Votre question

Eradiquer Download BWS et Dbua

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Janvier 2010 20:36:36

J'ai trouvé 2 virus ( downloader BWS et Trojan.Agent.Dbua, détecter avec scanSpyware) mais je ne sais pas comment les éradiquer car ni mon antivirus ni Malwarebyte's ne les détectent.

Merci d'avance pour votre aide.

Autres pages sur : eradiquer download bws dbua

6 Janvier 2010 15:40:31

Salut, c'est peut-être normal, étant donné que scanSpyware est un rogue (faux anti-spyware) :lol: 

Je te conseille de le désinstaller par ajout/supression de prog pour commencer et ensuite de suivre ces manips à la lettre:


Télécharger sur le bureau Malwarebyte's Anti-Malware

* Double-clic sur « mbam-setup » pour lancer l'installation
* Installer simplement sans rien modifier
* Quand le programme lancé ==> onglet « Mise à jour » cliquer sur ==> « Recherche de mise à jour »
Onglet « Recherche » ==> cocher « Exécuter un examen complet »
* Clic « Rechercher »
* Cocher tous les disque dur
* Clic « Lancer l'examen »
* En fin de scan , si infection trouvée
==> Clic « Afficher résultat »
* Fermer vos applications en cours
* Vérifier si tout est coché et clic « Supprimer la sélection »

* un rapport s'ouvre le copier et le coller dans la réponse

+

Télécharge sur le bureau « RSIT »
* Double-clic dessus
(Avec VISTA > clic-droit et > Exécuter en tant qu'administrateur)
* Laisser « 1 month »
* Cliquer sur « Continue »
* À la fin du scan 2 rapports sont créés: « log.txt » et « info.txt »
* Copier/coller les deux rapports dans la réponse
** Note: les rapports se situent aussi dans « C:\rsit\log.txt » et « C:\rsit\info.txt »
6 Janvier 2010 23:11:28

Bonsoir,
voici le rapport après examen de malwarebyte :
Malwarebytes' Anti-Malware 1.43
Version de la base de données: 3502
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/01/2010 23:07:57
mbam-log-2010-01-06 (23-07-57).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 254789
Temps écoulé: 3 hour(s), 30 minute(s), 18 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
c:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ByteLinker (PUP.BitSpirit) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PUT2VIDQLG (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\put2vidqlg (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\Propriétaire\Local Settings\Temp\sshnas.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.


Puis celui de RSIT :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Propriétaire at 2010-01-06 23:09:40
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 55 GB (46%) free of 120 GB
Total RAM: 2047 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:50, on 06/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\ma-config.com\maconfservice.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\RSIT.exe
C:\Program Files\trend micro\HijackThis\Propriétaire.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger en Utilisant &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls...
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol...
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7697 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{46F3CE72-9420-45DA-8CD2-8ABBBEB6325F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2006-11-30 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-02-03 18085888]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"Six Engine"=C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2009-02-13 5634560]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2006-11-30 112216]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768]
"XboxStat"=C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [2007-09-26 734264]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2009-08-12 1657376]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-08-17 86016]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-30 1389904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-12-30 429392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2007-07-02 220544]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe [2009-11-11 3124160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe [2009-08-20 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-30 1389904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
C:\Program Files\SAMSUNG\FW LiveUpdate\FWManager.exe [2009-07-15 692340]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-10 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [2008-07-09 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2009-08-17 13877248]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\MpcStar\Codecs\QuickTime\QTTask.exe [2009-11-10 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uedkkrba]
c:\documents and settings\propriétaire\local settings\application data\uedkkrba.exe uedkkrba []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=128
"NoDriveAutoRun"=128
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\BitSpirit\BitSpirit.exe"="C:\Program Files\BitSpirit\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
"C:\Program Files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe"="C:\Program Files\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez - Bound in Blood"
"C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe"="C:\Program Files\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:p ro Evolution Soccer 2009"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"E:\Program Files\Codemasters\FUEL\FUEL.exe"="E:\Program Files\Codemasters\FUEL\FUEL.exe:*:Enabled:FUEL"
"C:\Program Files\TVUPlayer\TVUPlayer.exe"="C:\Program Files\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component"
"C:\Program Files\uusee\UUSeePlayer.exe"="C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\TVAnts\Tvants.exe"="C:\Program Files\TVAnts\Tvants.exe:*:Enabled:TVAnts"
"E:\Program Files\Binaries\RiseOfTheArgonauts.exe"="E:\Program Files\Binaries\RiseOfTheArgonauts.exe:*:Enabled:RiseOfTheArgonauts"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2010\fm.exe:*:Enabled:Football Manager 2010"
"C:\Program Files\Ubisoft\James Cameron's AVATAR - THE GAME\bin\Avatar.exe"="C:\Program Files\Ubisoft\James Cameron's AVATAR - THE GAME\bin\Avatar.exe:*:Enabled:James Cameron's AVATAR(tm): THE GAME"
"C:\Program Files\Ubisoft\James Cameron's AVATAR - THE GAME\bin\AvatarLauncher.exe"="C:\Program Files\Ubisoft\James Cameron's AVATAR - THE GAME\bin\AvatarLauncher.exe:*:Enabled:Updater"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.0C.mui"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\sandra.0C.mui:*:Enabled:SiSoftware Sandra Agent Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c9498eb8-a5c5-11de-805e-806d6172696f}]
shell\AutoRun\command - G:\FrameworkCheck.exe


