Forum Clubic

Virus Msn Myspace (toujoursT_T)

voila tout d’abord bonjour, comme beaucoups de gens je pense, j’ai été attaqué par ce fameux virus Myspace qui force la personne à propager le virus.
J’ai tout d’abord essayé de le supprimer à la main ou en utilisant AntiVir mais cela n’a pas marché.
J’ai ensuite trouvé sur le net une manière qui requiert Hijackthis et je viens donc quérir l’aide de personnes plus qualifiées que moi.

Donc si quelqu’un pourrait m’aider je lui en serais très reconnaissant, merci d’avance.

voila le fameux dossier Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:37:35, on 19/02/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Windows\infocard.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Users\Maxime\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = homepage.packardbell.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = homepage.packardbell.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = homepage.packardbell.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = homepage.packardbell.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [avgnt] “C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM…\Run: [BMISR] C:\Program Files (x86)\KYE\WebMate\BM.exe
O4 - HKLM…\Run: [Firewall Administrating] C:\Windows\infocard.exe
O4 - HKCU…\Run: [SmpcSys] C:\Program Files (x86)\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [Skype] “C:\Program Files (x86)\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe” -autorun
O4 - HKCU…\Run: [EA Core] “C:\Program Files (x86)\Electronic Arts\EADM\Core.exe” -silent
O4 - HKCU…\Run: [Free Download Manager] “C:\Program Files (x86)\Free Download Manager\fdm.exe” -autorun
O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU…\Run: [Firewall Administrating] C:\Windows\infocard.exe
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O8 - Extra context menu item: Download all with Free Download Manager - [C:\Program…](file://C:\Program) Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - [C:\Program…](file://C:\Program) Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - [C:\Program…](file://C:\Program) Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - [C:\Program…](file://C:\Program) Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE…
O8 - Extra context menu item: Google Sidewiki… - C:\Program… Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dragon Age: Origins - Application de mise à jour (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell Services - C:\Windows\SYSTEM32\HidService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


End of file - 10143 bytes

Salut

Oui " infection "!!

Fais ceci dans un premier temps

1)1)télécharges --> Malwarebytes’ (mbam)

==> Malwarebytes’ (mbam)

installes + mise a jour

Lances–> Malwarebytes (MBAM)
==> Puis vas dans l’onglet “Recherche”, coche “Exécuter un examen complet” puis “Rechercher”
==> Sélectionnes tes disques durs" puis clique sur “Lancer l’examen”
==> A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport

==>Si MalwareBytes’ détecte des infections, clique sur ==>Afficher les résultats, puis sur ==>Supprimer la sélection

=> S’il t’ es demandé de redémarrer, clique sur "oui "

aprés la suppression(s) de ou des infections trouvées --> poste le rapport ici

ensuite

  1. Télécharge Random’s System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.

==>RSIT

==> Double-clique sur RSIT.exe afin de lancer RSIT.

sous Windpws7/ Vista. --> Ne pas oublier l’élévation des privilèges sous Windpws7/ Vista.

(Clic droit sur l’icône HijackThis, puis sur Exécuter en tant qu’administrateur dans le menu déroulant.)

==> Clique sur Continue à l’écran Disclaimer.
==> Si l’outil HijackThis (version à jour) n’est pas présent ou non détecté sur l’ordinateur, RSIT le téléchargera et tu devras accepter la licence.
==>Lorsque l’analyse sera terminée, deux fichiers texte s’ouvriront.

==> Poste le contenu de log.txt (<==qui sera affiché) ainsi que de info.txt (<==qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

@+ cricri58

Merci de m’aider.

Voila le rapport log.txt:

Logfile of random’s system information tool 1.06 (written by random/random)
Run by Maxime at 2010-02-20 14:13:00
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 167 GB (36%) free of 469 GB
Total RAM: 6142 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:13:01, on 20/02/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe
C:\Program Files (x86)\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Opera\Opera.exe
C:\Users\Maxime\RSIT.exe
C:\Users\Maxime\HiJackThis\Maxime.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = homepage.packardbell.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = homepage.packardbell.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = homepage.packardbell.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = homepage.packardbell.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files (x86)\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files (x86)\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [avgnt] “C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM…\Run: [BMISR] C:\Program Files (x86)\KYE\WebMate\BM.exe
O4 - HKCU…\Run: [SmpcSys] C:\Program Files (x86)\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [Skype] “C:\Program Files (x86)\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe” -autorun
O4 - HKCU…\Run: [EA Core] “C:\Program Files (x86)\Electronic Arts\EADM\Core.exe” -silent
O4 - HKCU…\Run: [Free Download Manager] “C:\Program Files (x86)\Free Download Manager\fdm.exe” -autorun
O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O8 - Extra context menu item: Download all with Free Download Manager - [C:\Program…](file://C:\Program) Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - [C:\Program…](file://C:\Program) Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - [C:\Program…](file://C:\Program) Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - [C:\Program…](file://C:\Program) Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE…
O8 - Extra context menu item: Google Sidewiki… - C:\Program… Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dragon Age: Origins - Application de mise à jour (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell Services - C:\Windows\SYSTEM32\HidService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RelevantKnowledge - Unknown owner - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


End of file - 10013 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d’aide de l’Assistant de connexion Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2009-03-02 98304]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Adobe Reader Speed Launcher”=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
“QuickTime Task”=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-09-05 417792]
“iTunesHelper”=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2009-10-28 141600]
“avgnt”=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
“BMISR”=C:\Program Files (x86)\KYE\WebMate\BM.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
“SmpcSys”=C:\Program Files (x86)\Packard Bell\SetUpMyPC\SmpSys.exe [2009-03-18 1160736]
“msnmsgr”=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
“Skype”=C:\Program Files (x86)\Skype\Phone\Skype.exe [2009-07-16 25604904]
“DAEMON Tools Lite”=C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
“EA Core”=C:\Program Files (x86)\Electronic Arts\EADM\Core.exe -silent []
“Free Download Manager”=C:\Program Files (x86)\Free Download Manager\fdm.exe [2009-03-02 3399727]
“ehTray.exe”=C:\Windows\ehome\ehTray.exe [2008-07-03 152064]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
“EnableLUA”=0
“dontdisplaylastusername”=0
“legalnoticecaption”=
“legalnoticetext”=
“shutdownwithoutlogon”=1
“undockwithoutlogon”=1
“EnableUIADesktopToggle”=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
“NoActiveDesktop”=
“ForceActiveDesktopOn”=
“NoActiveDesktopChanges”=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
“C:\Users\Maxime\IM88532.JPG-www.facebook.com.exe”=“C:\Users\Maxime\IM88532.JPG-www.facebook.com.exe:*:Enabled:Firewall Administrating”

