> Tous les forums > Forum Sécurité
 Besoin d'aide pour éliminer Winferno, Playlotgame
Ajouter un message à la discussion
Page : [1] 
Page 1 sur 1
beilei
  Posté le 22/10/2009 @ 21:34 
Aller en bas de la page 
Nouvelle astucienne

Bonsoir

J'ai le même problème qu'Olam31 en septembre installation intempestive de Winferno, Playlotgame...J'ai commencé la procédure indiquée dans ce sujet et voici ce que j'obtiens

Logfile of random's system information tool 1.06 (written by random/random)
Run by Roudoudou at 2009-10-22 20:39:32
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 103 GB (68%) free of 153 GB
Total RAM: 1015 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:39:53, on 22/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\HP\HPBTWD.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\syncables\syncables desktop\Syncables.exe
C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\syncables\syncables desktop\MigoMapi.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\Explorer.Exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Weemi\weemi127.exe
C:\Program Files\Weemi\weemi.exe
C:\Program Files\Playalot Games\playalot.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\Documents and Settings\Roudoudou\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\Roudoudou.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PCCBHO.CPCCBHO - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [HP BTW Detect Program] C:\Program Files\HP\HPBTWD.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Recherche AOL Toolbar - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\fr-FR\local\search.html
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://www-cdn.freerealms.com/gamedata/plugins/1.0.3.83/FreeRealmsInstaller.cab?v=1032
O18 - Protocol: Skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BOTService - Sonic Solutions - C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe
O23 - Service: Weemi Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Weemi\weemi127.exe

--
End of file - 10789 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\BackOnTrack Instant Restore Idle.job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\RegPowerClean.job
C:\WINDOWS\tasks\RPCReminder.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF}]
PCCBHO.CPCCBHO - C:\Program Files\Winferno\PC Confidential\PCCBHO.dll [2008-04-01 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-26 378736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\IPSBHO.DLL [2009-08-26 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-05-10 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
AOL Toolbar BHO - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Microsoft Live Search Toolbar Helper - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll [2009-03-25 82784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-10 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-10 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Engine\16.7.2.11\coIEPlg.dll [2009-08-26 378736]
{DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll [2008-07-02 1185120]
{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - Microsoft Live Search Toolbar - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll [2009-03-25 82784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-30 483428]
"AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2009-02-18 737280]
"HP BTW Detect Program"=C:\Program Files\HP\HPBTWD.exe [2009-03-30 319488]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-01-16 1418536]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-10 136600]
"Syncables"=C:\Program Files\syncables\syncables desktop\Syncables.exe [2009-04-02 173360]
"Microsoft Default Manager"=c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2009-02-06 224616]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-15 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-15 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-15 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-15 455168]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2009-09-02 25623336]
"eMuleAutoStart"=C:\Program Files\eMule\emule.exe [2009-02-22 5668864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe"="C:\Program Files\Fichiers communs\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe"="C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\FreeRealms.exe"="C:\Program Files\Sony Online Entertainment\Installed Games\Free Realms\FreeRealms.exe:*:Enabled:FreeRealms"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{785f5c5b-87d0-11de-89f6-0025b34c79f2}]
shell\Auto\command - D:\launcher.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c553f35-bd3b-11de-a8c8-0025b34c79f2}]
shell\Auto\command - sky.exe
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sky.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd79a242-8244-11de-92ba-0025b34c79f2}]
shell\AutoRun\command - CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe
shell\open\command - CONFIG\S-1-5-21-1482476501-1644491937-682003330-1013\ConfDriver.exe


