01net    Web


Actuellement en ligne : 791 Utilisateurs dont 119 dans Sécurité, virus et assimilés >S'inscrire      >S'identifier      >Recherche      >Aide  
modéré par A.Ouloube, naheulbeuk, Mérillym, bibou0007, Anthony10, Malekal_morte, IL-MAFIOSO, smilblick  
01net > Forum de 01net > Sécurité, virus et assimilés > Trojan et spywares
> Virus sur mon PC VBS.AGENT
Passionné(e) d'internet, de logiciels, de forums ? 01net recrute...
Auteur
Message
 
<     1       >
sebdarkprince
  
   
      ?   @     Posté le 12/05/2008 12:36:03  
Voter pour ce message
Bonjour, :jap:
j'ai acheté il y a quelques temps un téléphone venant de chine et je crois que lorsque je l'ai branché sur mon PC, il a instalé un virus, en effet, depuis lorsque je branche un périphérique de stockage USb, avast détecte un virus et m'affiche la fenêtre ci dessous et lorque je passe par le poste de travail et que je cli sur mon disque dur ou un périphérique de stockage USB, j'ai le message d'erreur suivant: Impossible de touver le fichier script "D:\Thierry.vbs".

< inclued picture >

Pouvez vous m'aider s'il vous plait?
Merci
(windows XP SP2)
K1Ks
  
  :-)
      ?   @     Posté le 12/05/2008 12:51:34  
Voter pour ce message
:hello: # Télécharge HijackThis v2.0.2
# ==>Lien et Tuto ici<==
# Suis les indications et poste le rapport obtenu dans ton prochain message.
-------
Site d'Entraide sur la Sécurité Bibou Le Forum
sebdarkprince
  
   
      ?   @     Posté le 12/05/2008 14:40:09  
Voter pour ce message
Le virus pose problème au moment ou hijackthis veut créer son rapport sous forme de document texte, j'ai donc fais des captures d'écrans du rapport directement sur hijackthis, super pratique :fou:

< inclued picture >

Cliquez sur l'image pour l'agrandir ;)
désolé, ce n'est pas super lisible mais je ne peu pas faire autrement, merci de votre compréhension et de votre aide !!!
K1Ks
  
  :-)
      ?   @     Posté le 12/05/2008 16:02:33  
Voter pour ce message
Télécharge Flash Disinfector sur ton Bureau
>>> http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Connecte tous les périphériques externes ( DD , USB , ..... )

Double clique sur Flash Disinfector et laisse toi guider

**********************

Télécharge ComboFix de sUBs
>>> http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton Bureau et pas ailleurs!

# Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

# Double clique sur Combofix.exe et suis les instructions.
Quand il aura fini, il va généré un log. Poste le rapport dans ta prochaine réponse avec un nouveau log Hijackthis.

Note :
# Ne pas cliquer dans la fenêtre de combofix durant le passage de l'outils.
# Le rapport se trouve également ici : C:\Combofix.txt
# N'oublie pas de réactiver tes protections !!!


-->Message édité par K1Ks le 14/05/2008 13:09:39<--
-------
Site d'Entraide sur la Sécurité Bibou Le Forum
sebdarkprince
  
   
      ?   @     Posté le 14/05/2008 07:36:59  
Voter pour ce message
Oups, petit problème quand je veu télécharger flash desinfector, on me dit qu'il y a une erreur sur la page :s
K1Ks
  
  :-)
      ?   @     Posté le 14/05/2008 13:10:22  
Voter pour ce message
Erreur de texte de ma part , désolé :
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
-------
Site d'Entraide sur la Sécurité Bibou Le Forum
sebdarkprince
  
   
      ?   @     Posté le 14/05/2008 19:14:25  
Voter pour ce message
rapport combofix:

ComboFix 08-05-12.1 - Thierry 2008-05-14 13:03:06.1 - FAT32x86
Endroit: C:\Documents and Settings\Thierry\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\Program Files\Dcads Advanced Toolbar
C:\Program Files\Dcads Advanced Toolbar\buttons.xml
C:\Program Files\Dcads Advanced Toolbar\search.xml
C:\Program Files\Dcads Advanced Toolbar\toolbar.dll
C:\Program Files\Dcads Advanced Toolbar\uninstall.exe
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\bin\siuninst.exe
C:\WINDOWS\pack.epk
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\2.exe
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\axudnebqgr.dat
C:\WINDOWS\system32\axudnebqgr.exe
C:\WINDOWS\system32\axudnebqgr_nav.dat
C:\WINDOWS\system32\axudnebqgr_navps.dat
C:\WINDOWS\system32\dcads-remove.exe
C:\WINDOWS\system32\dcadssuggest.dll
C:\WINDOWS\system32\nseCDD.dll
C:\WINDOWS\system32\pskill.exe
C:\WINDOWS\tmlpcert2007

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_LOG


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-14 to 2008-05-14 ))))))))))))))))))))))))))))))))))))
.