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{05973e4c-6174-11de-86c3-806e6f6e6963}]
shell\AutoRun\command - E:\autorun.exe -auto

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{b67f629b-90a3-11de-a0bb-001f16f2e111}]
shell\Auto\command - cmd /C launch.bat
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

======List of files/folders created in the last 1 months======

2010-02-20 14:06:15 ----D---- C:\rsit
2010-02-20 13:33:28 ----A---- C:\Windows\ScUnin.exe
2010-02-20 12:44:19 ----D---- C:\Users\Maxime\AppData\Roaming\Malwarebytes
2010-02-20 12:44:14 ----D---- C:\ProgramData\Malwarebytes
2010-02-20 12:44:13 ----D---- C:\Program Files (x86)\Malwarebytes’ Anti-Malware
2010-02-18 23:08:39 ----SHD---- C:\Config.Msi
2010-02-18 22:43:29 ----A---- C:\Windows\system32\wups.dll
2010-02-18 22:43:29 ----A---- C:\Windows\system32\wudriver.dll
2010-02-18 22:43:29 ----A---- C:\Windows\system32\wuapi.dll
2010-02-18 22:43:20 ----A---- C:\Windows\system32\wuwebv.dll
2010-02-18 22:43:20 ----A---- C:\Windows\system32\wuapp.exe
2010-02-18 22:41:20 ----D---- C:\Program Files (x86)\AxBx
2010-02-11 23:58:27 ----A---- C:\Windows\amcap.exe
2010-02-11 23:58:15 ----A---- C:\Windows\vsnpstd.exe
2010-02-11 23:58:15 ----A---- C:\Windows\system32\unicows.dll
2010-02-11 23:58:15 ----A---- C:\Windows\system32\dsnpstd.dll
2010-02-11 23:58:15 ----A---- C:\Windows\snpstd.ini
2010-02-11 23:58:08 ----A---- C:\Windows\system32\vsnpstd.dll
2010-02-11 23:58:08 ----A---- C:\Windows\system32\rsnpstd.dll
2010-02-11 23:58:08 ----A---- C:\Windows\system32\csnpstd.dll
2010-02-11 23:58:06 ----D---- C:\Program Files (x86)\Common Files\snpstd
2010-02-11 23:58:06 ----A---- C:\Windows\usnpstd.exe
2010-02-11 23:23:42 ----D---- C:\Windows\Album
2010-02-11 23:23:11 ----D---- C:\ProgramData\InstallShield
2010-02-11 23:22:13 ----D---- C:\Windows\PixArt
2010-02-11 23:22:13 ----D---- C:\Program Files (x86)\Common Files\PAC7302
2010-02-11 23:22:12 ----D---- C:\Program Files (x86)\KYE
2010-02-11 23:21:35 ----D---- C:\Windows\Downloaded Installations
2010-02-11 23:18:58 ----A---- C:\Windows\system32\mfc71.dll
2010-02-08 21:31:37 ----D---- C:\Program Files (x86)\Hedgewars 0.9.12
2010-02-08 14:58:47 ----D---- C:\Program Files (x86)\osu!
2010-02-08 13:14:59 ----D---- C:\Users\Maxime\AppData\Roaming\InstallShield
2010-02-07 16:49:42 ----D---- C:\ProgramData\Avira
2010-02-07 16:49:42 ----D---- C:\Program Files (x86)\Avira
2010-02-04 11:42:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-02-04 11:40:15 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2010-02-04 11:40:13 ----D---- C:\Program Files (x86)\DAODB
2010-02-01 14:55:21 ----D---- C:\ProgramData\BioWare
2010-02-01 14:51:19 ----D---- C:\Windows\1C4551A64743409391E41477CD655043.TMP
2010-02-01 14:32:15 ----D---- C:\Program Files (x86)\Dragon Age
2010-01-31 11:24:21 ----A---- C:\Windows\system32\msvcr71.dll
2010-01-31 11:24:21 ----A---- C:\Windows\system32\msvcp71.dll
2010-01-30 21:08:43 ----D---- C:\Program Files (x86)\Beneton Movie GIF
2010-01-28 12:54:34 ----D---- C:\ProgramData\Media Center Programs
2010-01-28 12:54:33 ----D---- C:\Program Files (x86)\Common Files\BioWare
2010-01-28 12:24:39 ----RHD---- C:\Users\Maxime\AppData\Roaming\SecuROM
2010-01-27 19:14:01 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2010-01-23 23:39:18 ----D---- C:\ProgramData\Steam
2010-01-23 23:39:06 ----D---- C:\ProgramData\PopCap Games