======List of files/folders created in the last 1 months======

2009-10-22 20:39:35 ----D---- C:\Program Files\trend micro
2009-10-22 20:39:32 ----D---- C:\rsit
2009-10-22 20:31:30 ----D---- C:\WINDOWS\pss
2009-10-22 18:50:43 ----D---- C:\Documents and Settings\Roudoudou\Application Data\Titanium Gears
2009-10-22 18:50:06 ----D---- C:\Program Files\Playalot Games
2009-10-22 18:36:01 ----D---- C:\Documents and Settings\All Users\Application Data\Winferno
2009-10-22 18:34:31 ----D---- C:\Program Files\Common Files
2009-10-22 18:31:08 ----A---- C:\WINDOWS\system32\WINUTIL5.DLL
2009-10-22 18:31:07 ----A---- C:\WINDOWS\system32\WINLCTL5.DLL
2009-10-22 18:31:04 ----A---- C:\WINDOWS\system32\CapiCom.dll
2009-10-22 18:31:03 ----D---- C:\Program Files\Winferno
2009-10-22 18:27:38 ----D---- C:\Program Files\Weemi
2009-10-22 18:27:38 ----D---- C:\Documents and Settings\All Users\Application Data\Weemi
2009-10-16 14:02:00 ----D---- C:\Program Files\PhotoFiltre
2009-10-16 03:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-16 03:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-16 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-16 03:03:41 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-16 03:03:31 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-16 03:02:38 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-16 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-16 03:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-16 03:00:23 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-15 17:28:09 ----D---- C:\Microgaming
2009-10-13 03:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-10-09 16:13:38 ----D---- C:\Program Files\XM Player
2009-10-09 16:08:54 ----D---- C:\Documents and Settings\Roudoudou\Application Data\WinRAR
2009-10-09 16:08:29 ----D---- C:\Program Files\WinRAR
2009-10-09 16:05:31 ----D---- C:\Program Files\PocketRAR
2009-10-09 08:35:44 ----D---- C:\Program Files\WinDirStat
2009-10-07 00:38:28 ----A---- C:\WINDOWS\system32\muweb.dll
2009-10-07 00:38:27 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-10-06 05:57:04 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-10-06 05:57:01 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-10-06 05:56:58 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-10-06 05:56:53 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-10-06 05:56:51 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-10-06 05:56:49 ----A---- C:\WINDOWS\system32\cdm.dll
2009-10-04 17:57:36 ----D---- C:\Documents and Settings\Roudoudou\Application Data\Apple Computer
2009-10-04 17:56:46 ----A---- C:\WINDOWS\system32\GEARAspi.dll
2009-10-04 17:51:53 ----D---- C:\Program Files\iPod
2009-10-04 17:51:33 ----D---- C:\Program Files\iTunes
2009-10-04 17:51:33 ----D---- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-04 17:50:07 ----D---- C:\Program Files\Bonjour
2009-10-04 17:45:44 ----D---- C:\Program Files\QuickTime
2009-10-04 17:45:37 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-10-04 17:42:07 ----D---- C:\Program Files\Apple Software Update
2009-10-04 17:38:37 ----D---- C:\Program Files\Fichiers communs\Apple
2009-10-04 17:38:34 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-10-02 16:05:42 ----D---- C:\WINDOWS\Sun
2009-09-30 18:07:46 ----D---- C:\Documents and Settings\Roudoudou\Application Data\skypePM
2009-09-30 18:05:18 ----D---- C:\Documents and Settings\Roudoudou\Application Data\Skype
2009-09-30 17:50:13 ----D---- C:\Program Files\Fichiers communs\Skype
2009-09-30 17:50:05 ----RD---- C:\Program Files\Skype
2009-09-30 17:49:54 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2009-09-30 05:54:16 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-09-29 18:53:33 ----D---- C:\Intel
2009-09-29 18:22:48 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-29 03:01:18 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-09-28 15:21:41 ----D---- C:\Documents and Settings\Roudoudou\Application Data\Media Player Classic
2009-09-28 15:19:15 ----A---- C:\WINDOWS\system32\unrar.dll
2009-09-28 15:19:11 ----A---- C:\WINDOWS\avisplitter.ini
2009-09-28 15:19:04 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2009-09-28 15:19:00 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2009-09-28 15:19:00 ----A---- C:\WINDOWS\system32\xvidcore.dll
2009-09-28 15:18:52 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2009-09-28 15:18:51 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2009-09-28 15:18:41 ----D---- C:\Program Files\K-Lite Codec Pack
2009-09-28 02:50:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-09-28 02:50:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-09-28 02:49:48 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-09-28 02:49:27 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-09-28 02:49:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-09-28 02:48:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-09-28 02:47:30 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-09-28 02:47:03 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2009-09-28 02:46:51 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-09-28 02:46:25 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2009-09-28 02:46:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-09-28 02:45:25 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-09-28 02:45:08 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-09-28 02:44:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-09-28 02:44:32 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-09-28 02:43:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-09-28 02:26:53 ----D---- C:\WINDOWS\system32\XPSViewer
2009-09-28 02:26:45 ----D---- C:\Program Files\MSBuild
2009-09-28 02:26:40 ----D---- C:\WINDOWS\system32\en-US
2009-09-28 02:26:26 ----D---- C:\Program Files\Reference Assemblies
2009-09-28 02:24:50 ----N---- C:\WINDOWS\system32\xpsshhdr.dll
2009-09-28 02:24:50 ----N---- C:\WINDOWS\system32\prntvpt.dll
2009-09-28 02:24:49 ----N---- C:\WINDOWS\system32\xpssvcs.dll
2009-09-28 02:24:48 ----D---- C:\a6cc2f2448772dd246e39ee7932b68
2009-09-28 02:12:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-09-28 02:12:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2009-09-28 02:11:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-09-28 02:11:33 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-09-28 02:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-09-28 02:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-09-28 02:10:41 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-09-28 02:09:29 ----D---- C:\WINDOWS\ie7updates
2009-09-28 02:08:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-09-28 02:08:42 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-09-28 02:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-09-28 02:07:54 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-09-28 02:07:41 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-09-28 02:07:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-09-28 02:07:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-09-28 02:06:52 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-09-28 02:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-09-28 02:05:49 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-09-28 02:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-09-28 02:04:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-09-28 02:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-09-28 02:03:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-09-28 02:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-09-28 02:03:19 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-09-28 02:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-09-28 02:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-09-28 02:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-09-28 02:02:31 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-09-28 02:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-09-28 02:02:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-09-28 02:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-09-28 02:01:39 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-09-28 02:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-09-28 02:00:52 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2009-09-28 02:00:29 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2009-09-27 16:46:48 ----D---- C:\Program Files\Adobe
2009-09-27 10:33:07 ----A---- C:\WINDOWS\system32\tzchange.exe
2009-09-27 10:25:47 ----A---- C:\WINDOWS\system32\services.exe
2009-09-27 10:25:47 ----A---- C:\WINDOWS\system32\rpcss.dll
2009-09-27 10:25:47 ----A---- C:\WINDOWS\system32\pdh.dll
2009-09-27 10:25:44 ----A---- C:\WINDOWS\system32\sc.exe
2009-09-27 10:25:42 ----A---- C:\WINDOWS\system32\advapi32.dll
2009-09-27 10:25:40 ----A---- C:\WINDOWS\system32\ntdll.dll
2009-09-27 10:25:36 ----A---- C:\WINDOWS\system32\ntoskrnl.exe
2009-09-27 10:25:33 ----A---- C:\WINDOWS\system32\ntkrnlpa.exe
2009-09-27 10:10:21 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-09-27 10:07:29 ----A---- C:\WINDOWS\system32\winhttp.dll
2009-09-27 10:07:09 ----A---- C:\WINDOWS\system32\strmdll.dll
2009-09-27 10:07:01 ----A---- C:\WINDOWS\system32\netapi32.dll
2009-09-27 10:06:54 ----A---- C:\WINDOWS\system32\msxml3.dll
2009-09-27 10:06:25 ----A---- C:\WINDOWS\system32\jscript.dll
2009-09-26 23:27:02 ----D---- C:\WINDOWS\system32\PreInstall
2009-09-26 23:26:59 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-09-26 22:39:31 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-09-26 22:33:48 ----D---- C:\Program Files\eMule
2009-09-26 19:13:04 ----D---- C:\Program Files\Windows Live SkyDrive
2009-09-26 19:12:23 ----D---- C:\Program Files\Windows Live
2009-09-26 18:57:09 ----D---- C:\Program Files\Fichiers communs\Windows Live
2009-09-26 18:31:06 ----D---- C:\Documents and Settings\Roudoudou\Application Data\Mozilla
2009-09-26 18:30:41 ----D---- C:\Program Files\Mozilla Firefox
2009-09-26 18:30:27 ----D---- C:\Program Files\Sony Online Entertainment

======List of files/folders modified in the last 1 months======

2009-10-22 20:39:35 ----RD---- C:\Program Files
2009-10-22 20:39:28 ----D---- C:\WINDOWS\Prefetch
2009-10-22 20:35:03 ----D---- C:\WINDOWS\temp
2009-10-22 20:33:35 ----SHD---- C:\WINDOWS\Installer
2009-10-22 20:31:30 ----D---- C:\WINDOWS
2009-10-22 18:34:36 ----SD---- C:\WINDOWS\Tasks
2009-10-22 18:34:26 ----D---- C:\WINDOWS\system32
2009-10-21 22:29:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-21 22:29:13 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-20 09:34:17 ----HD---- C:\WINDOWS\inf
2009-10-18 04:06:09 ----SHD---- C:\System Volume Information
2009-10-18 04:05:51 ----D---- C:\WINDOWS\Registration
2009-10-16 16:53:25 ----D---- C:\Documents and Settings\Roudoudou\Application Data\Adobe
2009-10-16 03:23:17 ----RSD---- C:\WINDOWS\assembly
2009-10-16 03:15:45 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-16 03:08:22 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-16 03:07:51 ----D---- C:\WINDOWS\WinSxS
2009-10-16 03:04:02 ----A---- C:\WINDOWS\imsins.BAK
2009-10-16 03:04:01 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-10-16 03:03:14 ----D---- C:\WINDOWS\system32\fr-fr
2009-10-16 03:03:14 ----D---- C:\Program Files\Internet Explorer
2009-10-16 03:00:45 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-13 03:00:51 ----D---- C:\WINDOWS\system32\drivers
2009-10-09 10:59:04 ----D---- C:\WINDOWS\system32\Restore
2009-10-06 05:57:15 ----D---- C:\WINDOWS\Help
2009-10-04 17:56:46 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-10-04 17:38:37 ----D---- C:\Program Files\Fichiers communs
2009-10-03 07:27:18 ----SD---- C:\Documents and Settings\Roudoudou\Application Data\Microsoft
2009-09-29 18:22:52 ----D---- C:\WINDOWS\Debug
2009-09-29 03:03:02 ----D---- C:\WINDOWS\system32\CatRoot
2009-09-28 15:47:13 ----D---- C:\Program Files\Symantec
2009-09-28 15:47:12 ----A---- C:\WINDOWS\system32\S32EVNT1.DLL
2009-09-28 02:57:39 ----D---- C:\WINDOWS\system32\wbem
2009-09-28 02:57:37 ----D---- C:\Program Files\Microsoft Silverlight
2009-09-28 02:57:36 ----D---- C:\WINDOWS\AppPatch
2009-09-28 02:49:31 ----D---- C:\Program Files\Messenger
2009-09-28 02:48:19 ----D---- C:\Program Files\Microsoft Works
2009-09-28 02:26:37 ----RSD---- C:\WINDOWS\Fonts
2009-09-28 02:25:37 ----D---- C:\WINDOWS\system32\spool
2009-09-28 02:07:16 ----D---- C:\Program Files\Outlook Express
2009-09-27 16:47:02 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-09-27 16:46:50 ----D---- C:\Program Files\Fichiers communs\Adobe
2009-09-26 19:13:15 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-09-26 19:13:14 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2009-09-26 18:30:31 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-09-25 16:23:55 ----D---- C:\Documents and Settings\Roudoudou\Application Data\Template

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\BHDrvx86.sys [2009-08-26 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\ccHPx86.sys [2009-09-28 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-15 40576]
R1 SaibVd32;Virtual Disk Driver; C:\WINDOWS\System32\Drivers\SaibVd32.sys [2008-12-11 25584]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\NIS\1007020.00B\SRTSPX.SYS [2009-08-26 43696]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMTDI.SYS [2009-08-26 217136]
R1 WmiAcpi;Interface de gestion Microsoft Windows pour ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 AVMPORT;AVMPORT; C:\WINDOWS\System32\drivers\avmport.sys [2000-11-22 59520]
R2 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-15 5888]
R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2009-03-19 113664]
R3 AVMWAN;AVM NDIS WAN CAPI Driver; C:\WINDOWS\system32\DRIVERS\avmwan.sys [2001-08-17 37568]
R3 BCM43XX;Pilote pour carte réseau Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-05-10 1735040]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-15 144384]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-16 5854752]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-03-02 38912]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-30 1550891]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-26 36400]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-01-16 206512]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090916.003\IDSxpx86.sys []
S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-15 60800]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 fus2base;FRITZ!Card USB v2.0; C:\WINDOWS\system32\DRIVERS\fus2base.sys [2001-01-25 517392]
S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091003.020\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091003.020\NAVEX15.SYS []
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-15 61824]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\System32\Drivers\RTS5121.sys [2008-11-22 160256]
S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys []
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-15 79232]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SRTSP.SYS [2009-08-26 308272]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 SYMDNS;SYMDNS; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMDNS.SYS []
S3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMFW.SYS [2009-08-26 89904]
S3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMIDS.SYS [2009-08-26 33072]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-26 36400]
S3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\NIS\1007020.00B\SYMNDIS.SYS [2009-08-26 36400]
S3 SYMREDRV;SYMREDRV; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SYMREDRV.SYS []
S3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys []
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 sr;Pilote de filtre de restauration système; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-15 73600]
S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service; C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [2008-12-11 125424]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BOTService;BOTService; C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [2009-03-19 203248]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-10 152984]
R2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [2009-08-26 117640]
R2 STacSV;Audio Service; c:\program files\idt\wdm\STacSV.exe [2009-03-30 254042]
R2 Weemi Service;Weemi Service; C:\Documents and Settings\All Users\Application Data\Weemi\weemi127.exe [2009-10-21 54624]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-04-16 165192]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-04 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Si quelqu'un peut m'aider à éliminer ces logiciels, je suis preneuse!

Merci d'avance

Publicité
philae
 Posté le 22/10/2009 à 22:38 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grande Maîtresse astucienne

bonsoir, et bienvenue sur PCA Sécurité

le rapport RSIT ne présente à première vue aucune infection

qu'as tu fait d'autre en lisant le sujet de Olam31 ? as tu fait d'autres manips ?

* fait un scan avec

Malwarebyte's (scan rapide)

poste le rapport ici ensuite

nardino
 Posté le 22/10/2009 à 22:50 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonsoir Philae

Voici ce qui a été demandé

https://forum.pcastuces.com/au_secours_eliminer_winferno_et_schredder-f25s50477.htm?page=1&#3523586

Je te laisse continuer.

@+

beilei
 Posté le 22/10/2009 à 22:55 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Nouvelle astucienne

Bonsoir,

Merci pour ton aide.

En fait je me suis retouvée avec Winferno, Playalot et Free Animated Desktop Wallpaper installés en raccourcis sur le bureau et impossibles à supprimer.

Voici le résultat du scan Malwarebytes. (j'ai supprimé ce qui était coché)

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3012
Windows 5.1.2600 Service Pack 3

22/10/2009 22:16:04
mbam-log-2009-10-22 (22-16-04).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 181940
Temps écoulé: 57 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 3
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Weemi (Adware.Weemi) -> Delete on reboot.
C:\Program Files\Weemi\Weemi_deleted0 (Adware.Weemi) -> Delete on reboot.
C:\Program Files\Weemi\Weemi_deleted_ (Adware.Weemi) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Roudoudou\Local Settings\Temp\Rar$EX01.359\keygen\keygen.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Rollback Data\Restore\Archive\c\c\1\Target\RECYCLER\S-1-5-21-2905603912-318205722-1210161166-1006\Dc605\system32\services.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\System Rollback Data\Restore\Archive\c\c\1\Target\RECYCLER\S-1-5-21-2905603912-318205722-1210161166-1006\Dc605\system32\wbem\wmiprvse.exe (Worm.Autorun.B) -> Quarantined and deleted successfully.
C:\Program Files\Weemi\Weemi_deleted0\weemi.dll (Adware.Weemi) -> Delete on reboot.
C:\Program Files\Weemi\Weemi_deleted0\weemi.exe (Adware.Weemi) -> Quarantined and deleted successfully.
C:\Program Files\Weemi\Weemi_deleted_\weemi.dll (Adware.Weemi) -> Quarantined and deleted successfully.
C:\Program Files\Weemi\Weemi_deleted_\weemi.exe (Adware.Weemi) -> Quarantined and deleted successfully.

philae
 Posté le 22/10/2009 à 23:06 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grande Maîtresse astucienne

bonsoir nardino

Bonsoir Philae

Voici ce qui a été demandé

https://forum.pcastuces.com/au_secours_eliminer_winferno_et_schredder-f25s50477.htm?page=1&#3523586

Je te laisse continuer.

je n'avais pas vu que tu avais répondu sur l'autre sujet.

beilei, suis ce que nardino a écrit sur le sujet pour toi.

arcoense
 Posté le 03/11/2009 à 18:49 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Bonsoir j'ai le meme probleme et n'arrive meme pas a suivre vos demarches car je n'arrive meme pas a faire la premiere étape. telecharger RSIT mest impossible comment puis-je faire yaurai-t-il un autre moyen?

merci de vos reponses

philae
 Posté le 03/11/2009 à 21:10 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Grande Maîtresse astucienne

bonsoir et bienvenue sur PCA Sécurité arcoense

il faut que tu te créés un nouveau sujet, afin que l'on puisse t'aider à résoudre le problème.

Page : [1] 
Page 1 sur 1

Vous devez être connecté pour poster des messages. Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !


Sujets relatifs
besoin d'aide pour désinfecter un pc
besoin d'aide pour désinfection d'un pc
besoin d'aide pour peut-être sauver vieux pc
Besoin d'aide pour nettoyer mon PC
Rootkit détecté, besoin d'aide pour nettoyé mon pc
besoin d aide pour désinfection
PC Infecté besoin d'aide pour un rétabliseement
Besoin d'aide pour PC qui rame et Processeur 100%
Besoin d'aide pour nettoyage PC
Besoin d'aide rapide pour PC d'un Proche (pages de pubs)
Plus de sujets relatifs à Besoin d''aide pour éliminer Winferno, Playlotgame
 > Tous les forums > Forum Sécurité