======List of files/folders created in the last 1 months======

2010-01-06 19:54:20 ----A---- C:\Documents and Settings\All Users\Application Data\xml5F.tmp
2010-01-06 19:54:20 ----A---- C:\Documents and Settings\All Users\Application Data\xml5E.tmp
2010-01-06 19:54:20 ----A---- C:\Documents and Settings\All Users\Application Data\xml5D.tmp
2010-01-06 19:54:16 ----A---- C:\Documents and Settings\All Users\Application Data\xml5C.tmp
2010-01-06 19:53:19 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-01-06 19:53:18 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-01-06 19:53:18 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-01-06 19:53:17 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-01-06 19:53:16 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-01-06 19:53:16 ----A---- C:\WINDOWS\system32\d3dx10_42.dll
2010-01-06 19:53:15 ----A---- C:\WINDOWS\system32\D3DX9_42.dll
2010-01-06 19:52:04 ----D---- C:\WINDOWS\LastGood
2010-01-06 19:51:53 ----D---- C:\Program Files\SiSoftware
2010-01-06 19:43:17 ----HD---- C:\WINDOWS\PIF
2010-01-05 19:19:50 ----D---- C:\Documents and Settings\Propriétaire\Application Data\HouseCall 6.6
2010-01-04 18:27:32 ----A---- C:\WINDOWS\ScanSpyware.INI
2010-01-04 18:08:04 ----D---- C:\Documents and Settings\Propriétaire\Application Data\ScanSpyware
2010-01-04 15:12:21 ----N---- C:\WINDOWS\system32\sshnas.dll
2010-01-04 15:06:40 ----D---- C:\Documents and Settings\All Users\Application Data\Solidshield
2010-01-02 15:25:48 ----D---- C:\Documents and Settings\All Users\Application Data\Sports Interactive
2010-01-02 15:25:16 ----D---- C:\Documents and Settings\Propriétaire\Application Data\Sports Interactive
2010-01-02 15:24:36 ----A---- C:\WINDOWS\system32\d3dx10_41.dll
2010-01-02 15:24:36 ----A---- C:\WINDOWS\system32\D3DCompiler_41.dll
2010-01-02 15:24:35 ----A---- C:\WINDOWS\system32\D3DX9_41.dll
2010-01-02 15:24:34 ----A---- C:\WINDOWS\system32\XAudio2_4.dll
2010-01-02 15:24:34 ----A---- C:\WINDOWS\system32\XAPOFX1_3.dll
2010-01-02 15:24:34 ----A---- C:\WINDOWS\system32\xactengine3_4.dll
2010-01-02 15:24:33 ----A---- C:\WINDOWS\system32\X3DAudio1_6.dll
2010-01-02 15:20:30 ----HD---- C:\Program Files\Zero G Registry
2010-01-02 15:20:30 ----D---- C:\Program Files\Sports Interactive
2009-12-28 10:09:39 ----D---- C:\Documents and Settings\Propriétaire\Application Data\Apple Computer
2009-12-28 10:09:28 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-12-28 10:08:47 ----D---- C:\Program Files\iPod
2009-12-28 10:08:44 ----D---- C:\Program Files\iTunes
2009-12-28 10:08:44 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-28 10:07:12 ----D---- C:\Program Files\Apple Software Update
2009-12-28 10:07:00 ----A---- C:\WINDOWS\system32\usbaaplrc.dll