======List of files/folders modified in the last 1 months======

2010-02-20 14:12:27 ----D---- C:\Windows\Temp
2010-02-20 14:12:23 ----D---- C:\Users\Maxime\AppData\Roaming\Free Download Manager
2010-02-20 14:07:57 ----D---- C:\Windows\System32
2010-02-20 14:07:57 ----D---- C:\Windows\inf
2010-02-20 14:06:46 ----D---- C:\Users\Maxime\AppData\Roaming\Skype
2010-02-20 14:02:51 ----D---- C:\Users\Maxime\AppData\Roaming\WTablet
2010-02-20 14:01:47 ----D---- C:\Users\Maxime\AppData\Roaming\uTorrent
2010-02-20 14:01:36 ----RD---- C:\Program Files (x86)
2010-02-20 14:01:36 ----D---- C:\Windows\SysWOW64
2010-02-20 14:01:36 ----D---- C:\Windows
2010-02-20 13:33:10 ----RD---- C:\Program Files
2010-02-20 12:44:15 ----D---- C:\Windows\system32\drivers
2010-02-20 12:44:14 ----HD---- C:\ProgramData
2010-02-20 12:37:00 ----D---- C:\Users\Maxime\AppData\Roaming\skypePM
2010-02-20 12:36:47 ----D---- C:\Program Files (x86)\Steam
2010-02-19 15:59:13 ----D---- C:\Windows\rescache
2010-02-19 15:42:47 ----D---- C:\Windows\system32\fr-FR
2010-02-19 15:41:58 ----D---- C:\Windows\winsxs
2010-02-19 15:40:47 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-02-19 07:12:06 ----SHD---- C:\System Volume Information
2010-02-18 23:42:45 ----D---- C:\Users\Maxime\AppData\Roaming\vlc
2010-02-18 23:34:29 ----SHD---- C:\Windows\Installer
2010-02-17 01:39:31 ----D---- C:\Program Files (x86)\uTorrent
2010-02-16 01:16:39 ----D---- C:\Users\Maxime\AppData\Roaming\dvdcss
2010-02-12 20:33:09 ----D---- C:\Program Files (x86)\Windows Live Safety Center
2010-02-11 23:58:15 ----D---- C:\Windows\twain_32
2010-02-11 23:58:06 ----D---- C:\Program Files (x86)\Common Files
2010-02-10 13:42:01 ----D---- C:\Windows\Prefetch
2010-02-08 13:15:48 ----D---- C:\Program Files (x86)\Rising Force Online France
2010-02-08 13:13:02 ----D---- C:\ProgramData\Google
2010-02-08 13:13:02 ----D---- C:\Program Files (x86)\Google
2010-02-08 13:12:47 ----D---- C:\Program Files (x86)\Eufloria Demo
2010-02-08 12:54:42 ----RSD---- C:\Windows\assembly
2010-02-07 20:53:54 ----D---- C:\Program Files (x86)\Free Download Manager
2010-02-06 14:40:06 ----D---- C:\Windows\Registration
2010-02-04 11:41:11 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-02-04 11:41:09 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-02-01 14:51:18 ----D---- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2010-01-30 13:49:33 ----D---- C:\Program Files (x86)\Fenrir Online
2010-01-28 12:22:43 ----SD---- C:\Users\Maxime\AppData\Roaming\Microsoft
2010-01-27 19:16:12 ----D---- C:\ProgramData\Electronic Arts
2010-01-27 19:15:56 ----D---- C:\Users\Maxime\AppData\Roaming\Adobe
2010-01-27 19:15:56 ----D---- C:\ProgramData\Adobe
2010-01-27 18:28:44 ----D---- C:\Program Files (x86)\Electronic Arts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series; C:\Windows\system32\DRIVERS\athrxu6.sys []
R3 e1yexpress;Intel® Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y60x64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys []
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys []
R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys []
R3 WacomVKHid;Virtual Keyboard Driver; C:\Windows\system32\DRIVERS\WacomVKHid.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 av5qxn6s;av5qxn6s; C:\Windows\system32\drivers\av5qxn6s.sys []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys []
S3 dump_wmimmc;dump_wmimmc; ??\C:\Program Files (x86)\gPotato.eu\Dragonica\FR\Release\GameGuard\dump_wmimmc.sys []
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys []
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Proxy d’horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys []
S3 NPPTNT2;NPPTNT2; ??\C:\Windows\system32\npptNT2.sys [2005-01-03 4682]
S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-10 124832]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 GenericHidService;Generic Service for HID Keyboard Input Collections; C:\Windows\system32\HidService.exe [2008-05-29 83264]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-09-12 354840]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET); C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-25 29263712]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-25 153952]
R2 TabletServicePen;TabletServicePen; C:\Windows\system32\Pen_Tablet.exe []
R3 iPod Service;Service de l’iPod; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-10-28 545568]
S2 RelevantKnowledge;RelevantKnowledge; C:\Program Files (x86)\RelevantKnowledge\rlservice.exe /service []
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-27 93184]
S3 DAUpdaterSvc;Dragon Age: Origins - Application de mise à jour; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-13 654848]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-07-22 3240876]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2007-09-12 87288]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-25 45408]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
S4 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-04-28 529704]
S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-25 239968]

-----------------EOF-----------------

Et voila le rapport info.txt :

info.txt logfile of random’s system information tool 1.06 2010-02-20 14:06:18

======Uninstall list======

–>C:\Program Files (x86)\Nero\Nero8\nero\uninstall\UNNERO.exe /UNINSTALL
–>C:\Windows\UNNeroBackItUp.exe /UNINSTALL
–>C:\Windows\UNNeroMediaHome.exe /UNINSTALL
–>C:\Windows\UNNeroShowTime.exe /UNINSTALL
–>C:\Windows\UNNeroVision.exe /UNINSTALL
–>C:\Windows\UNRecode.exe /UNINSTALL
–>MsiExec /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-002A-040C-1000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {90120000-00A1-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7}
2007 Microsoft Office Suite Service Pack 1 (SP1)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Adobe AIR–>c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR–>MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin–>C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX–>C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements 6.0–>msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
Adobe Reader 9 - Français–>MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Apple Application Support–>MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Software Update–>MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR–>C:\Program Files (x86)\WinRAR\uninstall.exe
Assistant de connexion Windows Live–>MsiExec.exe /I{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}
Avira AntiVir Personal - Free Antivirus–>C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
BattleForge™–>MsiExec.exe /X{C580908C-B3BA-4C19-BD60-16F02F272201}
Beneton Movie GIF 1.1.2–>“C:\Program Files (x86)\Beneton Movie GIF\unins000.exe”
Clean Virus MSN–>“C:\Program Files (x86)\AxBx\Clean Virus MSN\unins000.exe”
DAEMON Tools Toolbar–>C:\Program Files (x86)\DAEMON Tools Toolbar\uninst.exe
Dead Space™–>MsiExec.exe /X{4D87DC92-C328-46EC-A7B4-9C88129DC696}
Dragon Age Toolset–>“C:\Program Files (x86)\Common Files\BioWare\Uninstall Dragon Age Toolset.exe”
Dragon Age: Origins–>C:\Program Files (x86)\Common Files\BioWare\Uninstall Dragon Age.exe
EA Download Manager UI–>msiexec /qb /x {A59BB15D-51B7-F12B-4548-8C0368243441}
EA Download Manager UI–>MsiExec.exe /I{A59BB15D-51B7-F12B-4548-8C0368243441}
EA Download Manager–>C:\Program Files (x86)\Electronic Arts\EADM\EADMUninstall.exe
Fenrir Online 2.0–>“C:\Program Files (x86)\Fenrir Online\unins000.exe”
Free Download Manager 3.0–>C:\Program Files (x86)\Free Download Manager\uninst.exe
Galerie de photos Windows Live–>MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1}
Half-Life 2: Episode One–>“C:\Program Files (x86)\Steam\steam.exe” uninstall…
Half-Life 2: Episode Two–>“C:\Program Files (x86)\Steam\steam.exe” uninstall…
Half-Life 2: Lost Coast–>“C:\Program Files (x86)\Steam\steam.exe” uninstall…
Half-Life 2–>“C:\Program Files (x86)\Steam\steam.exe” uninstall…
HijackThis 2.0.2–>“C:\Users\Maxime\HiJackThis\HijackThis.exe” /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)–>C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)–>C:\Windows\SysWOW64\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {08155812-0202-4D5F-A7FF-12A2782DC548} /qb+ REBOOTPROMPT=""
Identity Card–>C:\Program Files (x86)\Packard Bell\Identity Card\Uninstall.exe
Impossible Creatures–>“C:\Program Files (x86)\Microsoft Games\Impossible Creatures\UNINSTAL.EXE” /runtemp /addremove
InfoCentre–>C:\Program Files (x86)\Packard Bell\InfoCentre\Uninstall.exe
Installation Windows Live–>C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Installation Windows Live–>MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
iTunes–>MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Junk Mail filter update–>MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Les Sims™ 3–>“C:\Program Files (x86)\InstallShield Installation Information{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}\setup.exe” -runfromtemp -l0x040c -removeonly
Malwarebytes’ Anti-Malware–>“C:\Program Files (x86)\Malwarebytes’ Anti-Malware\unins000.exe”
Messenger Plus! Live–>“C:\Program Files (x86)\Messenger Plus! Live\Uninstall.exe”
MetaBoli–>“C:\Program Files (x86)\InstallShield Installation Information{709817E4-5439-4206-8738-796B34B623BD}\setup.exe” -runfromtemp -l0x040c -removeonly
Microsoft Choice Guard–>MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable–>MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Office Excel MUI (French) 2007–>MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office Home and Student 2007–>“C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe” /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007–>MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (French) 2007–>MsiExec.exe /X{90120000-00A1-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007–>MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint Viewer 2007 (French)–>MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007–>MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007–>MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007–>MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007–>MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007–>MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007–>MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007–>MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007–>MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Suite Activation Assistant–>MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
Microsoft Office Word MUI (French) 2007–>MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]–>MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2005 Express Edition (BWDATOOLSET)–>MsiExec.exe /I{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}
Microsoft SQL Server 2005 Tools Express Edition–>MsiExec.exe /I{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}
Microsoft SQL Server 2005–>“C:\Program Files (x86)\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe” /Remove
Microsoft SQL Server Setup Support Files (English)–>MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053–>MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable–>MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022–>MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17–>MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works–>MsiExec.exe /I{0214A441-A4AB-43A8-8DEF-2F73C5364673}
Microsoft WSE 3.0 Runtime–>MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MKV Converter version 1.3.1.0–>“C:\Program Files (x86)\MKVConverter\unins000.exe”
Module de compatibilité pour Microsoft Office System 2007–>MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
MSVCRT–>MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)–>MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Nero 8 Essentials–>MsiExec.exe /X{5C1BF3AC-B19D-4C26-B0A0-90833A521036}
neroxml–>MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA PhysX–>MsiExec.exe /X{DD1865F0-AD73-40FB-B23E-1822E02396FF}
OpenAL–>“C:\Program Files (x86)\OpenAL\oalinst.exe” /U
Opera 9.64–>MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
osu!–>MsiExec.exe /X{C3592426-531E-4110-911D-BFECE2CE284C}
Outil de téléchargement Windows Live–>MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Packard Bell Customer Registration–>C:\Program Files (x86)\Packard Bell\Packard Bell Customer Registration\Uninstall.exe
Packard Bell Recovery Management–>“C:\Program Files (x86)\InstallShield Installation Information{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe” -runfromtemp -l0x040c -removeonly
Packard Bell ScreenSaver–>C:\Windows\Screensavers\Packard Bell\Uninstall.exe
Pcsx2 0.9.6–>MsiExec.exe /I{0E2B767B-EA6A-489B-BF83-8083FE1DB661}
Pen Tablet–>C:\Program Files (x86)\Tablet\Pen\Remove.exe /u
Portal–>“C:\Program Files (x86)\Steam\steam.exe” uninstall…
QuickTime–>MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Realtek High Definition Audio Driver–>C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
RGSS de RMXP version 1.0.1–>“C:\Program Files (x86)\Bodom-Child - RaBBi\RGSS\unins000.exe”
RMXP version 1.0.0.1–>“C:\Program Files (x86)\Bodom-Child - RaBBi\RMXP\unins000.exe”
RPG Maker 2003–>C:\Program Files (x86)\RPG Maker 2003\Désinstaller.exe
Security Update for 2007 Microsoft Office System (KB969559)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for Microsoft Office Excel 2007 (KB969682)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office system 2007 (KB969613)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office Word 2007 (KB969604)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
SetUpMyPC–>C:\Program Files (x86)\Packard Bell\SetUpMyPC\Uninstall.exe
Shattered Horizon–>“C:\Program Files (x86)\Steam\steam.exe” uninstall…
Skype™ 4.1–>MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SourceForts–>c:\program files (x86)\steam\SteamApps\SourceMods\sourceforts\uninstall.exe
SPORE™ Aventures Galactiques–>“C:\Program Files (x86)\InstallShield Installation Information{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}\setup.exe” -runfromtemp -l0x040c -removeonly
SPORE™–>“C:\Program Files (x86)\InstallShield Installation Information{9DF0196F-B6B8-4C3A-8790-DE42AA530101}\setup.exe” -runfromtemp -l0x040c -removeonly
Starcraft–>C:\Windows\SCunin.exe C:\Windows\SCunin.dat
Steam–>MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Team Fortress 2–>“C:\Program Files (x86)\Steam\steam.exe” uninstall…
TmNationsForever–>“C:\Program Files (x86)\TmNationsForever\unins000.exe”
Update for 2007 Microsoft Office System (KB967642)–>msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Updator–>C:\Program Files (x86)\Packard Bell\Updator\Uninstall.exe
VideoCAM Messenger–>RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup “C:\Program Files (x86)\InstallShield Installation Information{862546CA-19C6-4D42-A6EB-352820682FA3}\setup.exe” -l0x40c
VLC media player 1.0.1–>C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WBFS Manager 3.0–>C:\Program Files\WBFS\WBFS Manager 3.0\uninstall.exe
WebMate–>C:\Program Files (x86)\InstallShield Installation Information{13605214-8CA9-4B59-90A0-DEBB9A9F68E5}\setup.exe -runfromtemp -l0x040c -removeonly
Windows Live Call–>MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform–>MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live FolderShare–>MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA}
Windows Live Mail–>MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818}
Windows Live Messenger–>MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live OneCare safety scanner–>“C:\Program Files (x86)\Windows Live Safety Center\UnInstall.exe”
Windows Live OneCare safety scanner–>MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
Windows Live Writer–>MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA}

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: PC-de-Maxime
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 107044
Source Name: Tcpip
Time Written: 20100220001959.003565-000
Event Type: Avertissement
User:

Computer Name: PC-de-Maxime
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 107049
Source Name: Tcpip
Time Written: 20100220011855.239565-000
Event Type: Avertissement
User:

Computer Name: PC-de-Maxime
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 107051
Source Name: Tcpip
Time Written: 20100220113712.328565-000
Event Type: Avertissement
User:

Computer Name: PC-de-Maxime
Event Code: 4001
Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement.

Record Number: 107060
Source Name: Microsoft-Windows-WLAN-AutoConfig
Time Written: 20100220130156.578000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Maxime
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 107072
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20100220130246.035770-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: PC-de-Maxime
Event Code: 4113
Message: AntiVir a détecté dans le fichier C:\Windows\infocard.exe un code suspect avec la désignation ‘TR/Buzus.dfjk’!
Record Number: 28737
Source Name: Avira AntiVir
Time Written: 20100220020042.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Maxime
Event Code: 4113
Message: AntiVir a détecté dans le fichier C:\Windows\infocard.exe un code suspect avec la désignation ‘TR/Buzus.dfjk’!
Record Number: 28738
Source Name: Avira AntiVir
Time Written: 20100220114748.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Maxime
Event Code: 4113
Message: AntiVir a détecté dans le fichier C:\Windows\infocard.exe un code suspect avec la désignation ‘TR/Buzus.dfjk’!
Record Number: 28739
Source Name: Avira AntiVir
Time Written: 20100220122141.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Maxime
Event Code: 4113
Message: AntiVir a détecté dans le fichier C:\Windows\infocard.exe un code suspect avec la désignation ‘TR/Buzus.dfjk’!
Record Number: 28750
Source Name: Avira AntiVir
Time Written: 20100220130136.000000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM

Computer Name: PC-de-Maxime
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 28805
Source Name: Microsoft-Windows-WMI
Time Written: 20100220130259.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: PC-de-Maxime
Event Code: 4616
Message: L’heure du système a été modifiée.

Sujet :
ID de sécurité : S-1-5-19
Nom du compte : SERVICE LOCAL
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e5

Informations sur le processus :
ID du processus : 0x420
Nom : C:\Windows\System32\svchost.exe

Heure précédente : 10:47:13 07/01/2010
Nouvelle heure : 10:47:13 07/01/2010

Cet événement est généré lorsque l’heure du système est modifiée. Le changement régulier de l’heure du système est une opération normale de la part du service de temps Windows qui s’exécute avec des privilèges système. Mais, d’autres modifications de l’heure du système peuvent indiquer des tentatives de falsification de l’ordinateur.
Record Number: 23318
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100107094713.656200-000
Event Type: Succès de l’audit
User:

Computer Name: PC-de-Maxime
Event Code: 4634
Message: Fermeture de session d’un compte.

Sujet :
ID de sécurité : S-1-5-7
Nom du compte : ANONYMOUS LOGON
Domaine du compte : AUTORITE NT
ID du compte : 0x29e93

Type d’ouverture de session : 3

Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur.
Record Number: 23319
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100107094713.749800-000
Event Type: Succès de l’audit
User:

Computer Name: PC-de-Maxime
Event Code: 4608
Message: Windows démarre.

Cet événement est journalisé lorsque LSASS.EXE démarre et que le sous-système d’audit est initialisé.
Record Number: 23320
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100107094755.900150-000
Event Type: Succès de l’audit
User:

Computer Name: PC-de-Maxime
Event Code: 4624
Message: L’ouverture de session d’un compte s’est correctement déroulée.

Sujet :
ID de sécurité : S-1-0-0
Nom du compte : -
Domaine du compte : -
ID d’ouverture de session : 0x0

Type d’ouverture de session : 0

Nouvelle ouverture de session :
ID de sécurité : S-1-5-18
Nom du compte : SYSTEM
Domaine du compte : AUTORITE NT
ID d’ouverture de session : 0x3e7
GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000}

Informations sur le processus :
ID du processus : 0x4
Nom du processus :

Informations sur le réseau :
Nom de la station de travail : -
Adresse du réseau source : -
Port source : -

Informations détaillées sur l’authentification :
Processus d’ouverture de session : -
Package d’authentification : -
Services en transit : -
Nom du package (NTLM uniquement) : -
Longueur de la clé : 0

Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée.

Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe.

Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau).

Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté.

Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas.

Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique.
- Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC .
- Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session.
- Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM.
- La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée.
Record Number: 23321
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100107094755.900150-000
Event Type: Succès de l’audit
User:

Computer Name: PC-de-Maxime
Event Code: 4902
Message: La table de stratégie d’audit par utilisateur a été créée.

Nombre d’éléments : 0
ID de la stratégie : 0x13331
Record Number: 23322
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100107094755.993750-000
Event Type: Succès de l’audit
User:

======Environment variables======

“ComSpec”=%SystemRoot%\system32\cmd.exe
“FP_NO_HOST_CHECK”=NO
“OS”=Windows_NT
“Path”=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\QuickTime\QTSystem;C:\Program Files (x86)\Microsoft SQL Server\90\Tools\binn
“PATHEXT”=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
“PROCESSOR_ARCHITECTURE”=AMD64
“TEMP”=%SystemRoot%\TEMP
“TMP”=%SystemRoot%\TEMP
“USERNAME”=SYSTEM
“windir”=%SystemRoot%
“PROCESSOR_LEVEL”=6
“PROCESSOR_IDENTIFIER”=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
“PROCESSOR_REVISION”=170a
“NUMBER_OF_PROCESSORS”=4
“TRACE_FORMAT_SEARCH_PATH”=\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
“DFSTRACINGON”=FALSE
“CLASSPATH”=.;C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip
“QTJAVA”=C:\Program Files (x86)\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

En espérant que cela puisse t’aider à m’aider
Edité le 20/02/2010 à 14:15

Salut

  1. poste moi le rapport de Malwarebytes,que j avais demandé il est dans Malwarebytes => rapports/Logs

aprés on passe à la suite

désolé

donc théoriquement, voila le log de Malwarebyte’s:

Malwarebytes’ Anti-Malware 1.44
Version de la base de données: 3766
Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

20/02/2010 14:01:36
mbam-log-2010-02-20 (14-01-36).txt

Type de recherche: Examen complet (C:|D:|)
Eléments examinés: 382583
Temps écoulé: 1 hour(s), 4 minute(s), 10 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
C:\Windows\infocard.exe (Backdoor.IRCBot) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firewall administrating (Backdoor.IRCBot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\firewall administrating (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files (x86)\RelevantKnowledge (Spyware.MarketScore) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files (x86)\RelevantKnowledge\MSVCP71.DLL (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\MSVCR71.DLL (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlls64.dll (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rloci.bin (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe (Spyware.MarketScore) -> Quarantined and deleted successfully.
C:\Windows\System32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\infocard.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Re

Ok cest bon !!

Fais ceci

Lances Hijackthis

SOUS VISTA: Clic droit sur Hijackthis/exécuter en tant qu’administrateur!