2008-05-12 13:43 . 2008-05-12 13:43 33,830 ---hs---- C:\WINDOWS\Thierry.vbs
2008-05-12 13:43 . 2008-05-12 13:43 33,830 --a------ C:\THIERRY.VBS
2008-05-12 13:38 . 2008-05-12 13:38 <REP> d-------- C:\Program Files\Trend Micro
2008-05-01 10:12 . 2008-05-12 13:43 25 --ahs---- C:\WINDOWS\system32\Thierry.ini
2008-05-01 10:10 . 2008-05-12 13:43 33,830 ---hs---- C:\WINDOWS\system32\Thierry.vbs
2008-04-30 12:28 . 2008-04-30 12:28 <REP> d--hs---- C:\FOUND.000
2008-04-15 18:00 . 2008-04-15 18:00 <REP> d-------- C:\Documents and Settings\Thierry\Application Data\Studio-Scrap
2008-04-15 18:00 . 2002-03-06 09:00 262,656 --a------ C:\WINDOWS\system32\vcldb60.bpl
2008-04-15 18:00 . 2003-03-19 08:04 28,672 --a------ C:\WINDOWS\system32\rtl60.FR
2008-04-15 18:00 . 2002-03-06 09:00 24,576 --a------ C:\WINDOWS\system32\vcl60.fr
2008-04-15 18:00 . 2002-03-06 09:00 8,192 --a------ C:\WINDOWS\system32\vcldb60.fr
2008-04-15 18:00 . 2002-03-06 09:00 4,096 --a------ C:\WINDOWS\system32\vclx60.fr
2008-04-14 15:46 . 2008-04-19 14:31 997 --a------ C:\WINDOWS\posteriza.INI

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 14:53 --------- d-----w C:\Documents and Settings\Thierry\Application Data\Ulead Systems
2008-04-07 14:51 --------- d-----w C:\Program Files\Ulead Systems
2008-04-07 14:51 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2008-04-07 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-04-07 13:24 --------- d-----w C:\Program Files\Popims
2008-04-07 12:56 --------- d-----w C:\Program Files\GIFSHOPPRO
2008-04-07 12:45 234,166 ----a-w C:\WINDOWS\EasyGifAnimator_Toolbar_Uninstaller_6843.exe
2008-04-07 12:45 --------- d-----w C:\Program Files\Easy Gif Animator Extension
2008-03-30 15:58 --------- d-----w C:\Program Files\Futuroscope Experience ADF
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2007-12-17 15:53 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-06 06:59 9,739,136 ----a-w C:\Program Files\IncrediMailSetup_fr.exe
2007-09-11 17:02 1,994 ----a-w C:\Documents and Settings\Thierry\Application Data\SAS7_000.DAT
2006-07-18 16:32 15,295,272 ----a-w C:\Program Files\Install_Messenger.exe
2006-06-25 07:29 4,466,264 ----a-w C:\Program Files\MsgPlusLive-400.exe
2006-05-23 07:11 139 --sh--w C:\Program Files\desktop.ini
2006-03-18 07:23 10,704,584 ----a-w C:\Program Files\setupfre.exe
2006-03-12 09:33 4,752,968 ----a-w C:\Program Files\MsgPlus-362.exe
2006-03-06 13:40 243,512 ----a-w C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw.exe
2006-03-03 11:32 39,936 ----a-w C:\Program Files\EvID4226Patch.exe
2005-12-26 15:14 9,336,520 ----a-w C:\Program Files\Install_MSN_Messenger.EXE
2006-08-29 14:08 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.

------- Sigcheck -------

2006-08-28 10:23 1325568 416c417bf8ee81f03c8e87ab258182bc C:\WINDOWS\system32\WININET.DLL
2004-08-05 05:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB867282$\wininet.dll
2005-01-27 19:12 662016 66a10b98f18fd804236ab2d90301de04 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-03-10 09:48 662016 06ad0b0f43286cd50af283762eb56763 C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-10-21 04:39 665600 d327378ceef9a141c7352691fc30a0da C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-04 06:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 13:25 668672 582953780721ac5d38f98cab229ec7b9 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2005-01-27 19:14 660992 b16b02f3c804f057dab099cc15ed0206 C:\WINDOWS\$NtUninstallKB890923$\wininet.dll
2005-10-21 04:41 1222144 ab696b0ba0466180946f37f54b09b665 C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2005-03-10 10:04 660992 ba7cda9917332a6e1faa1b46bc3ab5fd C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
2006-03-04 05:35 662528 19e1a21f21bc938a92ee8be630994493 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
2006-05-10 07:24 662528 343fabbf09312842816e92947aacf73a C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
2006-06-23 13:11 663040 4f343f414f05e81cf61b1001634fc6b7 C:\WINDOWS\ie7\wininet.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{733716E1-76D2-4003-AC39-845281C0EF85}]
2008-02-08 18:53 233472 --a------ C:\WINDOWS\system32\nsu2FD.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-02-05 14:20 180224]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-01 17:49 171448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"vidc.sccd"= C:\PROGRA~1\LUMINO~1\SoftCam1.5\Driver\SCCodec.dll
"MSVideo7"= C:\PROGRA~1\LUMINO~1\SoftCam1.5\Driver\SCVid32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk
backup=C:\WINDOWS\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Live™ Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Live™ Messenger.lnk
backup=C:\WINDOWS\pss\Windows Live™ Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Thierry^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk]
path=C:\Documents and Settings\Thierry\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk
backup=C:\WINDOWS\pss\TribalWeb.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Thierry^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=C:\Documents and Settings\Thierry\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Thierry^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\Thierry\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Thierry^Menu Démarrer^Programmes^Démarrage^Y'z Toolbar.lnk]
path=C:\Documents and Settings\Thierry\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
backup=C:\WINDOWS\pss\Y'z Toolbar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-04-13 12:49 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AspireService]
--a------ 2005-06-04 12:40 110592 C:\Program Files\Acer\Acer eMode Management\AspireService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\axudnebqgr]
c:\windows\system32\axudnebqgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]
C:\WINDOWS\system32\prodsrvs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 10:44 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailSkinner]
c:\program files\mailskinner\mailskinner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
--a------ 2007-08-20 11:44 1515520 D:\Programme files 2.0\cam\ManyCam 2.1\ManyCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaSync]
C:\Program Files\Acer\Acer eConsole\MediaSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2007-10-10 20:15 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update Machine]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2003-07-13 02:49 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetAppel]
D:\Programme files 2.0\NetAppel\NetAppel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 18:15 45056 c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-06-16 01:15 366400 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-07-15 15:26 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-07-15 01:07 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-12 15:25 21686568 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-06-08 08:31 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
C:\WINDOWS\system32\spads.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME\TomTomHOME.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
--------- 2004-11-26 11:43 90112 C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]
--a------ 2006-07-30 03:37 121089 D:\Programme files 2.0\Vista Hard Drive Status Bar\vsdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
D:\Programme files 2.0\VoipBuster\VoipBuster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-05-13 12:57 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2005-05-13 12:57 143360 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]
C:\Program Files\DAEMON Tools SearchBar\whse.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wicjpaqtr]
c:\windows\system32\wicjpaqtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 D:\Programme files 2.0\winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\WANADOO\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\WANADOO\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\WANADOO\Watch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Microsoft Update Machine"=1.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Programme files 2.0\\limeware\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IncrediMail\\incredimail_install.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22241:TCP"= 22241:TCP:BitComet 22241 TCP
"22241:UDP"= 22241:UDP:BitComet 22241 UDP
"5000:TCP"= 5000:TCP:AresChatServer

R2 autoupdt;autoupdt;"C:\WINDOWS\autoupdt.exe" [2002-11-02 11:03]
R2 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 14:46]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 13:17]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37]
S2 Tenable Nessus;Tenable Nessus;"D:\Programme files 2.0\nessus\nessusd.exe" [2007-06-28 10:47]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-05-19 09:06]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20f7fc74-c686-11dc-aef0-000fea31d0b5}]
\Shell\AutoRun\command - K:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30a7f5c2-3f48-11dc-ae1d-0060b3e6664a}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0f0f336-1755-11dd-af57-0060b3e6664a}]
\Shell\AutoRun\command - WScript.exe Thierry.vbs "AutoRun"
\Shell\AutoRun1\command - WScript.exe Thierry.vbs "AutoRun"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0f0f337-1755-11dd-af57-0060b3e6664a}]
\Shell\AutoRun\command - WScript.exe Thierry.vbs "AutoRun"
\Shell\AutoRun1\command - WScript.exe Thierry.vbs "AutoRun"

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 13:13:44
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\WINDOWS\SYSTEM32\HPZIPM12.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHDISP.EXE
C:\PROGRAM FILES\SAGEM WI-FI USB 802.11G\WLANUTL.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dwwin.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-14 13:17:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-14 11:16:58

Pre-Run: 84,606,976 octets libres
Post-Run: 226,426,880 octets libres

320 --- E O F --- 2008-04-13 01:08:04
sebdarkprince
  
   
      ?   @     Posté le 14/05/2008 19:45:00  
Voter pour ce message
Rapport HijackThis (je ne crois pas que le problème soit résolu pour l'instant)

< inclued picture >
K1Ks
  
  :-)
      ?   @     Posté le 14/05/2008 19:50:23  
Voter pour ce message
Copie le texte se situant dans le cadre ci-dessous :


File::
C:\WINDOWS\Thierry.vbs
C:\THIERRY.VBS
C:\WINDOWS\system32\Thierry.ini
C:\WINDOWS\system32\Thierry.vbs
C:\WINDOWS\system32\nsu2FD.dll
c:\windows\system32\axudnebqgr.exe
C:\WINDOWS\system32\spads.dll
c:\windows\system32\wicjpaqtr.exe

Folder
C:\PROGRA~1\MYWEBS~1

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{733716E1-76D2-4003-AC39-845281C0EF85}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\axudnebqgr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Instant Access]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailSkinner]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wicjpaqtr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar Search Scope Monitor]



Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier ComboFix-Do.txt dans Combofix.exe comme ci-dessous :

[img]http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
[/img]
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
-------
Site d'Entraide sur la Sécurité Bibou Le Forum
sebdarkprince
  
   
      ?   @     Posté le 15/05/2008 13:10:25  
Voter pour ce message
Voilà le rapport combofix, je ne suis pas sur que ça ai fonctionné, car je n'ai pas eu à taper 1 et j'ai eu un message d'erreur.
Je vous envois le rapport hijackthis ce soir.
Merci de prendre du temps pour m'aider :)


ComboFix 08-05-12.1 - Thierry 2008-05-15 12:47:15.2 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.171 [GMT 2:00]
Endroit: C:\Documents and Settings\Thierry\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Thierry\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\THIERRY.VBS
c:\windows\system32\axudnebqgr.exe
C:\WINDOWS\system32\nsu2FD.dll
C:\WINDOWS\system32\spads.dll
C:\WINDOWS\system32\Thierry.ini
C:\WINDOWS\system32\Thierry.vbs
c:\windows\system32\wicjpaqtr.exe
C:\WINDOWS\Thierry.vbs
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\THIERRY.VBS
C:\WINDOWS\system32\nsu2FD.dll
C:\WINDOWS\system32\Thierry.ini
C:\WINDOWS\system32\Thierry.vbs
C:\WINDOWS\Thierry.vbs
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-04-15 to 2008-05-15 ))))))))))))))))))))))))))))))))))))
.

2008-05-15 03:02 . 2008-05-15 03:02 <REP> d-------- C:\WINDOWS\LastGood
2008-05-12 13:38 . 2008-05-12 13:38 <REP> d-------- C:\Program Files\Trend Micro
2008-04-30 12:28 . 2008-04-30 12:28 <REP> d--hs---- C:\FOUND.000
2008-04-15 18:00 . 2008-04-15 18:00 <REP> d-------- C:\Documents and Settings\Thierry\Application Data\Studio-Scrap
2008-04-15 18:00 . 2002-03-06 09:00 262,656 --a------ C:\WINDOWS\system32\vcldb60.bpl
2008-04-15 18:00 . 2003-03-19 08:04 28,672 --a------ C:\WINDOWS\system32\rtl60.FR
2008-04-15 18:00 . 2002-03-06 09:00 24,576 --a------ C:\WINDOWS\system32\vcl60.fr
2008-04-15 18:00 . 2002-03-06 09:00 8,192 --a------ C:\WINDOWS\system32\vcldb60.fr
2008-04-15 18:00 . 2002-03-06 09:00 4,096 --a------ C:\WINDOWS\system32\vclx60.fr

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 14:53 --------- d-----w C:\Documents and Settings\Thierry\Application Data\Ulead Systems
2008-04-07 14:51 --------- d-----w C:\Program Files\Ulead Systems
2008-04-07 14:51 --------- d-----w C:\Program Files\Fichiers communs\Ulead Systems
2008-04-07 14:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-04-07 13:24 --------- d-----w C:\Program Files\Popims
2008-04-07 12:56 --------- d-----w C:\Program Files\GIFSHOPPRO
2008-04-07 12:45 234,166 ----a-w C:\WINDOWS\EasyGifAnimator_Toolbar_Uninstaller_6843.exe
2008-04-07 12:45 --------- d-----w C:\Program Files\Easy Gif Animator Extension
2008-03-30 15:58 --------- d-----w C:\Program Files\Futuroscope Experience ADF
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:35 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:35 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2007-12-17 15:53 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-06 06:59 9,739,136 ----a-w C:\Program Files\IncrediMailSetup_fr.exe
2007-09-11 17:02 1,994 ----a-w C:\Documents and Settings\Thierry\Application Data\SAS7_000.DAT
2006-07-18 16:32 15,295,272 ----a-w C:\Program Files\Install_Messenger.exe
2006-06-25 07:29 4,466,264 ----a-w C:\Program Files\MsgPlusLive-400.exe
2006-05-23 07:11 139 --sh--w C:\Program Files\desktop.ini
2006-03-18 07:23 10,704,584 ----a-w C:\Program Files\setupfre.exe
2006-03-12 09:33 4,752,968 ----a-w C:\Program Files\MsgPlus-362.exe
2006-03-06 13:40 243,512 ----a-w C:\Program Files\jre-1_5_0_06-windows-i586-p-iftw.exe
2006-03-03 11:32 39,936 ----a-w C:\Program Files\EvID4226Patch.exe
2005-12-26 15:14 9,336,520 ----a-w C:\Program Files\Install_MSN_Messenger.EXE
2006-08-29 14:08 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
.

------- Sigcheck -------

2006-08-28 10:23 1325568 416c417bf8ee81f03c8e87ab258182bc C:\WINDOWS\system32\WININET.DLL
2004-08-05 05:00 660480 58fe94ef42e074f4cad8bf02e70e6478 C:\WINDOWS\$NtUninstallKB867282$\wininet.dll
2005-01-27 19:12 662016 66a10b98f18fd804236ab2d90301de04 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-03-10 09:48 662016 06ad0b0f43286cd50af283762eb56763 C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-10-21 04:39 665600 d327378ceef9a141c7352691fc30a0da C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2006-03-04 06:00 667648 241dbc4c2714b2f39afded49459ed420 C:\WINDOWS\$hf_mig$\KB912812\SP2QFE\wininet.dll
2006-05-10 07:26 667648 44fcc339191adb8892520dfa473c455f C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\wininet.dll
2006-06-23 13:25 668672 582953780721ac5d38f98cab229ec7b9 C:\WINDOWS\$hf_mig$\KB918899\SP2QFE\wininet.dll
2005-01-27 19:14 660992 b16b02f3c804f057dab099cc15ed0206 C:\WINDOWS\$NtUninstallKB890923$\wininet.dll
2005-10-21 04:41 1222144 ab696b0ba0466180946f37f54b09b665 C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2005-03-10 10:04 660992 ba7cda9917332a6e1faa1b46bc3ab5fd C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
2006-03-04 05:35 662528 19e1a21f21bc938a92ee8be630994493 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
2006-05-10 07:24 662528 343fabbf09312842816e92947aacf73a C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
2006-06-23 13:11 663040 4f343f414f05e81cf61b1001634fc6b7 C:\WINDOWS\ie7\wininet.dll
.
((((((((((((((((((((((((((((( snapshot@2008-05-14_13.16.34.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-10 01:07:08 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-05-15 01:06:02 593,920 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-04-10 01:07:10 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-05-15 01:06:02 12,288 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-04-10 01:07:10 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-05-15 01:06:02 86,016 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-04-10 01:07:08 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-05-15 01:06:02 135,168 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-04-10 01:07:10 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-05-15 01:06:02 11,264 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-04-10 01:07:10 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-05-15 01:06:02 27,136 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-04-10 01:07:10 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-05-15 01:06:02 4,096 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-04-10 01:07:10 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-05-15 01:06:02 794,624 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-04-10 01:07:08 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-05-15 01:06:02 249,856 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-04-10 01:07:08 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-05-15 01:06:02 61,440 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-04-10 01:07:10 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-05-15 01:06:02 23,040 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-04-10 01:07:08 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-05-15 01:06:02 286,720 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-04-10 01:07:08 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-05-15 01:06:02 409,600 ----a-r C:\WINDOWS\Installer\{9011040C-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-03-25 04:50:26 554,008 ------w C:\WINDOWS\system32\dllcache\dao360.dll
+ 2008-03-25 04:50:28 518,944 ------w C:\WINDOWS\system32\dllcache\msexch40.dll
+ 2008-03-25 04:50:30 326,432 ------w C:\WINDOWS\system32\dllcache\msexcl40.dll
+ 2008-03-25 04:50:34 1,516,568 ------w C:\WINDOWS\system32\dllcache\msjet40.dll
+ 2008-03-25 04:50:40 355,112 ------w C:\WINDOWS\system32\dllcache\msjetol1.dll
+ 2008-03-25 04:50:42 60,192 ------w C:\WINDOWS\system32\dllcache\msjter40.dll
+ 2008-03-25 04:50:42 248,608 ------w C:\WINDOWS\system32\dllcache\msjtes40.dll
+ 2008-03-25 04:50:44 219,936 ------w C:\WINDOWS\system32\dllcache\msltus40.dll
+ 2008-03-25 04:50:46 355,104 ------w C:\WINDOWS\system32\dllcache\mspbde40.dll
+ 2008-03-25 04:50:48 432,928 ------w C:\WINDOWS\system32\dllcache\msrd2x40.dll
+ 2008-03-25 04:50:50 322,336 ------w C:\WINDOWS\system32\dllcache\msrd3x40.dll
+ 2008-03-25 04:50:52 559,904 ------w C:\WINDOWS\system32\dllcache\msrepl40.dll
+ 2008-03-25 04:50:56 264,992 ------w C:\WINDOWS\system32\dllcache\mstext40.dll
+ 2008-03-25 04:50:58 838,432 ------w C:\WINDOWS\system32\dllcache\mswdat10.dll
+ 2008-03-25 04:50:58 355,104 ------w C:\WINDOWS\system32\dllcache\msxbde40.dll
- 2004-08-05 03:00:00 512,029 ----a-w C:\WINDOWS\system32\msexch40.dll
+ 2008-03-25 04:50:28 518,944 ----a-w C:\WINDOWS\system32\msexch40.dll
- 2004-08-05 03:00:00 319,517 ----a-w C:\WINDOWS\system32\msexcl40.dll
+ 2008-03-25 04:50:30 326,432 ----a-w C:\WINDOWS\system32\msexcl40.dll
- 2004-08-05 03:00:00 1,507,356 ----a-w C:\WINDOWS\system32\msjet40.dll
+ 2008-03-25 04:50:34 1,516,568 ----a-w C:\WINDOWS\system32\msjet40.dll
- 2004-08-05 03:00:00 358,976 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
+ 2008-03-25 04:50:40 355,112 ----a-w C:\WINDOWS\system32\msjetoledb40.dll
- 2004-08-05 03:00:00 53,279 ----a-w C:\WINDOWS\system32\msjter40.dll
+ 2008-03-25 04:50:42 60,192 ----a-w C:\WINDOWS\system32\msjter40.dll
- 2004-08-05 03:00:00 241,693 ----a-w C:\WINDOWS\system32\msjtes40.dll
+ 2008-03-25 04:50:42 248,608 ----a-w C:\WINDOWS\system32\msjtes40.dll
- 2004-08-05 03:00:00 213,023 ----a-w C:\WINDOWS\system32\msltus40.dll
+ 2008-03-25 04:50:44 219,936 ----a-w C:\WINDOWS\system32\msltus40.dll
- 2004-08-05 03:00:00 348,189 ----a-w C:\WINDOWS\system32\mspbde40.dll
+ 2008-03-25 04:50:46 355,104 ----a-w C:\WINDOWS\system32\mspbde40.dll
- 2004-08-05 03:00:00 421,919 ----a-w C:\WINDOWS\system32\msrd2x40.dll
+ 2008-03-25 04:50:48 432,928 ----a-w C:\WINDOWS\system32\msrd2x40.dll
- 2004-08-05 03:00:00 315,423 ----a-w C:\WINDOWS\system32\msrd3x40.dll
+ 2008-03-25 04:50:50 322,336 ----a-w C:\WINDOWS\system32\msrd3x40.dll
- 2004-08-05 03:00:00 552,989 ----a-w C:\WINDOWS\system32\msrepl40.dll
+ 2008-03-25 04:50:52 559,904 ----a-w C:\WINDOWS\system32\msrepl40.dll
- 2004-08-05 03:00:00 258,077 ----a-w C:\WINDOWS\system32\mstext40.dll
+ 2008-03-25 04:50:56 264,992 ----a-w C:\WINDOWS\system32\mstext40.dll
- 2004-08-05 03:00:00 831,519 ----a-w C:\WINDOWS\system32\mswdat10.dll
+ 2008-03-25 04:50:58 838,432 ----a-w C:\WINDOWS\system32\mswdat10.dll
- 2004-08-05 03:00:00 348,189 ----a-w C:\WINDOWS\system32\msxbde40.dll
+ 2008-03-25 04:50:58 355,104 ----a-w C:\WINDOWS\system32\msxbde40.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2006-02-05 14:20 180224]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-01 17:49 171448]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Utilitaire r‚seau pour SAGEM Wi-Fi 11g USB adapter.lnk - C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe [2008-01-19 10:48:48 835584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
"vidc.sccd"= C:\PROGRA~1\LUMINO~1\SoftCam1.5\Driver\SCCodec.dll
"MSVideo7"= C:\PROGRA~1\LUMINO~1\SoftCam1.5\Driver\SCVid32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk
backup=C:\WINDOWS\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Windows Live™ Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Windows Live™ Messenger.lnk
backup=C:\WINDOWS\pss\Windows Live™ Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Thierry^Menu Démarrer^Programmes^Démarrage^TribalWeb.lnk]
path=C:\Documents and Settings\Thierry\Menu Démarrer\Programmes\Démarrage\TribalWeb.lnk
backup=C:\WINDOWS\pss\TribalWeb.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Thierry^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=C:\Documents and Settings\Thierry\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Thierry^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
path=C:\Documents and Settings\Thierry\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Thierry^Menu Démarrer^Programmes^Démarrage^Y'z Toolbar.lnk]
path=C:\Documents and Settings\Thierry\Menu Démarrer\Programmes\Démarrage\Y'z Toolbar.lnk
backup=C:\WINDOWS\pss\Y'z Toolbar.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-04-13 12:49 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AspireService]
--a------ 2005-06-04 12:40 110592 C:\Program Files\Acer\Acer eMode Management\AspireService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-06-10 10:44 81920 C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2005-07-19 17:32 221184 C:\WINDOWS\system32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
--a------ 2007-08-20 11:44 1515520 D:\Programme files 2.0\cam\ManyCam 2.1\ManyCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaSync]
C:\Program Files\Acer\Acer eConsole\MediaSync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2007-10-10 20:15 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Update Machine]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2003-07-13 02:49 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetAppel]
D:\Programme files 2.0\NetAppel\NetAppel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
--a------ 2005-05-11 18:15 45056 c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
--a------ 2007-06-16 01:15 366400 C:\Program Files\Picasa2\PicasaMediaDetector.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-07-15 15:26 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-07-15 01:07 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-12 15:25 21686568 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2005-06-08 08:31 77824 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
C:\Program Files\TomTom HOME\TomTomHOME.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
--------- 2004-11-26 11:43 90112 C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vistadrv]
--a------ 2006-07-30 03:37 121089 D:\Programme files 2.0\Vista Hard Drive Status Bar\vsdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoipBuster]
D:\Programme files 2.0\VoipBuster\VoipBuster.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-05-13 12:57 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2005-05-13 12:57 143360 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSearchWHSE]
C:\Program Files\DAEMON Tools SearchBar\whse.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-10-10 06:28 36352 D:\Programme files 2.0\winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOKIT]
C:\PROGRA~1\WANADOO\Shell.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
C:\PROGRA~1\WANADOO\GestMaj.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
C:\PROGRA~1\WANADOO\Watch.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"Microsoft Update Machine"=1.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Programme files 2.0\\limeware\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\IncrediMail\\incredimail_install.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22241:TCP"= 22241:TCP:BitComet 22241 TCP
"22241:UDP"= 22241:UDP:BitComet 22241 UDP
"5000:TCP"= 5000:TCP:AresChatServer

R2 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 14:46]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\WINDOWS\system32\DRIVERS\ManyCam.sys [2007-03-22 13:17]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 16:37]
S2 autoupdt;autoupdt;"C:\WINDOWS\autoupdt.exe" [2002-11-02 11:03]
S2 Tenable Nessus;Tenable Nessus;"D:\Programme files 2.0\nessus\nessusd.exe" [2007-06-28 10:47]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-05-19 09:06]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys []
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{20f7fc74-c686-11dc-aef0-000fea31d0b5}]
\Shell\AutoRun\command - K:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30a7f5c2-3f48-11dc-ae1d-0060b3e6664a}]
\Shell\AutoRun\command - K:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0f0f336-1755-11dd-af57-0060b3e6664a}]
\Shell\AutoRun\command - WScript.exe Thierry.vbs "AutoRun"
\Shell\AutoRun1\command - WScript.exe Thierry.vbs "AutoRun"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0f0f337-1755-11dd-af57-0060b3e6664a}]
\Shell\AutoRun\command - WScript.exe Thierry.vbs "AutoRun"
\Shell\AutoRun1\command - WScript.exe Thierry.vbs "AutoRun"

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-15 12:50:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSSdk23]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk23.drv"
.
Temps d'accomplissement: 2008-05-15 12:51:26
ComboFix-quarantined-files.txt 2008-05-15 10:51:24
ComboFix2.txt 2008-05-14 11:17:04

Pre-Run: 242,679,808 octets libres
Post-Run: 232,554,496 octets libres

362 --- E O F --- 2008-05-15 01:06:02
sebdarkprince
  
   
      ?   @     Posté le 15/05/2008 18:30:36  
Voter pour ce message
< inclued picture >
K1Ks
  
  :-)
      ?   @     Posté le 15/05/2008 19:37:33  
Voter pour ce message
# Télécharge Deckard System Scanner
# >>> Lien et Tuto ici <<<
# Suis les indications et poste le rapport obtenu dans ton prochain message.
-------
Site d'Entraide sur la Sécurité Bibou Le Forum
sebdarkprince
  
   
      ?   @     Posté le 16/05/2008 19:58:45  
Voter pour ce message
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Édition familiale (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: AMD Sempron(tm) Processor 3000+
Percentage of Memory in Use: 63%
Physical Memory (total/avail): 447.48 MiB / 165.11 MiB
Pagefile Memory (total/avail): 1054.61 MiB / 737.02 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1923.5 MiB

C: is Fixed (FAT32) - 72.65 GiB total, 0.84 GiB free.
D: is Fixed (FAT32) - 73.43 GiB total, 1.44 GiB free.
E: is CDROM (UDF)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\\.\PHYSICALDRIVE0 - WDC WD1600BB-22GUC0 - 149.05 GiB - 3 partitions
\PARTITION0 - Unknown - 2.93 GiB
\PARTITION1 (bootable) - Unknown - 72.67 GiB - C:
\PARTITION2 - Étendu avec Inter. 13 étendue - 73.45 GiB - D:

\\.\PHYSICALDRIVE3 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE5 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE2 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB SM Reader USB Device

\\.\PHYSICALDRIVE1 - HP Photosmart C5180 USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

AV: avast! antivirus 4.7.1098 [VPS 080516-1] v4.7.1098 (ALWIL Software)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\PROGRA~1\\LIVECOM\\APPLIC~1\\EXE\\LIVECOM.EXE"="C:\\PROGRA~1\\LIVECOM\\APPLIC~1\\EXE\\LIVECOM.EXE:*:Enabled:Livecom"
"C:\\PROGRA~1\\LIVECOM\\APPLIC~1\\EXE\\..\\EconfV4\\ftplayer.exe"="C:\\PROGRA~1\\LIVECOM\\APPLIC~1\\EXE\\..\\EconfV4\\ftplayer.exe:*:Enabled:Livecom Media"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\\Programme files 2.0\\limeware\\LimeWire\\LimeWire.exe"="D:\\Programme files 2.0\\limeware\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:µTorrent"
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe"="C:\\WINDOWS\\PCHEALTH\\HELPCTR\\BINARIES\\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"="C:\\Program Files\\IncrediMail\\bin\\ImApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\incredimail_install.exe"="C:\\Program Files\\IncrediMail\\incredimail_install.exe:*:Enabled:IncrediMail Installer"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Thierry\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=ACER-73356C3771
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Thierry
LOGONSERVER=\\ACER-73356C3771
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem;;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2c02
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_02\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Thierry\LOCALS~1\Temp
TMP=C:\DOCUME~1\Thierry\LOCALS~1\Temp
USERDOMAIN=ACER-73356C3771
USERNAME=Thierry
USERPROFILE=C:\Documents and Settings\Thierry
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Thierry [I](admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ÜberIcon --> C:\Program Files\UberIcon\Uninst.exe
Acer eConsole --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC028E6B-F3F1-4192-B63E-A7C97302ED5A}\setup.exe" -l0x40c
Acer eMode Management --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{65CDEC30-4BF4-48FB-8059-9FC480E4E94F}\setup.exe" -l0x40c
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Recommended Settings --> MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings --> MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2 --> C:\Program Files\Fichiers communs\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{77D2A9D3-5800-43E3-B274-87841BC87DB2}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3 --> C:\Program Files\Fichiers communs\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe
Adobe Photoshop CS3 --> MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A}
Adobe Reader 7.0.9 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Adobe Setup --> MsiExec.exe /I{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}
Adobe Setup --> MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702}
Adobe Shockwave Player --> C:\WINDOWS\system32\MACROMED\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\MACROMED\SHOCKW~1\INSTALL.LOG
Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
Agere Systems PCI Soft Modem --> agrsmdel
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Audacity 1.2.4 --> "D:\Programme files 2.0\Audacity\unins000.exe"
Avanquest update --> C:\Program Files\InstallShield Installation Information\{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}\setup.exe -runfromtemp -l0x040c -removeonly
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVIConverter 3.0 --> D:\Programme files 2.0\AVIConverter\uninst.exe
AVIConverter 3.5 --> D:\Programme files 2.0\Uninstall.exe
Browser Optimizer Superiorads --> C:\WINDOWS\system32\superiorads-uninst.exe
CCleaner (remove only) --> "D:\Programme files 2.0\ccleaner\uninst.exe"
Corel Paint Shop Pro X --> MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB935448) --> "C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Correctif Windows XP - KB867282 --> C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Correctif Windows XP - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890047 --> C:\WINDOWS\$NtUninstallKB890047$\spuninst\spuninst.exe
Correctif Windows XP - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB890923 --> "C:\WINDOWS\$NtUninstallKB890923$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Correctif Windows XP - KB893086 --> "C:\WINDOWS\$NtUninstallKB893086$\spuninst\spuninst.exe"
Dcads Advanced Toolbar --> C:\Program Files\Dcads Advanced Toolbar\uninstall.exe
Dcads Games Collection --> C:\Program Files\Dcads Games Collection\uninstall.exe
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dynamic-Photo HDR (Trial/Showcase 2.01b) --> "D:\Programme files 2.0\DynamicPhotoHDR\unins000.exe"
e-Watch Camera Viewer --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchiSetup -ether"C:\Program Files\InstallShield Installation Information\{88EFC79A-2079-41B5-9FB7-EB0CA7463936}" -l0x9
Easy GIF Animator 4.6 --> "D:\Easy GIF Animator\unins000.exe"
Easy Gif Animator Extension --> "C:\WINDOWS\EasyGifAnimator_Toolbar_Uninstaller_6843.exe" _?=C:\Program Files\Easy Gif Animator Extension
Editeur Handling GTA-SA v2.0 --> D:\san andreas\GTA San Andreas\handling\Uninstal.exe
eMule --> "C:\Program Files\eMule\Uninstall.exe"
eMule Plus 1.2 --> "C:\Program Files\eMule\unins000.exe"
Futuroscope Experience --> "C:\Program Files\Futuroscope Experience ADF\unins000.exe"
Galerie de photos Windows Live --> MsiExec.exe /X{A70FA218-6598-4AC9-813D-63597C5DD068}
Gfx --> MsiExec.exe /I{459867F2-4525-4B03-9EFB-130678919B60}
GIF Movie Gear 4.0.1 --> C:\WINDOWS\iun506.exe C:\Program Files\GIF Movie Gear\irunin.ini
GIF SHOP PRO 1.1 --> "C:\Documents and Settings\Thierry\Menu Démarrer\Programmes\GIFSHOPPRO\unins000.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
GTA San Andreas --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c -removeonly
HijackThis 2.0.2 --> "D:\Programme files 2.0\hijachthis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Customer Participation Program 7.0 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Document Viewer 7.0 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Photosmart, Officejet and Deskjet 7.0.A --> C:\Program Files\HP\Digital Imaging\{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
HP Solution Center 7.0 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Image Converter and Editor --> D:\DOWNLO~1\IMAGEC~1\UNWISE.EXE D:\DOWNLO~1\IMAGEC~1\INSTALL.LOG
Ink --> MsiExec.exe /I{9FCB2876-554D-491D-A2CD-58F8252D6C64}
J2SE Runtime Environment 5.0 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
Jasc Animation Shop 3 --> MsiExec.exe /I{174D5678-D941-433C-BD23-58A5C7B0D36D}
Kaspersky On-line Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
LifeGlobe Goldfish Aquarium --> "C:\Program Files\Prolific Publishing, Inc.\Goldfish Aquarium\unins000.exe"
LifeGlobe Sharks, Terrors of the Deep --> "C:\Program Files\Prolific Publishing, Inc.\Sharks\unins000.exe"
LimeWire PRO 4.12.6 --> "D:\Programme files 2.0\limeware\LimeWire\uninstall.exe"
Livebox --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FC7DDAAE-7F2B-4270-9BFD-5A130B667E9E}\Setup.exe" -l0x40c
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\Setup.exe" -l0x40c UNINSTALL
Macromedia Dreamweaver 8 --> MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Extension Manager --> MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 --> MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash 8 Video Encoder --> MsiExec.exe /I{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
ManyCam 2.1 (remove only) --> "D:\Programme files 2.0\cam\ManyCam 2.1\uninstall.exe"
Messenger Plus! 3 --> "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /Remove
Messenger Plus! Live --> "C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Micro Application - CV et Lettres de motivation 98 --> C:\WINDOWS\IsUn040c.exe -f"d:\programme files 2.0\micro application\Uninst.isu"
Micro Application - PrintPratic 4 --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EC79B672-686B-4C0A-9402-12EA1A04A99C}\Setup.exe" -l0x40c
Micro Application - PrintPratic Edition Photo --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03A80A3C-2E33-4CB2-A0C8-57DACD48CF7C}\Setup.exe" -l0x40c
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Flight Simulator X Demo --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{B98A34C0-A6A2-4087-B272-557C1C6D0A07}
Microsoft Office FrontPage 2003 --> MsiExec.exe /I{9017040C-6000-11D3-8CFE-0150048383C9}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Minilyrics(remove only) --> "D:\Programme files 2.0\winamp\Plugins\Minilyrics\uninst-ml.exe"
Mise à jour de licences personnelles --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\drmtool.inf,Uninstall
Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) -->
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893066) --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurit&eacut