2009-12-28 10:06:29 ----D---- C:\Program Files\Fichiers communs\Apple
2009-12-28 10:06:29 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-12-24 15:11:57 ----D---- C:\Program Files\SystemRequirementsLab
2009-12-24 15:11:52 ----D---- C:\Documents and Settings\Propriétaire\Application Data\SystemRequirementsLab
2009-12-23 23:39:47 ----D---- C:\Program Files\CCleaner
2009-12-21 19:47:09 ----A---- C:\WINDOWS\system32\Log_20091221_194709_28C.txt
2009-12-21 19:47:07 ----A---- C:\WINDOWS\system32\Log_20091221_194707_D70.txt
2009-12-21 19:44:16 ----A---- C:\WINDOWS\system32\Log_20091221_194416_EC0.txt
2009-12-21 19:42:46 ----A---- C:\WINDOWS\system32\Log_20091221_194246_480.txt
2009-12-20 21:04:47 ----A---- C:\WINDOWS\system32\Log_20091220_210447_644.txt
2009-12-20 21:04:46 ----A---- C:\WINDOWS\system32\Log_20091220_210446_1D0.txt
2009-12-20 21:04:44 ----A---- C:\WINDOWS\system32\Log_20091220_210444_CCC.txt
2009-12-20 21:04:42 ----A---- C:\WINDOWS\system32\Log_20091220_210442_F1C.txt
2009-12-20 21:04:41 ----A---- C:\WINDOWS\system32\Log_20091220_210441_B24.txt
2009-12-20 21:04:39 ----A---- C:\WINDOWS\system32\Log_20091220_210439_9BC.txt
2009-12-20 21:04:37 ----A---- C:\WINDOWS\system32\Log_20091220_210437_C8.txt
2009-12-20 21:04:36 ----A---- C:\WINDOWS\system32\Log_20091220_210436_EB8.txt
2009-12-20 21:04:34 ----A---- C:\WINDOWS\system32\Log_20091220_210434_894.txt
2009-12-20 21:04:33 ----A---- C:\WINDOWS\system32\Log_20091220_210433_10C.txt
2009-12-20 21:04:31 ----A---- C:\WINDOWS\system32\Log_20091220_210431_B90.txt
2009-12-20 21:02:43 ----D---- C:\Program Files\Pochette Express 2
2009-12-20 19:29:34 ----A---- C:\WINDOWS\system32\Log_20091220_192934_12C.txt
2009-12-20 19:29:33 ----A---- C:\WINDOWS\system32\Log_20091220_192933_F3C.txt
2009-12-20 19:29:31 ----A---- C:\WINDOWS\system32\Log_20091220_192931_A60.txt
2009-12-20 19:29:29 ----A---- C:\WINDOWS\system32\Log_20091220_192929_8C8.txt
2009-12-20 19:29:28 ----A---- C:\WINDOWS\system32\Log_20091220_192928_E60.txt
2009-12-20 19:29:26 ----A---- C:\WINDOWS\system32\Log_20091220_192926_570.txt
2009-12-20 19:29:24 ----A---- C:\WINDOWS\system32\Log_20091220_192924_698.txt
2009-12-20 19:29:23 ----A---- C:\WINDOWS\system32\Log_20091220_192923_4E8.txt
2009-12-20 19:29:21 ----A---- C:\WINDOWS\system32\Log_20091220_192921_D64.txt
2009-12-20 19:29:19 ----A---- C:\WINDOWS\system32\Log_20091220_192919_FA8.txt
2009-12-20 19:29:16 ----A---- C:\WINDOWS\system32\Log_20091220_192916_9D8.txt
2009-12-20 18:47:31 ----D---- C:\WINDOWS\SxsCaPendDel
2009-12-20 18:45:40 ----D---- C:\Program Files\RapidSolution
2009-12-20 18:45:39 ----D---- C:\Documents and Settings\All Users\Application Data\RapidSolution
2009-12-09 21:19:39 ----D---- C:\WINDOWS\45235788142C44BE8A4DDDE9A84492E5.TMP

======List of files/folders modified in the last 1 months======

2010-01-06 23:09:49 ----D---- C:\WINDOWS\Prefetch
2010-01-06 23:09:28 ----D---- C:\WINDOWS\system32\drivers
2010-01-06 23:07:57 ----SD---- C:\WINDOWS\Tasks
2010-01-06 23:07:07 ----D---- C:\Program Files\Mozilla Firefox
2010-01-06 21:01:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-06 20:15:38 ----D---- C:\WINDOWS\Temp
2010-01-06 19:53:20 ----D---- C:\WINDOWS\system32\DirectX
2010-01-06 19:53:19 ----HD---- C:\WINDOWS\inf
2010-01-06 19:53:19 ----D---- C:\WINDOWS\system32
2010-01-06 19:52:04 ----D---- C:\WINDOWS
2010-01-06 19:51:53 ----RD---- C:\Program Files
2010-01-06 19:40:48 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-06 19:35:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-05 21:21:48 ----D---- C:\QUARANTINE
2010-01-04 18:50:25 ----D---- C:\Program Files\Navilog1
2010-01-04 18:50:16 ----A---- C:\cleannavi.txt
2010-01-04 15:02:09 ----RSD---- C:\WINDOWS\assembly
2010-01-04 15:01:31 ----SHD---- C:\WINDOWS\Installer
2010-01-04 15:01:30 ----D---- C:\WINDOWS\WinSxS
2010-01-04 14:58:40 ----D---- C:\Program Files\Ubisoft
2010-01-04 14:58:38 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-01 15:36:35 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-28 11:23:23 ----D---- C:\Program Files\EA Sports
2009-12-28 11:17:11 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-28 11:17:03 ----D---- C:\WINDOWS\Minidump
2009-12-28 11:17:03 ----D---- C:\WINDOWS\Debug
2009-12-28 11:12:42 ----D---- C:\WINDOWS\system32\Lang
2009-12-28 10:09:27 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-12-28 10:08:44 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-12-28 10:07:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-12-28 10:06:29 ----D---- C:\Program Files\Fichiers communs
2009-12-20 19:28:37 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-12-20 18:47:42 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-12-20 15:31:54 ----SD---- C:\Documents and Settings\Propriétaire\Application Data\Microsoft
2009-12-09 21:20:06 ----RSH---- C:\boot.ini
2009-12-09 21:19:37 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-12-09 18:59:52 ----D---- C:\Program Files\Internet Explorer
2009-12-09 18:59:47 ----D---- C:\WINDOWS\ie8updates
2009-12-09 18:59:43 ----HD---- C:\WINDOWS\$hf_mig$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;Pilote de processeur AMD HwPState; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-09-26 25768]
R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-30 52136]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-11-11 104512]
R3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-03 5030912]
R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-30 64360]
R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-30 72264]
R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-30 34152]
R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2006-11-30 168776]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-15 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-08-16 7729568]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-09-25 115328]
R3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\WNt500x86\Sandra.sys []
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-04-19 479200]
R3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\WINDOWS\system32\DRIVERS\xusb21.sys [2007-02-26 61984]
S3 a5nqweoz;a5nqweoz; C:\WINDOWS\system32\drivers\a5nqweoz.sys []
S3 alq3uml8;alq3uml8; C:\WINDOWS\system32\drivers\alq3uml8.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 tbhsd;Tunebite High-Speed Dubbing; C:\WINDOWS\system32\drivers\tbhsd.sys [2009-12-10 37920]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2009-08-20 73728]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000]
R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2006-11-30 144960]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2006-11-30 54872]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-10 877864]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-08-17 168004]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-09-01 234864]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe [2009-08-24 93336]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Service de partage de ports Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe []

-----------------EOF-----------------
6 Janvier 2010 23:26:19

Ton pc n'a pas été redémarré après malwarebytes', redémarre le ;) 

Ensuite tu fera ça pour vérifier qu'il n'y a pas de navipromo:

Télécharger sur le bureau Navilog1.exe

*double-clic dessus pour l'installer et le lancer
Quand installé
* Taper « F »
* Appuyer sur une touche jusqu'à arriver aux options
* Choisir « Recherche et désinfection automatique » ( = taper 1 )
* un rapport : fixnavi.txt dans ==> C:\
* le copier/coller dans la réponse

+

Ensuite tu désinstallera via ajout/suppr de programme => DAEMON Tools Toolbar
Un peu de lecture sur les toolbar

+

Télécharger sur le bureau « OTMoveIt3.exe »

* Copier ce texte

:Processes
explorer.exe

:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uedkkrba]

:Files
C:\WINDOWS\ScanSpyware.INI
C:\Documents and Settings\Propriétaire\Application Data\ScanSpyware
C:\WINDOWS\system32\sshnas.dll
C:\WINDOWS\system32\drivers\a5nqweoz.sys
C:\WINDOWS\system32\drivers\alq3uml8.sys
c:\documents and settings\propriétaire\local settings\application data\uedkkrba.exe

:Commands
[emptytemp]
[start explorer]
[Reboot]


* Double-clic sur OTMoveIt.exe

* Dans le cadre de Gauche « Paste Instructions for Items to be Moved » ==> clic-droit ==> coller
* Clic « MoveIt! »
* si redémarrage demandé==> Clic : « YES »
* Un rapport dans ==> C:\_OTMoveIt\MovedFiles\date du jour à copier/coller dans la réponse (format du type => mmjjaaaa_hhmmss.log)

===

Redémarre et dis si tu as encore des soucis
7 Janvier 2010 13:05:28

Rapport de navilog :
Fix Navipromo version 4.0.6 commencé le 07/01/2010 12:54:24,07

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 03.01.2010 à 11h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Phenom(tm) 9950 Quad-Core Processor )
BIOS : BIOS Date: 04/09/09 20:24:23 Ver: 07.01
USER : Propriétaire ( Administrator )
BOOT : Normal boot

Antivirus : McAfee VirusScan Enterprise 8.5.0.781 (Activated)


C:\ (Local Disk) - NTFS - Total:117 Go (Free:54 Go)
D:\ (Local Disk) - NTFS - Total:114 Go (Free:6 Go)
E:\ (Local Disk) - NTFS - Total:180 Go (Free:166 Go)
F:\ (Local Disk) - NTFS - Total:37 Go (Free:1 Go)
G:\ (CD or DVD) - CDFS - Total:7 Go (Free:0 Go)
H:\ (CD or DVD)
I:\ (CD or DVD)
J:\ (CD or DVD)
K:\ (CD or DVD)


Recherche executée en mode normal


Aucune Infection Navipromo/Egdaccess trouvée



*** Scan terminé 07/01/2010 12:54:45,02 ***


Rapport de OTM :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uedkkrba\ deleted successfully.
========== FILES ==========
C:\WINDOWS\ScanSpyware.INI moved successfully.
C:\Documents and Settings\Propriétaire\Application Data\ScanSpyware\quarantine folder moved successfully.
C:\Documents and Settings\Propriétaire\Application Data\ScanSpyware\logs folder moved successfully.
C:\Documents and Settings\Propriétaire\Application Data\ScanSpyware\ignorelist folder moved successfully.
C:\Documents and Settings\Propriétaire\Application Data\ScanSpyware\customscanlist folder moved successfully.
C:\Documents and Settings\Propriétaire\Application Data\ScanSpyware folder moved successfully.
File/Folder C:\WINDOWS\system32\sshnas.dll not found.
File/Folder C:\WINDOWS\system32\drivers\a5nqweoz.sys not found.
File/Folder C:\WINDOWS\system32\drivers\alq3uml8.sys not found.
File/Folder c:\documents and settings\propriétaire\local settings\application data\uedkkrba.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Emmanuelle
->Temp folder emptied: 10884956 bytes
->Temporary Internet Files folder emptied: 14935831 bytes
->FireFox cache emptied: 105435702 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Propriétaire
->Temp folder emptied: 467747137 bytes
->Temporary Internet Files folder emptied: 50183192 bytes
->Java cache emptied: 51856850 bytes
->FireFox cache emptied: 103936954 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2507443 bytes
%systemroot%\System32 .tmp files removed: 19129856 bytes
Windows Temp folder emptied: 49743427 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12989902 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 228196 bytes

Total Files Cleaned = 849,00 mb


OTM by OldTimer - Version 3.1.4.0 log created on 01072010_125807

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\WFV3.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...


7 Janvier 2010 13:57:21

Ok, tu as encore des soucis?
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS