03 12:40 8,206,601 ----a-w c:\windows\system32\drivers\fw​drv.err
 2009-01-03 12:19 --------- d-----w c:\documents and settings\Jean-Francois\Applica​tion Data\uTorrent
 2008-12-31 21:05 --------- d-----w c:\program files\eMule
 2008-12-30 20:08 --------- d--h--w c:\program files\InstallShield Installation Information
 2008-12-15 06:49 --------- d-----w c:\program files\Zattoo
 2008-11-30 11:34 --------- d-----w c:\program files\Axon Data
 2008-11-30 09:29 --------- d-----w c:\program files\Magic Folders
 2008-11-30 09:09 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
 2008-11-30 09:08 --------- d-----w c:\program files\Dobermann
 2008-11-30 08:09 3,982 ----a-w c:\windows\kj01d.sys
 2008-11-26 06:44 --------- d-----w c:\program files\adslTV
 2008-11-26 06:03 --------- d-----w c:\documents and settings\Jean-Francois\Applica​tion Data\vlc
 2008-11-24 05:26 --------- d-----w c:\program files\bobyte
 2008-11-23 17:24 --------- d-----w c:\documents and settings\Jean-Francois\Applica​tion Data\Dragon Altar Games
 2008-11-23 15:15 --------- d-----w c:\program files\Games
 2008-11-21 21:34 --------- d-----w c:\program files\RSSOwl
 2008-11-14 21:27 --------- d-----w c:\program files\Juice
 2008-11-14 06:34 --------- d-----w c:\program files\Canal
 2008-11-14 06:32 --------- d-----w c:\program files\Common Files\Adobe AIR
 2008-11-13 06:33 --------- d-----w c:\documents and settings\Jean-Francois\Applica​tion Data\Feedreader
 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dl​l
 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dl​l
 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.ex​e
 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
 2008-10-06 18:46 413,696 ----a-w c:\windows\system32\wrap_oal.d​ll
 2008-10-06 18:46 110,592 ----a-w c:\windows\system32\OpenAL32.d​ll
 2008-07-08 05:32 24,496 ----a-w c:\documents and settings\Jean-Francois\Applica​tion Data\GDIPFONTCACHEV1.DAT
 2006-08-28 19:46 278,528 ----a-w c:\program files\Common Files\FDEUnInstaller.exe
 2008-11-17 06:19 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
 2008-11-17 06:19 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
 2008-11-17 06:19 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
 2008-11-17 06:19 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dl​l
 2008-11-17 06:19 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dl​l
 .

 ((((((((((((((((((((((((((((((​(((((((   Reg Loading Points   ))))))))))))))))))))))))))))))​))))))))))))))))))))
 .
 .
 *Note* empty entries & legit default entries are not shown
 REGEDIT4

 [HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\URLSearchHooks]
 "{ecdee021-0d17-467f-a1ff-c7a1​15230949}"= "c:\program files\free-downloads.net\tbfre​1.dll" [2008-05-17 1470488]

 [HKEY_CLASSES_ROOT\clsid\{ecdee​021-0d17-467f-a1ff-c7a11523094​9}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
 2008-05-17 11:07 1470488 --a------ c:\program files\free-downloads.net\tbfre​1.dll

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Toolbar]
 "{ecdee021-0d17-467f-a1ff-c7a1​15230949}"= "c:\program files\free-downloads.net\tbfre​1.dll" [2008-05-17 1470488]

 [HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Toolbar\Webbrowser]
 "{ECDEE021-0D17-467F-A1FF-C7A1​15230949}"= "c:\program files\free-downloads.net\tbfre​1.dll" [2008-05-17 1470488]

 [HKEY_CLASSES_ROOT\clsid\{ecdee​021-0d17-467f-a1ff-c7a11523094​9}]

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "ctfmon.exe"="c:\windows\syste​m32\ctfmon.exe" [2004-08-04 15360]
 "SsAAD.exe"="c:\progra~1\Sony\​SONICS~2\SsAAD.exe" [2006-05-08 81920]
 "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
 "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
 "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
 "Livestation"="c:\program files\Livestation\Livestation.​exe" [2008-10-02 1789952]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "NvCplDaemon"="NvQTwk" [X]
 "TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.​Exe" [2002-07-31 126976]
 "TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-01-23 49152]
 "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched​.exe" [2008-05-25 185896]
 "SunJavaUpdateSched"="c:\progr​am files\Java\jre1.6.0_07\bin\jus​ched.exe" [2008-06-10 144784]
 "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
 "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
 "PHIME2002ASync"="c:\windows\S​ystem32\IME\TINTLGNT\TINTSETP.​EXE" [2002-08-29 455168]
 "PHIME2002A"="c:\windows\Syste​m32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
 "MSPY2002"="c:\windows\System3​2\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
 "IMJPMIG8.1"="c:\windows\IME\i​mjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
 "IMEKRMIG6.1"="c:\windows\ime\​imkr6_1\IMEKRMIG.EXE" [2001-08-18 44032]
 "Canal Widget"="c:\program files\Canal\Canal Widget\Launcher.exe" [2008-12-28 105528]
 "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
 "Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2007-04-23 181752]
 "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2002-07-15 126976]
 "Tpwrtray"="TPWRTRAY.EXE" [2002-03-20 c:\windows\system32\TPWRTRAY.EXE]
 "TFNF5"="TFNF5.exe" [2001-08-03 c:\windows\system32\TFNF5.exe]
 "TFncKy"="TFncKy.exe" [BU]
 "nwiz"="nwiz.exe" [2002-04-18 c:\windows\system32\nwiz.exe]

 c:\documents and settings\All Users\Start Menu\Programs\Startup\
 WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-08-25 745472]

 [hkey_local_machine\software\mi​crosoft\windows\currentversion​\explorer\ShellExecuteHooks]
 "{88485281-8b4b-4f8d-9ede-82e2​9a064277}"= "c:\progra~1\MarkAny\CONTEN~1\​MACSMA~1.DLL" [2004-11-23 192512]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\drivers32]
 "msacm.l3acm"= l3codecp.acm
 "VIDC.X264"= x264vfw.dll

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\AVG Anti-Spyware Driver]
 @=""

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\AVG Anti-Spyware Guard]
 @=""

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile]
 "EnableFirewall"= 0 (0x0)

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\AuthorizedApplicati​ons\List]
 "c:\\Program Files\\uTorrent\\utorrent.exe"​=

 R0 avgntmgr;avgntmgr;c:\windows\s​ystem32\DRIVERS\avgntmgr.sys [2008-02-17 22336]
 R0 MFX;MFX;c:\windows\system32\dr​ivers\MFX.sys [2007-09-11 45824]
 R1 avgntdd;avgntdd;c:\windows\sys​tem32\DRIVERS\avgntdd.sys [2008-02-17 45376]
 R1 fwdrv;Firewall Driver;c:\windows\system32\dri​vers\fwdrv.sys [2006-07-18 284184]
 R1 khips;Kerio HIPS Driver;c:\windows\system32\dri​vers\khips.sys [2006-07-18 91672]
 R2 CanalPlus.VOD;CanalPlus.VOD;"c​:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-10-23 61440]
 R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\D​RIVERS\EAPPkt.sys [2007-08-25 66048]
 R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRI​VERS\wg111v2.sys [2007-08-25 167808]
 R3 SjyPkt;SjyPkt;\??\c:\windows\S​ystem32\Drivers\SjyPkt.sys [2007-08-25 13532]
 S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Dri​vers\hcw95bda.sys [2008-12-31 562176]

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{68336f0​3-6397-11db-9363-00038a000015}​]
 \Shell\AutoRun\command - E:\LaunchU3.exe -a

 *Newly Created Service* - SJYPKT
 .
 Contents of the 'Scheduled Tasks' folder

 2008-10-10 c:\windows\Tasks\1 Copernic Intra-Daily ~YOUR-Q94BJVTL0R Jean-Francois.job
 - c:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

 2008-10-10 c:\windows\Tasks\2 Copernic Daily ~YOUR-Q94BJVTL0R Jean-Francois.job
 - c:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

 2008-10-10 c:\windows\Tasks\3 Copernic Weekly ~YOUR-Q94BJVTL0R Jean-Francois.job
 - c:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

 2008-10-10 c:\windows\Tasks\4 Copernic Monthly ~YOUR-Q94BJVTL0R Jean-Francois.job
 - c:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

 2009-01-01 c:\windows\Tasks\AppleSoftware​Update.job
 - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 2009-01-01 c:\windows\Tasks\At1.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At10.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-03 c:\windows\Tasks\At11.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-03 c:\windows\Tasks\At12.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-03 c:\windows\Tasks\At13.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-03 c:\windows\Tasks\At14.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At15.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At16.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At17.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At18.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At19.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At2.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At20.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At21.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At22.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At23.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At24.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At3.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At4.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At5.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At6.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-03 c:\windows\Tasks\At7.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At8.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At9.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-03 c:\windows\Tasks\User_Feed_Syn​chronization-{5E8EFA59-067B-48​A7-8868-9BCEFD962138}.job
 - c:\windows\system32\msfeedssyn​c.exe [2008-08-22 02:05]
 .
 - - - - ORPHANS REMOVED - - - -

 HKCU-Run-Skype - c:\program files\Skype\Phone\Skype.exe
 HKCU-Run-CanalPlayer - c:\program files\Lecteur CANALPLAY\CanalPlayer.exe
 HKLM-Run-ezShieldProtector for Px - c:\windows\System32\ezSP_Px.ex​e
 ShellExecuteHooks-{650CA63D-4A​01-4BF8-A608-9B1EBB36292E} - c:\windows\System32\pRDfOMpJ.d​ll


 .
 ------- Supplementary Scan -------
 .
 uStart Page = hxxp://www.google.fr/
 uInternet Settings,ProxyOverride = *.local
 uSearchURL,(Default) = hxxp://www.google.com/search?q​=%s
 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\​EXCEL.EXE/3000
 IE: Search Using Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.dll/INT​EGRATION_MENU_SEARCHEXT
 Trusted Zone: *.canalplay.com
 Trusted Zone: *.canalplusactive.com
 Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C6​4A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.​DLL
 Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C0​5A67E1D} - c:\progra~1\COPERN~1\COPERN~1.​DLL

 O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes​\xmldso.cab
 c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

 c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
 c:\windows\Downloaded Program Files\live.ini
 c:\windows\Downloaded Program Files\scanoptions.tsi
 c:\windows\Downloaded Program Files\lang.ini
 c:\windows\Downloaded Program Files\ipsupd.dll
 c:\windows\Downloaded Program Files\bdupd.dll
 c:\windows\Downloaded Program Files\libfn.dll
 c:\windows\Downloaded Program Files\bdcore.dll
 c:\windows\Downloaded Program Files\oscan8.ocx
 O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499}
 hxxp://www.bitdefender.fr/scan​_fr/scan8/oscan8.cab
 c:\windows\Downloaded Program Files\oscan8.inf
 FF - ProfilePath - c:\documents and settings\Jean-Francois\Applica​tion Data\Mozilla\Firefox\Profiles\​beift204.default\
 FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr//
 FF - component: c:\program files\Real\RealPlayer\browserr​ecord\components\nprpbrowserre​cordplugin.dll
 .

 ******************************​******************************​**************

 catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2009-01-03 16:42:39
 Windows 5.1.2600 Service Pack 2 NTFS

 scanning hidden processes ...

 scanning hidden autostart entries ...

 scanning hidden files ...

 scan completed successfully
 hidden files: 0

 ******************************​******************************​**************
 .
 --------------------- LOCKED REGISTRY KEYS ---------------------

 [HKEY_USERS\S-1-5-21-3293823761​-1615061138-1316817595-1005\So​ftware\Microsoft\PerfVis\Setti​ngs\Default]
 @DACL=(02 0000)
 @SACL=

 [HKEY_USERS\S-1-5-21-3293823761​-1615061138-1316817595-1005\So​ftware\Microsoft\Windows\Curre​ntVersion\Explorer\FileExts\.t​mp\OpenWithList]
 @Class="Shell"
 @DACL=(02 0000)
 @SACL=

 [HKEY_LOCAL_MACHINE\software\Cl​asses\CLSID\{FFD709F0-AF39-11D​2-B854-0000F81E8872}\Control]
 @DACL=(02 0000)
 @SACL=
 @=""

 [HKEY_LOCAL_MACHINE\software\Cl​asses\CLSID\{FFD709F0-AF39-11D​2-B854-0000F81E8872}\Implement​ed Categories]
 @DACL=(02 0000)
 @SACL=
 @=""

 [HKEY_LOCAL_MACHINE\software\Cl​asses\CLSID\{FFD709F0-AF39-11D​2-B854-0000F81E8872}\InprocSer​ver32]
 @DACL=(02 0000)
 @SACL=
 @="msjava.dll"
 "ThreadingModel"="Both"
 "JavaClass"="com.ms.wfc.html.D​hComponentWrapper$DhInnerSafeC​ontrol"

 [HKEY_LOCAL_MACHINE\software\Cl​asses\DSP.DSP\CLSID]
 @DACL=(02 0000)
 @SACL=
 @="{9C123EA9-AEC9-4f75-BBC0-75​65FA1398966}"

 [HKEY_LOCAL_MACHINE\software\Cl​asses\DSP.DSP\CurVer]
 @DACL=(02 0000)
 @SACL=
 @="DSP.DSP.1"

 [HKEY_LOCAL_MACHINE\software\Cl​asses\DSP.DSPDMOProp_Chorus.1\​CLSID]
 @DACL=(02 0000)
 @SACL=
 @="{6F63B172-5543-4593-91CE-ED​BA65B9FACDB}"

 [HKEY_LOCAL_MACHINE\software\Mi​crosoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
 @DACL=(02 0000)
 @SACL=

 [HKEY_LOCAL_MACHINE\software\Mi​crosoft\Java VM\RNIModuleFlags]
 @DACL=(02 0000)
 @SACL=
 "mtxjava.dll"=hex:01,00,00,00
 "jdbcdemo.dll"=hex:01,00,00,00

 [HKEY_LOCAL_MACHINE\software\Mi​crosoft\Java VM\Security]
 @DACL=(02 0000)
 @SACL=
 "EditCustomPermissions"=hex:00​,00,00,00

 [HKEY_LOCAL_MACHINE\software\Mi​crosoft\Java VM\System Properties]
 @DACL=(02 0000)
 @SACL=
 "com.ms.applet.enable.serverso​ckets"="false"
 "http.agent"="Java 1.1"

 [HKEY_LOCAL_MACHINE\software\YA​MAHA\YAMAHA AC-XG WDM]
 @DACL=(02 0000)
 @SACL=
 .
 ------------------------ Other Running Processes ------------------------
 .
 c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
 c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
 c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceS​ervice.exe
 c:\program files\Bonjour\mDNSResponder.ex​e
 c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
 c:\windows\system32\nvsvc32.ex​e
 c:\windows\system32\wdfmgr.exe
 c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
 c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
 c:\windows\system32\conime.exe
 c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
 c:\program files\Apoint2K\ApntEx.exe
 c:\program files\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe
 c:\windows\system32\wscntfy.ex​e
 .
 ******************************​******************************​**************
 .
 Completion time: 2009-01-03 16:49:27 - machine was rebooted
 ComboFix-quarantined-files.txt  2009-01-03 15:49:08
 ComboFix2.txt  2008-02-16 18:09:06

 Pre-Run: 2,207,010,816 bytes free
 Post-Run: 2,834,382,848 bytes free

 344 --- E O F --- 2008-09-20 17:04:22


 A bientot,
 Jaku

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 03/01/2009 à 18:05:25  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut jaku1


 - Clique sur le menu démarrer/Exécuter, tape notepad à l’invite de commande et OK.

 - Copie/colle ce qui est en citation ci-dessous dans le Bloc-Notes :

 



 KillAll::

 File::
 C:\WINDOWS\Tasks\At1.job
 C:\WINDOWS\Tasks\At10.job
 C:\WINDOWS\Tasks\At11.job
 C:\WINDOWS\Tasks\At12.job
 C:\WINDOWS\Tasks\At13.job
 C:\WINDOWS\Tasks\At14.job
 C:\WINDOWS\Tasks\At15.job
 C:\WINDOWS\Tasks\At16.job
 C:\WINDOWS\Tasks\At17.job
 C:\WINDOWS\Tasks\At18.job
 C:\WINDOWS\Tasks\At19.job
 C:\WINDOWS\Tasks\At2.job
 C:\WINDOWS\Tasks\At20.job
 C:\WINDOWS\Tasks\At21.job
 C:\WINDOWS\Tasks\At22.job
 C:\WINDOWS\Tasks\At23.job
 C:\WINDOWS\Tasks\At24.job
 C:\WINDOWS\Tasks\At3.job
 C:\WINDOWS\Tasks\At4.job
 C:\WINDOWS\Tasks\At5.job
 C:\WINDOWS\Tasks\At6.job
 C:\WINDOWS\Tasks\At7.job
 C:\WINDOWS\Tasks\At8.job
 C:\WINDOWS\Tasks\At9.job
 C:\32788R22FWJFW




 - Enregistre ce fichier sur le bureau (Impératif)

 -Nom du fichier : CFScript.txt
 -Type du fichier : tous les fichiers

 - Clique sur Enregistrer et quitte le Bloc Notes

 Important Désactive ton Antivirus et antispyware avant de faire le glisser/déposer

 - Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe sur le bureau, comme sur cette capture (l’icône est un lion) :

 http://images4.hiboox.com/imag​es/3408/6af2c97f0f4e497013ed9b​32fc36b566.gif

* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ ComboFix.txt


 @++  :)

jaku1
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2009 à 19:55:14  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Voila le resultat du scan :

 ComboFix 09-01-01.02 - Jean-Francois 2009-01-03 19:37:15.4 - NTFSx86
 Microsoft Windows XP Home Edition  5.1.2600.2.932.81.1033.18.511.​237 [GMT 1:00]
 Running from: c:\documents and settings\Jean-Francois\Desktop​\ComboFix.exe
 AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
 FW: Sunbelt Kerio Personal Firewall *disabled*

 WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
 .

 (((((((((((((((((((((((((   Files Created from 2008-12-03 to 2009-01-03  ))))))))))))))))))))))))))))))​)
 .

 2009-01-03 19:28 . 2009-01-03 19:29 <DIR> d-------- C:\32788R22FWJFW
 2009-01-03 11:02 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mb​amswissarmy.sys
 2009-01-03 11:02 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mb​am.sys
 2009-01-03 11:01 . 2009-01-03 11:02 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
 2009-01-03 06:21 . 2001-08-28 14:00 147,968 --a------ c:\windows\system32\msconfig.e​xe
 2009-01-02 18:27 . 2009-01-02 18:27 <DIR> d-------- c:\documents and settings\Jean-Francois\Applica​tion Data\Malwarebytes
 2009-01-02 18:27 . 2009-01-02 18:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
 2009-01-02 14:32 . 2009-01-02 14:38 <DIR> d-------- C:\ToolBar SD
 2009-01-02 14:29 . 2009-01-02 14:29 <DIR> d-------- C:\rsit
 2009-01-02 14:13 . 2009-01-02 14:13 <DIR> d-------- c:\program files\Trend Micro
 2008-12-31 18:30 . 2008-09-09 11:39 562,176 -ra------ c:\windows\system32\drivers\hc​w95bda.sys
 2008-12-31 18:30 . 2004-08-04 09:56 53,760 --a------ c:\windows\system32\vfwwdm32.d​ll
 2008-12-31 18:30 . 2008-09-09 11:41 15,616 -ra------ c:\windows\system32\drivers\hc​w95rc.sys
 2008-12-30 21:08 . 2008-12-30 21:08 <DIR> d-------- c:\program files\GIBCOM
 2008-12-30 21:08 . 1998-09-24 13:03 171,967 --a------ c:\windows\system32\Odbcjet.hl​p
 2008-12-30 21:08 . 1998-10-19 12:34 37,062 --a------ c:\windows\system32\odbcinst.h​lp
 2008-12-30 21:08 . 1997-01-27 02:00 28,432 --a------ c:\windows\system32\FM20FRA.DL​L
 2008-12-30 21:08 . 1998-09-24 13:03 7,348 --a------ c:\windows\system32\Odbcjet.cn​t
 2008-12-30 21:08 . 1998-10-19 12:34 324 --a------ c:\windows\system32\odbcinst.c​nt
 2008-12-30 20:59 . 2008-12-30 21:28 <DIR> d-------- c:\program files\MP3Gain
 2008-12-06 17:59 . 2008-12-06 17:59 <DIR> d-------- C:\downloads
 2008-12-06 17:59 . 2008-12-07 06:49 <DIR> d-------- c:\documents and settings\Jean-Francois\Applica​tion Data\Orbit
 2008-12-06 17:59 . 2008-12-06 17:59 <DIR> d-------- c:\documents and settings\Jean-Francois\Applica​tion Data\GrabPro
 2008-12-06 17:54 . 2008-12-08 23:22 <DIR> d-------- c:\program files\IVCsoft

 .
 ((((((((((((((((((((((((((((((​((((((((((   Find3M Report   ))))))))))))))))))))))))))))))​))))))))))))))))))))))
 .
 2009-01-03 18:45 --------- d-----w c:\documents and settings\Jean-Francois\Applica​tion Data\uTorrent
 2009-01-03 12:40 8,206,601 ----a-w c:\windows\system32\drivers\fw​drv.err
 2008-12-31 21:05 --------- d-----w c:\program files\eMule
 2008-12-30 20:08 --------- d--h--w c:\program files\InstallShield Installation Information
 2008-12-15 06:49 --------- d-----w c:\program files\Zattoo
 2008-11-30 11:34 --------- d-----w c:\program files\Axon Data
 2008-11-30 09:29 --------- d-----w c:\program files\Magic Folders
 2008-11-30 09:09 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
 2008-11-30 09:08 --------- d-----w c:\program files\Dobermann
 2008-11-30 08:09 3,982 ----a-w c:\windows\kj01d.sys
 2008-11-26 06:44 --------- d-----w c:\program files\adslTV
 2008-11-26 06:03 --------- d-----w c:\documents and settings\Jean-Francois\Applica​tion Data\vlc
 2008-11-24 05:26 --------- d-----w c:\program files\bobyte
 2008-11-23 17:24 --------- d-----w c:\documents and settings\Jean-Francois\Applica​tion Data\Dragon Altar Games
 2008-11-23 15:15 --------- d-----w c:\program files\Games
 2008-11-21 21:34 --------- d-----w c:\program files\RSSOwl
 2008-11-14 21:27 --------- d-----w c:\program files\Juice
 2008-11-14 06:34 --------- d-----w c:\program files\Canal
 2008-11-14 06:32 --------- d-----w c:\program files\Common Files\Adobe AIR
 2008-11-13 06:33 --------- d-----w c:\documents and settings\Jean-Francois\Applica​tion Data\Feedreader
 2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
 2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dl​l
 2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
 2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dl​l
 2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
 2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.ex​e
 2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
 2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
 2008-10-06 18:46 413,696 ----a-w c:\windows\system32\wrap_oal.d​ll
 2008-10-06 18:46 110,592 ----a-w c:\windows\system32\OpenAL32.d​ll
 2008-07-08 05:32 24,496 ----a-w c:\documents and settings\Jean-Francois\Applica​tion Data\GDIPFONTCACHEV1.DAT
 2006-08-28 19:46 278,528 ----a-w c:\program files\Common Files\FDEUnInstaller.exe
 2008-11-17 06:19 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
 2008-11-17 06:19 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
 2008-11-17 06:19 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
 2008-11-17 06:19 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dl​l
 2008-11-17 06:19 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dl​l
 .

 ((((((((((((((((((((((((((((((​(((((((   Reg Loading Points   ))))))))))))))))))))))))))))))​))))))))))))))))))))
 .
 .
 *Note* empty entries & legit default entries are not shown
 REGEDIT4

 [HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\URLSearchHooks]
 "{ecdee021-0d17-467f-a1ff-c7a1​15230949}"= "c:\program files\free-downloads.net\tbfre​1.dll" [2008-05-17 1470488]

 [HKEY_CLASSES_ROOT\clsid\{ecdee​021-0d17-467f-a1ff-c7a11523094​9}]

 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
 2008-05-17 11:07 1470488 --a------ c:\program files\free-downloads.net\tbfre​1.dll

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Internet Explorer\Toolbar]
 "{ecdee021-0d17-467f-a1ff-c7a1​15230949}"= "c:\program files\free-downloads.net\tbfre​1.dll" [2008-05-17 1470488]

 [HKEY_CURRENT_USER\Software\Mic​rosoft\Internet Explorer\Toolbar\Webbrowser]
 "{ECDEE021-0D17-467F-A1FF-C7A1​15230949}"= "c:\program files\free-downloads.net\tbfre​1.dll" [2008-05-17 1470488]

 [HKEY_CLASSES_ROOT\clsid\{ecdee​021-0d17-467f-a1ff-c7a11523094​9}]

 [HKEY_CURRENT_USER\SOFTWARE\Mic​rosoft\Windows\CurrentVersion\​Run]
 "ctfmon.exe"="c:\windows\syste​m32\ctfmon.exe" [2004-08-04 15360]
 "SsAAD.exe"="c:\progra~1\Sony\​SONICS~2\SsAAD.exe" [2006-05-08 81920]
 "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]
 "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
 "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
 "Livestation"="c:\program files\Livestation\Livestation.​exe" [2008-10-02 1789952]

 [HKEY_LOCAL_MACHINE\SOFTWARE\Mi​crosoft\Windows\CurrentVersion​\Run]
 "NvCplDaemon"="NvQTwk" [X]
 "TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.​Exe" [2002-07-31 126976]
 "TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2002-01-23 49152]
 "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched​.exe" [2008-05-25 185896]
 "SunJavaUpdateSched"="c:\progr​am files\Java\jre1.6.0_07\bin\jus​ched.exe" [2008-06-10 144784]
 "SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-02-23 126976]
 "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
 "PHIME2002ASync"="c:\windows\S​ystem32\IME\TINTLGNT\TINTSETP.​EXE" [2002-08-29 455168]
 "PHIME2002A"="c:\windows\Syste​m32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
 "MSPY2002"="c:\windows\System3​2\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
 "IMJPMIG8.1"="c:\windows\IME\i​mjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
 "IMEKRMIG6.1"="c:\windows\ime\​imkr6_1\IMEKRMIG.EXE" [2001-08-18 44032]
 "Canal Widget"="c:\program files\Canal\Canal Widget\Launcher.exe" [2008-12-28 105528]
 "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
 "Autoconfigurateur WiFi Neuf"="c:\program files\Neuf\Kit\WiFi\9wifi.exe" [2007-04-23 181752]
 "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2002-07-15 126976]
 "Tpwrtray"="TPWRTRAY.EXE" [2002-03-20 c:\windows\system32\TPWRTRAY.EXE]
 "TFNF5"="TFNF5.exe" [2001-08-03 c:\windows\system32\TFNF5.exe]
 "TFncKy"="TFncKy.exe" [BU]
 "nwiz"="nwiz.exe" [2002-04-18 c:\windows\system32\nwiz.exe]

 c:\documents and settings\All Users\Start Menu\Programs\Startup\
 WG111v2 Smart Wizard Wireless Setting.lnk - c:\program files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe [2007-08-25 745472]

 [hkey_local_machine\software\mi​crosoft\windows\currentversion​\explorer\ShellExecuteHooks]
 "{88485281-8b4b-4f8d-9ede-82e2​9a064277}"= "c:\progra~1\MarkAny\CONTEN~1\​MACSMA~1.DLL" [2004-11-23 192512]

 [HKEY_LOCAL_MACHINE\software\mi​crosoft\windows nt\currentversion\drivers32]
 "msacm.l3acm"= l3codecp.acm
 "VIDC.X264"= x264vfw.dll

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\AVG Anti-Spyware Driver]
 @=""

 [HKEY_LOCAL_MACHINE\SYSTEM\Curr​entControlSet\Control\SafeBoot​\Minimal\AVG Anti-Spyware Guard]
 @=""

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile]
 "EnableFirewall"= 0 (0x0)

 [HKLM\~\services\sharedaccess\p​arameters\firewallpolicy\stand​ardprofile\AuthorizedApplicati​ons\List]
 "c:\\Program Files\\uTorrent\\utorrent.exe"​=

 R0 avgntmgr;avgntmgr;c:\windows\s​ystem32\DRIVERS\avgntmgr.sys [2008-02-17 22336]
 R0 MFX;MFX;c:\windows\system32\dr​ivers\MFX.sys [2007-09-11 45824]
 R1 avgntdd;avgntdd;c:\windows\sys​tem32\DRIVERS\avgntdd.sys [2008-02-17 45376]
 R1 fwdrv;Firewall Driver;c:\windows\system32\dri​vers\fwdrv.sys [2006-07-18 284184]
 R1 khips;Kerio HIPS Driver;c:\windows\system32\dri​vers\khips.sys [2006-07-18 91672]
 R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\D​RIVERS\EAPPkt.sys [2007-08-25 66048]
 R3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRI​VERS\wg111v2.sys [2007-08-25 167808]
 R3 SjyPkt;SjyPkt;\??\c:\windows\S​ystem32\Drivers\SjyPkt.sys [2007-08-25 13532]
 S2 CanalPlus.VOD;CanalPlus.VOD;"c​:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-10-23 61440]
 S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Dri​vers\hcw95bda.sys [2008-12-31 562176]

 [HKEY_CURRENT_USER\software\mic​rosoft\windows\currentversion\​explorer\mountpoints2\{68336f0​3-6397-11db-9363-00038a000015}​]
 \Shell\AutoRun\command - E:\LaunchU3.exe -a
 .
 Contents of the 'Scheduled Tasks' folder

 2008-10-10 c:\windows\Tasks\1 Copernic Intra-Daily ~YOUR-Q94BJVTL0R Jean-Francois.job
 - c:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

 2008-10-10 c:\windows\Tasks\2 Copernic Daily ~YOUR-Q94BJVTL0R Jean-Francois.job
 - c:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

 2008-10-10 c:\windows\Tasks\3 Copernic Weekly ~YOUR-Q94BJVTL0R Jean-Francois.job
 - c:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

 2008-10-10 c:\windows\Tasks\4 Copernic Monthly ~YOUR-Q94BJVTL0R Jean-Francois.job
 - c:\program files\Copernic Agent\CopernicAgent.exe [2004-12-02 18:16]

 2009-01-01 c:\windows\Tasks\AppleSoftware​Update.job
 - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

 2009-01-01 c:\windows\Tasks\At1.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At10.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-03 c:\windows\Tasks\At11.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-03 c:\windows\Tasks\At12.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-03 c:\windows\Tasks\At13.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-03 c:\windows\Tasks\At14.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At15.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At16.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At17.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-03 c:\windows\Tasks\At18.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-03 c:\windows\Tasks\At19.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At2.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-03 c:\windows\Tasks\At20.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At21.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At22.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At23.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At24.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At3.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At4.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At5.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At6.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-03 c:\windows\Tasks\At7.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At8.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-02 c:\windows\Tasks\At9.job
 - c:\windows\System32\0n6mvrMD.exe []

 2009-01-03 c:\windows\Tasks\User_Feed_Syn​chronization-{5E8EFA59-067B-48​A7-8868-9BCEFD962138}.job
 - c:\windows\system32\msfeedssyn​c.exe [2008-08-22 02:05]
 .
 .
 ------- Supplementary Scan -------
 .
 uStart Page = hxxp://www.google.fr/
 uInternet Settings,ProxyOverride = *.local
 uSearchURL,(Default) = hxxp://www.google.com/search?q​=%s
 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\​EXCEL.EXE/3000
 IE: Search Using Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.dll/INT​EGRATION_MENU_SEARCHEXT
 Trusted Zone: *.canalplay.com
 Trusted Zone: *.canalplusactive.com
 Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C6​4A4EBF6} - c:\progra~1\COPERN~1\COPERN~1.​DLL
 Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C0​5A67E1D} - c:\progra~1\COPERN~1\COPERN~1.​DLL

 O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes​\xmldso.cab
 c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

 c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe
 c:\windows\Downloaded Program Files\live.ini
 c:\windows\Downloaded Program Files\scanoptions.tsi
 c:\windows\Downloaded Program Files\lang.ini
 c:\windows\Downloaded Program Files\ipsupd.dll
 c:\windows\Downloaded Program Files\bdupd.dll
 c:\windows\Downloaded Program Files\libfn.dll
 c:\windows\Downloaded Program Files\bdcore.dll
 c:\windows\Downloaded Program Files\oscan8.ocx
 O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730​F4EE499}
 hxxp://www.bitdefender.fr/scan​_fr/scan8/oscan8.cab
 c:\windows\Downloaded Program Files\oscan8.inf
 FF - ProfilePath - c:\documents and settings\Jean-Francois\Applica​tion Data\Mozilla\Firefox\Profiles\​beift204.default\
 FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr//
 FF - component: c:\program files\Real\RealPlayer\browserr​ecord\components\nprpbrowserre​cordplugin.dll
 .

 ******************************​******************************​**************

 catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
 Rootkit scan 2009-01-03 19:45:03
 Windows 5.1.2600 Service Pack 2 NTFS

 scanning hidden processes ...

 scanning hidden autostart entries ...

 scanning hidden files ...

 scan completed successfully
 hidden files: 0

 ******************************​******************************​**************
 .
 --------------------- DLLs Loaded Under Running Processes ---------------------

 - - - - - - - > 'explorer.exe'(3288)
 c:\windows\system32\ieframe.dl​l
 .
 Completion time: 2009-01-03 19:48:50
 ComboFix-quarantined-files.txt  2009-01-03 18:48:39
 ComboFix2.txt  2009-01-03 15:49:34
 ComboFix3.txt  2008-02-16 18:09:06

 Pre-Run: 2,839,425,024 bytes free
 Post-Run: 2,825,265,152 bytes free

 258 --- E O F --- 2008-09-20 17:04:22


(Publicité)
Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 03/01/2009 à 20:05:23  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut jaku1


 On va faire autrement, télécharge OTMoveIt3 (de Old_Timer) sur le bureau :

 http://oldtimer.geekstogo.com/OTMoveIt3.exe

 Double-clique sur OTMoveIt3.exe sur le bureau

 - Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

 - Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved

 



 :processes
 explorer.exe

 :files
 C:\WINDOWS\Tasks\At1.job
 C:\WINDOWS\Tasks\At10.job
 C:\WINDOWS\Tasks\At11.job
 C:\WINDOWS\Tasks\At12.job
 C:\WINDOWS\Tasks\At13.job
 C:\WINDOWS\Tasks\At14.job
 C:\WINDOWS\Tasks\At15.job
 C:\WINDOWS\Tasks\At16.job
 C:\WINDOWS\Tasks\At17.job
 C:\WINDOWS\Tasks\At18.job
 C:\WINDOWS\Tasks\At19.job
 C:\WINDOWS\Tasks\At2.job
 C:\WINDOWS\Tasks\At20.job
 C:\WINDOWS\Tasks\At21.job
 C:\WINDOWS\Tasks\At22.job
 C:\WINDOWS\Tasks\At23.job
 C:\WINDOWS\Tasks\At24.job
 C:\WINDOWS\Tasks\At3.job
 C:\WINDOWS\Tasks\At4.job
 C:\WINDOWS\Tasks\At5.job
 C:\WINDOWS\Tasks\At6.job
 C:\WINDOWS\Tasks\At7.job
 C:\WINDOWS\Tasks\At8.job
 C:\WINDOWS\Tasks\At9.job
 C:\32788R22FWJFW

 :commands
 [purity]
 [emptytemp]
 [start explorer]
 [reboot]




 - Clique sur MoveIt! pour lancer la suppression.
 - Ferme OTMoveIt3

 Ton PC va redémarrer pour finir la suppression

 Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.


 @++  :)

jaku1
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 03/01/2009 à 20:58:19  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Ca m'a l'air mieux :

 ========== PROCESSES ==========
 Process explorer.exe killed successfully.
 ========== FILES ==========
 C:\WINDOWS\Tasks\At1.job moved successfully.
 C:\WINDOWS\Tasks\At10.job moved successfully.
 C:\WINDOWS\Tasks\At11.job moved successfully.
 C:\WINDOWS\Tasks\At12.job moved successfully.
 C:\WINDOWS\Tasks\At13.job moved successfully.
 C:\WINDOWS\Tasks\At14.job moved successfully.
 C:\WINDOWS\Tasks\At15.job moved successfully.
 C:\WINDOWS\Tasks\At16.job moved successfully.
 C:\WINDOWS\Tasks\At17.job moved successfully.
 C:\WINDOWS\Tasks\At18.job moved successfully.
 C:\WINDOWS\Tasks\At19.job moved successfully.
 C:\WINDOWS\Tasks\At2.job moved successfully.
 C:\WINDOWS\Tasks\At20.job moved successfully.
 C:\WINDOWS\Tasks\At21.job moved successfully.
 C:\WINDOWS\Tasks\At22.job moved successfully.
 C:\WINDOWS\Tasks\At23.job moved successfully.
 C:\WINDOWS\Tasks\At24.job moved successfully.
 C:\WINDOWS\Tasks\At3.job moved successfully.
 C:\WINDOWS\Tasks\At4.job moved successfully.
 C:\WINDOWS\Tasks\At5.job moved successfully.
 C:\WINDOWS\Tasks\At6.job moved successfully.
 C:\WINDOWS\Tasks\At7.job moved successfully.
 C:\WINDOWS\Tasks\At8.job moved successfully.
 C:\WINDOWS\Tasks\At9.job moved successfully.
 C:\32788R22FWJFW moved successfully.
 ========== COMMANDS ==========
 User's Temp folder emptied.
 User's Temporary Internet Files folder emptied.
 User's Internet Explorer cache folder emptied.
 Local Service Temp folder emptied.
 File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
 Local Service Temporary Internet Files folder emptied.
 Windows Temp folder emptied.
 Java cache emptied.
 FireFox cache emptied.
 Temp folders emptied.
 Explorer started successfully
 
 OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01032009_201932

 Files moved on Reboot...
 File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 03/01/2009 à 21:03:23  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut jaku1


 Super  :super:  

 On va vérifier si rien de caché :

 Fais un scan en ligne ici http://webscanner.kaspersky.fr/ (A faire avec Internet Explorer)

 - Désactive ton Antivirus avant le scan
 - En bas à droite clique sur Démarrer Online-scanner dans la nouvelle fenêtre qui s'affiche clique sur J'accepte
 - Accepte les Contrôle ActivX

 - Choisis Poste de travail pour le scan. Celui-ci terminé clique sur Enregistrer rapport sous (Choisis fichier texte)
 - Poste le rapport

 - Pour t'aider à utiliser le scan en ligne http://forum.pcastuces.com/kas [...] f31s10.htm

 P.S. : Si tu as un problème pour l'installation du Contrôle ActivX lis ceci http://www.inoculer.com/activex.php3


 NOTE : Si tu reçoit le message "La licence de Kaspersky On-line Scanner est périmée"
 Via Ajout/Suppression de programmes supprime Kaspersky Online Scanner et refaire l’installation.


 @++  :)

(Publicité)
jaku1
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 04/01/2009 à 09:57:47  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
J'espere que la nuit fut bonne.

 De mon cote, j'ai bataille avec Kaspersky mais, meme en suivant tes conseils, pas moyen de lancer le scan. L'installation mouline et rien ne demarre apres deux heures !!
 J'ai abandonne.

 ??????

 Jaku

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 04/01/2009 à 14:31:56  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut jaku1


 Pas grave, on va faire autrement   :super:  

 Mettre à jour Antivir, faire un scan en mode sans échec et poste le rapport après avoir démarré en mode normal.

 Aide : http://www.malekal.com/tutorial_antivir.php


 @++  :)

jaku1
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 04/01/2009 à 19:08:22  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Rebonjour a toi,

 ANTIVIR m'a donne le rapport suivant :



 Avira AntiVir Personal
 Report file date: 04 January 2009  16:48

 Scanning for 1145719 virus strains and unwanted programs.

 Licensed to:      Avira AntiVir PersonalEdition Classic
 Serial number:    0000149996-ADJIE-0001
 Platform:         Windows XP
 Windows version:  (Service Pack 2)  [5.1.2600]
 Boot mode:        Save mode
 Username:         Jean-Francois
 Computer name:    YOUR-Q94BJVTL0R

 Version information:
 BUILD.DAT     : 8.2.0.337      16934 Bytes  2008/11/18 13:05:00
 AVSCAN.EXE    : 8.1.4.10      315649 Bytes  2008/11/26 18:30:07
 AVSCAN.DLL    : 8.1.4.0        40705 Bytes  2008/07/18 16:44:35
 LUKE.DLL      : 8.1.4.5       164097 Bytes  2008/07/18 16:44:36
 LUKERES.DLL   : 8.1.4.0        12033 Bytes  2008/07/18 16:44:36
 ANTIVIR0.VDF  : 7.1.0.0     15603712 Bytes  2008/10/27 04:00:19
 ANTIVIR1.VDF  : 7.1.1.33     1705984 Bytes  2008/12/24 15:26:09
 ANTIVIR2.VDF  : 7.1.1.60      318976 Bytes  2009/01/02 15:27:30
 ANTIVIR3.VDF  : 7.1.1.68       54784 Bytes  2009/01/04 15:27:24
 Engineversion : 8.2.0.45  
 AEVDF.DLL     : 8.1.0.6       102772 Bytes  2008/10/15 18:23:11
 AESCRIPT.DLL  : 8.1.1.19      336252 Bytes  2008/12/11 18:29:10
 AESCN.DLL     : 8.1.1.5       123251 Bytes  2008/11/08 18:26:36
 AERDL.DLL     : 8.1.1.3       438645 Bytes  2008/11/06 18:28:43
 AEPACK.DLL    : 8.1.3.4       393591 Bytes  2008/11/11 18:25:26
 AEOFFICE.DLL  : 8.1.0.33      196987 Bytes  2008/12/11 18:29:08
 AEHEUR.DLL    : 8.1.0.75     1524087 Bytes  2008/12/11 18:29:07
 AEHELP.DLL    : 8.1.2.0       119159 Bytes  2008/11/18 18:26:56
 AEGEN.DLL     : 8.1.1.8       323956 Bytes  2008/12/11 18:28:58
 AEEMU.DLL     : 8.1.0.9       393588 Bytes  2008/10/15 18:22:51
 AECORE.DLL    : 8.1.5.2       172405 Bytes  2008/11/28 18:27:53
 AEBB.DLL      : 8.1.0.3        53618 Bytes  2008/10/15 18:22:43
 AVWINLL.DLL   : 1.0.0.12       15105 Bytes  2008/07/18 16:44:35
 AVPREF.DLL    : 8.0.2.0        38657 Bytes  2008/07/18 16:44:35
 AVREP.DLL     : 8.0.0.2        98344 Bytes  2008/07/31 16:36:05
 AVREG.DLL     : 8.0.0.1        33537 Bytes  2008/07/18 16:44:35
 AVARKT.DLL    : 1.0.0.23      307457 Bytes  2008/04/19 17:48:30
 AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes  2008/07/18 16:44:35
 SQLITE3.DLL   : 3.3.17.1      339968 Bytes  2008/04/19 17:48:32
 SMTPLIB.DLL   : 1.2.0.23       28929 Bytes  2008/07/18 16:44:36
 NETNT.DLL     : 8.0.0.1         7937 Bytes  2008/04/19 17:48:32
 RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes  2008/07/18 16:44:27
 RCTEXT.DLL    : 8.0.52.0       86273 Bytes  2008/07/18 16:44:27

 Configuration settings for the scan:
 Jobname.......................​...: Complete system scan
 Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
 Logging.......................​...: low
 Primary action...................: interactive
 Secondary action.................: ignore
 Scan master boot sector..........: on
 Scan boot sector.................: on
 Boot sectors.....................: C:, F:, G:,
 Process scan.....................: on
 Scan registry....................: on
 Search for rootkits..............: off
 Scan all files...................: Intelligent file selection
 Scan archives....................: on
 Recursion depth..................: 20
 Smart extensions.................: on
 Macro heuristic..................: on
 File heuristic...................: medium

 Start of the scan: 04 January 2009  16:48

 The scan of running processes will be started
 Scan process 'avscan.exe' - '1' Module(s) have been scanned
 Scan process 'avcenter.exe' - '1' Module(s) have been scanned
 Scan process 'explorer.exe' - '1' Module(s) have been scanned
 Scan process 'userinit.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'svchost.exe' - '1' Module(s) have been scanned
 Scan process 'lsass.exe' - '1' Module(s) have been scanned
 Scan process 'services.exe' - '1' Module(s) have been scanned
 Scan process 'winlogon.exe' - '1' Module(s) have been scanned
 Scan process 'csrss.exe' - '1' Module(s) have been scanned
 Scan process 'smss.exe' - '1' Module(s) have been scanned
 11 processes with 11 modules were scanned

 Starting master boot sector scan:
 Master boot sector HD0

[INFO]      No virus was found!
 Master boot sector HD1

[INFO]      No virus was found!
 Master boot sector HD2

[INFO]      No virus was found!

 Start scanning boot sectors:
 Boot sector 'C:\'

[INFO]      No virus was found!
 Boot sector 'F:\'

[INFO]      No virus was found!
 Boot sector 'G:\'

[INFO]      No virus was found!

 Starting to scan the registry.
 The registry was scanned ( '52' files ).


 Starting the file scan:

 Begin scan in 'C:\' <S3A1192D001>
 C:\pagefile.sys

[WARNING]   The file could not be opened!
 C:\WINDOWS\system32\drivers\sp​td.sys

[WARNING]   The file could not be opened!
 Begin scan in 'F:\' <LOCAL>
 Begin scan in 'G:\' <Iomega_HDD>


 End of the scan: 04 January 2009  18:39
 Used time:  1:51:13 Hour(s)

 The scan has been done completely.

6705 Scanning directories
 268816 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned
 268814 Files not concerned

6570 Archives were scanned

2 Warnings

0 Notes

 A priori plutot encourageant.
 Jaku

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 04/01/2009 à 19:39:17  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut jaku1


 Ton rapport est propre  :super:

 On va faire un ménage des outils téléchargés pour la désinfection, télécharge Tools Cleaner sur le bureau :

 http://pc-system.fr/TC/ToolsCleaner2.exe


 - Double clique sur ToolsCleaner2.exe sur le bureau
 - Clique sur Recherche et laisse le scan agir.
 - Clique sur Suppression pour finaliser.
 - Tu peux, si tu le souhaites, te servir des Options facultatives.
 - Clique sur Quitter pour obtenir le rapport.
 - Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
 - Si des outils restes après le passage de Tools Cleaner, tu pourras les supprimer manuellement ainsi que tous les rapports qui on été généré lors de la désinfection.


 -----


 Mettre à jour Windows(catégories critique, Services Pack et Services Release) ici : http://www.windowsupdate.com/

 Faire un scan de vulnérabilités afin de vérifier que tes logiciels soit à jour sans failles de sécurités et mettre à jour :
 http://www.malekal.com/scan_vulnerabilite.php


 Tiens moi au courant


 @++  :)

jaku1
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 04/01/2009 à 22:35:44  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Missions accomplies :

 Voici le rapport Toolcleaner :

 [ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

 -->- Recherche:

 C:\VundoFix.txt: trouv&#12539;!
 C:\Combofix.txt: trouv&#12539;!
 C:\TB.txt: trouv&#12539;!
 C:\FixWareOut: trouv&#12539;!
 C:\!Killbox: trouv&#12539;!
 C:\Qoobox: trouv&#12539;!
 C:\_OtMoveIt: trouv&#12539;!
 C:\Toolbar SD: trouv&#12539;!
 C:\Rsit: trouv&#12539;!
 C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: trouv&#12539;!
 C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\Hijac​kThis.lnk: trouv&#12539;!
 C:\Documents and Settings\Jean-Francois\Desktop​\HijackThis.lnk: trouv&#12539;!
 C:\Documents and Settings\Jean-Francois\Desktop​\ComboFix.exe: trouv&#12539;!
 C:\Documents and Settings\Jean-Francois\Desktop​\Combofix.txt: trouv&#12539;!
 C:\Documents and Settings\Jean-Francois\Desktop​\OTMoveIt3.exe: trouv&#12539;!
 C:\fixwareout\SUB\Bfu.exe: trouv&#12539;!
 C:\Program Files\Trend Micro\HijackThis: trouv&#12539;!
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e: trouv&#12539;!
 C:\Program Files\Trend Micro\HijackThis\hijackthis.lo​g: trouv&#12539;!
 C:\WINDOWS\Gmer.exe: trouv&#12539;!


 Restauration annul&#39333; !
 ------------------------------​---
 -->- Suppression:
 C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis\Hijac​kThis.lnk: supprim&#12539;!
 C:\Documents and Settings\Jean-Francois\Desktop​\HijackThis.lnk: supprim&#12539;!
 C:\Documents and Settings\Jean-Francois\Desktop​\ComboFix.exe: ERREUR DE SUPPRESSION !!
 C:\fixwareout\SUB\Bfu.exe: supprim&#12539;!
 C:\Program Files\Trend Micro\HijackThis\HijackThis.ex​e: supprim&#12539;!
 C:\WINDOWS\Gmer.exe: supprim&#12539;!
 C:\VundoFix.txt: supprim&#12539;!
 C:\Combofix.txt: supprim&#12539;!
 C:\TB.txt: supprim&#12539;!
 C:\Documents and Settings\Jean-Francois\Desktop​\Combofix.txt: supprim&#12539;!
 C:\Documents and Settings\Jean-Francois\Desktop​\OTMoveIt3.exe: supprim&#12539;!
 C:\Program Files\Trend Micro\HijackThis\hijackthis.lo​g: supprim&#12539;!
 C:\FixWareOut: supprim&#12539;!
 C:\!Killbox: supprim&#12539;!
 C:\Qoobox: supprim&#12539;!
 C:\_OtMoveIt: supprim&#12539;!
 C:\Toolbar SD: supprim&#12539;!
 C:\Rsit: supprim&#12539;!
 C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis: supprim&#12539;!
 C:\Program Files\Trend Micro\HijackThis: supprim&#12539;!


 J'ai aussi mis a jour Windows et, suite au scan de securite, Adobe Flash Player, Macromedia Flash Player et Sun Java JRE.

 Jaku

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 04/01/2009 à 23:07:12  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut jaku1


 As-tu d'autre souci?


 @++  :)

jaku1
Bébé forumeur (De 10 à 49 messages postés)
  1. Posté le 05/01/2009 à 06:39:10  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut Dédétraqué,

 Mon dernier souci est de savoir comment te dire merci.

 Encore une fois, Bonne année et, meme si j'ai apprecie ton efficacite, j'espere que virus et autre saloperie me laisseront tranquille et que je n'aurais pas a revenir dans ce forum.

 Merci et bon vent.
 Jaku

Profil : Equipe sécurité
dedetraque
Célèbre sur tout le forum (de 30 000 à 99 999 messages postés)
  1. Posté le 05/01/2009 à 11:32:00  
  1. answer
  1. Prévenir les modérateurs en cas d'abus
 
Salut jaku1


 Bien de rien, je te donne quelques consignes de sécurité :

 -  Windows Update  parfaitement à jour http://www.windowsupdate.com/ (catégories critique, Services Pack et Services Release)
 - pare-feu bien paramétré
 - antivirus bien paramétré et mis à jour régulièrement (quotidiennement s'il le faut) avec un scan complet régulier (journalier s'il le faut).
 - une attitude prudente vis à vis de la navigation (pas de sites douteux : cracks, warez, sexe...) et vis à vis de la messagerie (fichiers joints aux messages doivent être scannés avant d'être ouverts)
 - pas de téléchargement illégal, qui est le principal facteur d’infection (µTorrent, BitTorrent, eMule, Limewire, etc..)   Le danger des cracks !
 - une attitude vigilante (être à l'affût d'un fonctionnement inhabituel de son système)
 - nettoyage hebdomadaire du système (suppression des fichiers inutiles, nettoyage de la base de registre, scandisk, defrag)
 - scan hebdomadaire antispyware  ( je conseil MalwareByte's Anti-Malware)
 - un contrôle régulier de la console JAVA pour s'assurer qu'elle est à jour http://www.java.com/en/download/help/testvm.xml
 - un scan de vulnérabilités afin de vérifier que tes logiciels soit à jour sans failles de sécurités :
 http://www.malekal.com/scan_vulnerabilite.php


 ------ Ton infection, tu la dénonces ? :
 
 Tu n'es pas obligé mais ce serait bien que tu prennes 5 minutes et que tu rapportes ton infection sur Malware Complaints pour condamner les auteurs.
 
  • Ton(tes) infection(s) : Trojan.DNSChanger.
  • Si tu ne la trouves pas dans la liste, poste dans Autres infections.

 Aide : Comment dénoncer mon infection sur Malware Complaints.  


 De bonne lecture :
 http://www.malekal.com/menu_windows_general.php
 http://www.malekal.com/menu_windows_securite.php


 Si tu considère ton problème comme résolu, édite avec le crochet [:jlj:3] ton premier poste et ajoute [résolu] dans le titre.


 Bonne journée et bon surf    :super:  


 @++  :)

 Page :
1

Aller à :
 

Sujets relatifs
Bonne Fête Pc en bonne santé ?
fenêtres de pub intenpestives [resolu] Faire une bonne blague
Virus Bagle, l'année commence bien. Au secours - Trojan.Juan.G. est un enfer
Choisir une bonne protection rapport hijackthis sur un pc poussif
Plus de sujets relatifs à : Bonne Annee !! Au secours : PC poussif [résolu]

Les 5 sujets de discussion précédents Nombre de réponses Dernier message
Trojan Generic n° 1269594 SEEKEEN RESOLU 15
myway.myweb search, ne demarre plus en mode ss echec 39
Des pages vides s'ouvrent sous IE 7.(fenêtres intempestives) 9
qui peux m'aider ?? pc lent 1
Affichage intempestif sur Internet exploreur 9