Cliques sur ==> Do a System Scan Only

coches ces Lignes

Fermes tes autres applications

et Cliques sur ==> Fix Checked

aprés

  1. affiche les fichiers cachés de Vista:

==> Comment afficher les fichiers système/cachés sous Vista/Seven

: Supprime le dossier suivant :

aprés

  1. Desactive ton antivirus

Télécharge List&Kill’em de gen-hackman

enregistre le sur ton bureau

==> List&Kill’em de gen-hackman

double clic (clic droit “executer en tant qu’administrateur” pour Vista) pour lancer le scan

choisis la langue puis choisis l’option 1 = Mode Recherche

laisse travailler l’outil

le rapport va s’afficher , une fois le scan terminé ,poste le

  1. Désactives ton antivirus

Telecharge et install UsbFix (de C_XX & Chiquitine29)

==>UsbFix (de C_XX & Chiquitine29)

Déconnectes toi et fermes toutes applications en cours

Au message ==> Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc…) susceptibles d avoir été infectés sans les ouvrir

Double clic sur le raccourci UsbFix présent sur ton bureau .

Choisi ==> l option 1 ( Recherche )

Laisse travailler l outil.

Ensuite poste le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Réactives ton antivirus

@+ cricri58
Edité le 20/02/2010 à 16:25

Re

tu as publié un message ==> Aujourd’hui 12h 48mn 12s par Crazy-Minstrel

Mais rien !!:neutre:

tu repostes

résolé pour le retard, le message ne veut pas s’afficher sans doute à cause du trop grand nombre de caractères

donc voila pour le momment le fichier de list&kill: www.megaupload.com…

et voila le usbfix:

############################## | UsbFix V6.096 |

User : Maxime (Administrateurs) # PC-DE-MAXIME
Update on 19/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 14:51:17 | 21/02/2010
Website : pagesperso-orange.fr…
Contact : FindyKill.Contact@gmail.com

Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 64-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled

C:\ -> Disque fixe local # 458,46 Go (152,23 Go free) [OS] # NTFS
D:\ -> Disque fixe local # 458,41 Go (458,3 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM # 7,84 Go (0 Mo free) [DragonAge] # CDFS
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque CD-ROM # 625,36 Mo (0 Mo free) [BROODWAR] # CDFS
K:\ -> Disque amovible # 1,91 Go (691,81 Mo free) # FAT

############################## | Processus actifs |

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\HidService.exe
C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe
C:\Program Files (x86)\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Opera\opera.exe

################## | Elements infectieux |

C:\Users\Maxime\mbam-setup.exe
C:\Users\Maxime\RSIT.exe
E:\autorun.inf
E:\DATA
J:\autorun.inf

################## | Registre |

################## | Mountpoints2 |

HKCU…\Explorer\MountPoints2{00a07a37-8811-11de-b3df-001f16f2e111}
shell\AutoRun\command =J:\SETUP.EXE

HKCU…\Explorer\MountPoints2{05973e4c-6174-11de-86c3-806e6f6e6963}
shell\AutoRun\command =E:\autorun.exe -auto

HKCU…\Explorer\MountPoints2{b67f629b-90a3-11de-a0bb-001f16f2e111}
shell\Auto\command =cmd /C launch.bat
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat

################## | Vaccin |

(!) Cet ordinateur n’est pas vacciné !

################## | ! Fin du rapport # UsbFix V6.096 ! |
Edité le 21/02/2010 à 14:53

Re

Relance List&Kill’em avec le raccourci sur ton bureau.

cette fois-ci

choisis l’option 2 => Mode Suppression

laisse travailler l’outil.

en fin de scan un rapport s’ouvre

colle le contenu

aprés

2) Déconnectes toi et fermes toutes applications en cours

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc…) susceptibles d avoir été infectés sans les ouvrir

Double clic sur le raccourci UsbFix présent sur ton bureau .

Choisi ==> l’ option 2 (Suppression)

Laisse travailler l outil.

Ensuite poste le rapport UsbFix.txt qui apparaitra.

Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Voila le dossier kill&em’all:

Kill’em by g3n-h@ckm@n 1.2.5.3

User : Maxime (Administrateurs)
Update on 19/02/2010 by g3n-h@ckm@n ::::: 13.15
Start at: 16:08:46 | 21/02/2010
Contact : www.commentcamarche.net…

Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 64-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled

C:\ -> Disque fixe local | 458,46 Go (152,23 Go free) [OS] | NTFS
D:\ -> Disque fixe local | 458,41 Go (458,3 Go free) [DATA] | NTFS
E:\ -> Disque CD-ROM | 7,84 Go (0 Mo free) [DragonAge] | CDFS
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque CD-ROM | 625,36 Mo (0 Mo free) [BROODWAR] | CDFS
K:\ -> Disque amovible | 1,91 Go (691,81 Mo free) | FAT

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\HidService.exe
C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\ABoard.exe
C:\ACER\Preload\Autorun\DRV\Fiji Keyboard\AOSD.exe
C:\Program Files (x86)\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files (x86)\Free Download Manager\fdm.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\List_Kill’em\List_Kill’em.scr
C:\Windows\SysWOW64\cmd.exe
C:\Users\Maxime\AppData\Local\Temp\E515.tmp\ERUNT.EXE
C:\Users\Maxime\AppData\Local\Temp\E515.tmp\pv.exe

Detections :

¤¤¤¤¤¤¤¤¤¤ Files/folders :

Quarantined & Deleted !! : C:\Program Files (x86)\DAEMON Tools Toolbar
Quarantined & Deleted !! : C:\Program Files (x86)\temp

Quarantined & Deleted !! : C:\Windows\System32\drivers\etc\hosts.msn
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\DTLite4355-0068.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EAD10C2.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EAD3800.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EAD77DD.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EAD781B.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EAD7E24.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EAD7F9A.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EAD802A.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EAD8229.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EAD85D1.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EAD86AC.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EAD8CD3.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EAD8FDF.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EAD9626.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EAD9C6D.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EAD9D19.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EADA41B.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EADBC0D.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\EADF49B.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\GLFEAAE.EXE
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp_is2DD8.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp_is33BC.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp_is5070.exe
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\bassmod.dll
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\drm_dyndata_7340014.dll
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\drm_dyndata_7380007.dll
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\drm_dyndata_7400005.dll
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\drm_dyndata_7400006.dll
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\UninstallEADM.dll
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\tmp257E.tmp
Quarantined & Deleted !! : C:\Users\Maxime\LOCAL Settings\Temp\tmp9447.tmp

==============
host file OK !

========
Registry

Deleted : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}
Deleted : HKLM\SYSTEM\CurrentControlSet\Services\RelevantKnowledge

Services

Ndisuio : Start = 3
EapHost : Start = 2
Wlansvc : Start = 2
SharedAccess : Start = 2
windefend : Start = 2
wuauserv : Start = 2
wscsvc : Start = 2

============
Disk Cleaned

=================
anti-ver blaster : OK !!

================
Prefetch cleaned

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

l’autre arrive bientot

étrange: le usbfix est resté à 90% après le redémarrage pendant au moins une quinzaine de minutes donc je l’ai stoppé pensant à un problème.

Sinon apparement un dossier text a bien été créé:

############################## | UsbFix V6.096 |

User : Maxime (Administrateurs) # PC-DE-MAXIME
Update on 19/02/2010 by El Desaparecido , C_XX & Chimay8
Start at: 16:34:51 | 21/02/2010
Website : pagesperso-orange.fr…
Contact : FindyKill.Contact@gmail.com

Intel® Core™2 Quad CPU Q8200 @ 2.33GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 64-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled

C:\ -> Disque fixe local # 458,46 Go (152,15 Go free) [OS] # NTFS
D:\ -> Disque fixe local # 458,41 Go (458,3 Go free) [DATA] # NTFS
E:\ -> Disque CD-ROM # 7,84 Go (0 Mo free) [DragonAge] # CDFS
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
I:\ -> Disque amovible
J:\ -> Disque CD-ROM
K:\ -> Disque amovible # 1,91 Go (691,81 Mo free) # FAT

############################## | Processus actifs |

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\HidService.exe
C:\Program Files (x86)\DAODB\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\SysWOW64\runonce.exe
C:\Windows\SysWOW64\conime.exe

################## | Elements infectieux |

Supprimé ! C:\Users\Maxime\mbam-setup.exe
Supprimé ! C:\Users\Maxime\RSIT.exe
Supprimé ! C:$Recycle.Bin\S-1-5-21-3333604117-853762143-1885728254-500
Supprimé ! C:$Recycle.Bin\S-1-5-21-36089084-3836553067-2628133530-1000
Supprimé ! C:$Recycle.Bin\S-1-5-21-36089084-3836553067-2628133530-500
Supprimé ! D:$Recycle.Bin\S-1-5-21-36089084-3836553067-2628133530-1000
Supprimé ! D:$Recycle.Bin\S-1-5-21-36089084-3836553067-2628133530-500
(!) Non supprimé ! E:\autorun.inf
(!) Non supprimé ! E:\DATA

################## | Registre |

################## | Mountpoints2 |

Supprimé ! HKCU…\Explorer\MountPoints2{00a07a37-8811-11de-b3df-001f16f2e111}\Shell\AutoRun\Command
Supprimé ! HKCU…\Explorer\MountPoints2{05973e4c-6174-11de-86c3-806e6f6e6963}\Shell\AutoRun\Command
Supprimé ! HKCU…\Explorer\MountPoints2{b67f629b-90a3-11de-a0bb-001f16f2e111}\Shell\Auto\Command

################## | Listing des fichiers présent |

[21/01/2008 03:50|-rahs----|333203] C:\bootmgr
[13/05/2009 14:29|-ra-s----|8192] C:\BOOTSECT.BAK
[?|?|?] C:\hiberfil.sys
[21/02/2010 16:19|–a------|5557] C:\Kill’em.txt
[21/02/2010 12:44|–a------|1309454] C:\List’em.txt
[30/12/2009 05:31|–a------|53569] C:\lma_log.html
[?|?|?] C:\pagefile.sys
[13/05/2009 06:31|–a------|1946] C:\RHDSetup.log
[21/02/2010 16:39|–a------|2841] C:\UsbFix.txt
[07/11/2007 08:00|–a------|17734] D:\eula.1028.txt
[07/11/2007 08:00|–a------|17734] D:\eula.1031.txt
[07/11/2007 08:00|–a------|10134] D:\eula.1033.txt
[07/11/2007 08:00|–a------|17734] D:\eula.1036.txt
[07/11/2007 08:00|–a------|17734] D:\eula.1040.txt
[07/11/2007 08:00|–a------|118] D:\eula.1041.txt
[07/11/2007 08:00|–a------|17734] D:\eula.1042.txt
[07/11/2007 08:00|–a------|17734] D:\eula.2052.txt
[07/11/2007 08:00|–a------|17734] D:\eula.3082.txt
[07/11/2007 08:00|–a------|1110] D:\globdata.ini
[07/11/2007 08:03|–a------|562688] D:\install.exe
[07/11/2007 08:00|–a------|843] D:\install.ini
[07/11/2007 08:03|–a------|76304] D:\install.res.1028.dll
[07/11/2007 08:03|–a------|96272] D:\install.res.1031.dll
[07/11/2007 08:03|–a------|91152] D:\install.res.1033.dll
[07/11/2007 08:03|–a------|97296] D:\install.res.1036.dll
[07/11/2007 08:03|–a------|95248] D:\install.res.1040.dll
[07/11/2007 08:03|–a------|81424] D:\install.res.1041.dll
[07/11/2007 08:03|–a------|79888] D:\install.res.1042.dll
[07/11/2007 08:03|–a------|75792] D:\install.res.2052.dll
[07/11/2007 08:03|–a------|96272] D:\install.res.3082.dll
[01/12/2006 23:37|–a------|904704] D:\msdia80.dll
[07/11/2007 08:00|–a------|5686] D:\vcredist.bmp
[07/11/2007 08:09|–a------|1442522] D:\VC_RED.cab
[07/11/2007 08:12|–a------|232960] D:\VC_RED.MSI
[22/09/2009 22:30|-r-------|2126120] E:\Setup.exe
[16/07/2009 23:13|-r-------|1246440] E:\autorun.exe
[14/04/2009 04:17|-r-------|58] E:\autorun.inf
[25/07/2009 02:23|-r-------|26695] E:\cluf.rtf
[25/07/2009 02:23|-r-------|26877] E:\eula_cz.rtf
[25/07/2009 02:23|-r-------|22966] E:\eula_de.rtf
[25/07/2009 02:23|-r-------|18998] E:\eula_en.rtf
[25/07/2009 02:23|-r-------|21752] E:\eula_es.rtf
[25/07/2009 02:23|-r-------|26695] E:\eula_fr.rtf
[25/07/2009 02:23|-r-------|27549] E:\eula_hu.rtf
[25/07/2009 02:23|-r-------|21911] E:\eula_it.rtf
[25/07/2009 02:23|-r-------|23314] E:\eula_pl.rtf
[23/09/2009 20:22|-r-------|25335] E:\lisezmoi.txt
[23/09/2009 20:22|-r-------|23199] E:\readme_cz.txt
[23/09/2009 20:22|-r-------|24120] E:\readme_de.txt
[23/09/2009 20:22|-r-------|21369] E:\readme_en.txt
[23/09/2009 20:22|-r-------|22815] E:\readme_es.txt
[23/09/2009 20:22|-r-------|25335] E:\readme_fr.txt
[23/09/2009 20:22|-r-------|23761] E:\readme_hu.txt
[23/09/2009 20:22|-r-------|22695] E:\readme_it.txt
[23/09/2009 20:22|-r-------|23396] E:\readme_pl.txt
[20/02/2010 06:32|–a------|656080896] K:\Starcraft Broodwar [1F0F84A6].iso
[20/02/2010 06:32|–a------|669204480] K:\Starcraft Original [Cd-Key 7090-37633-2276] [E9DB356A].iso

################## | Vaccination |

C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

D:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

K:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido).

Re

c 'est bon

  1. Désactives la restauration du système Vista ;pour éliminer les m@rdes

  1. Crée un point de restauration Vista

ensuite

  1. Lances Hijackthis

clique sur ==> Do a system scan and save a logfile.

A la fin de l’analyse, le bloc-notes va s’ouvrir. Copie-colle le rapport ici

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:28, on 21/02/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\SysWOW64\conime.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Users\Maxime\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = homepage.packardbell.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = homepage.packardbell.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
O4 - HKLM…\Run: [avgnt] “C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe” /min
O4 - HKLM…\Run: [BMISR] C:\Program Files (x86)\KYE\WebMate\BM.exe
O4 - HKCU…\Run: [SmpcSys] C:\Program Files (x86)\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU…\Run: [msnmsgr] “C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe” /background
O4 - HKCU…\Run: [Skype] “C:\Program Files (x86)\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe” -autorun
O4 - HKCU…\Run: [EA Core] “C:\Program Files (x86)\Electronic Arts\EADM\Core.exe” -silent
O4 - HKCU…\Run: [Free Download Manager] “C:\Program Files (x86)\Free Download Manager\fdm.exe” -autorun
O4 - HKCU…\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘SERVICE RÉSEAU’)
O8 - Extra context menu item: Download all with Free Download Manager - [C:\Program…](file://C:\Program) Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - [C:\Program…](file://C:\Program) Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - [C:\Program…](file://C:\Program) Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - [C:\Program…](file://C:\Program) Files (x86)\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE…
O8 - Extra context menu item: Google Sidewiki… - C:\Program… Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Dragon Age: Origins - Application de mise à jour (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Packard Bell Services - C:\Windows\SYSTEM32\HidService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TabletServicePen - Unknown owner - C:\Windows\system32\Pen_Tablet.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


End of file - 8916 bytes

Re

ton log Hijackthis est ok !!

Télécharges ToolsCleaner de A.Rothstein pour enlever les programmes utilisés pendant la procédure.

==>ToolsCleaner de A.Rothstein

==> Enregistres ToolsCleaner2.exe sur le Bureau.

Sous Vista,Clic-droit > Exécuter en tant qu’ Administrateur

==> Double-cliquer dessus, puis cliquer sur Recherche ==> Le programme va chercher les utilitaires installé
------> Il se peut que la fenêtre devienne blanche pendant le scan, c’est normal !
==> Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.

Lorsque la recherche est terminée ToolsCleaner affiche une liste des différents outils trouvés,

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

–> Recherche:

C:\UsbFix.txt: trouvé !
C:\UsbFix: trouvé !
C:\Rsit: trouvé !
C:\Users\Maxime\UsbFix.exe: trouvé !
C:\Users\Maxime\HijackThis: trouvé !
C:\Users\Maxime\AppData\Local\Temp\65D8.tmp\catchme.exe: trouvé !
C:\Users\Maxime\AppData\Local\Temp\65D8.tmp\mbr.exe: trouvé !
C:\Users\Maxime\AppData\Local\Temp\702.tmp\catchme.exe: trouvé !
C:\Users\Maxime\AppData\Local\Temp\702.tmp\mbr.exe: trouvé !
C:\Users\Maxime\AppData\Local\Temp\7D2A.tmp\catchme.exe: trouvé !
C:\Users\Maxime\AppData\Local\Temp\7D2A.tmp\mbr.exe: trouvé !
C:\Users\Maxime\AppData\Local\Temp\814F.tmp\mbr.log: trouvé !
C:\Users\Maxime\HiJackThis\HijackThis.exe: trouvé !
C:\Users\Maxime\HiJackThis\hijackthis.log: trouvé !

Voila ce qui apparait. Je dois choisir l’option supprimer nan?

Re

Relances la recherche avec ToolsCleaner quand elle est terminée ==> ToolsCleaner affiche une liste des différents outils trouvés,

cliques sur ==> Suppression afin de les supprimer.

et ensuite cliques==>vidage Corbeille
Fermes le programme en cliquant sur "Quitter ".

et tu termines par un clic droit sur ==> ToolsCleaner et tu le supprime

et voila. Merci beaucoups pour m’avoir aidé à supprimer ce virus! \o/

c’est cool de voir encore des gens prèts à aider les autres

Salut

Pas de probs :jap:

:hello:

Bonjour, moi aussi je fais partie de ces personnes qui ont été frappées par ce virus msn.
Par ma faute certains de mes contacts ont cliqué sur ces liens et je voudrais vraiment pouvoir éradiquer ce virus.

Comme Crazy-Ministrel j’avais pu tracer le virus sur mon disque dur et je pensais m’en être débarrassée en le supprimant simplement mais hélas non. Lorsque je suis loggée sur msn, mon compte continue à envoyer des liens et de plus mes fenêtres msn sont systématiquement fermées.

Je vais donc avoir recours à la méthode Hijackthis à laquelle je suis complètement étrangère. Est-ce que quelqu’un pourrait me venir en aide ?

Voici le résultat du scan Hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:11:17, on 08/05/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\infocard.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\GigaTribe\gigatribe.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijack this\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.club-vaio.com…
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = www.club-vaio.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\GoogleAFE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM…\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM…\Run: [VAIOCameraUtility] “C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe”
O4 - HKLM…\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM…\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM…\Run: [VAIO Update 2] “C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe” /Stationary
O4 - HKLM…\Run: [PDService.exe] C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
O4 - HKLM…\Run: [Acrobat Assistant 7.0] “C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe”
O4 - HKLM…\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM…\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM…\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM…\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM…\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM…\Run: [AdobeCS4ServiceManager] “C:\Program Files\Fichiers communs\Adobe\CS4ServiceManager\CS4ServiceManager.exe” -launchedbylogin
O4 - HKLM…\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre6\bin\jusched.exe”
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM…\Run: [Firewall Administrating] C:\WINDOWS\infocard.exe
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [updateMgr] “C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe” AcRdB7_0_8 -reboot 1
O4 - HKCU…\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 - HKCU…\Run: [DAEMON Tools Lite] “C:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
O4 - HKCU…\Run: [EA Core] “C:\Program Files\Electronic Arts\EADM\Core.exe” -silent
O4 - HKCU…\Run: [Firewall Administrating] C:\WINDOWS\infocard.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe
O4 - Global Startup: Lancement rapide d’Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE…
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com…
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - messenger.zone.msn.com…
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com…
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe


End of file - 14290 bytes


J'oubliais mon système d'exploitation est Windows XP!

Merci d’avance à celui qui aura un peu de temps pour m’aider !:slight_smile: