Eloi
Membres-
Compteur de contenus
7 -
Inscription
-
Dernière visite
Autres informations
-
Mes langues
Francais, English, Deutsch, Espanol
Eloi's Achievements
Junior Member (3/12)
0
Réputation sur la communauté
-
Virus Winehl.dll revient à l'ouverture d'ie ou ff [résolu]
Eloi a répondu à un(e) sujet de Eloi dans Analyses et éradication malwares
Ok voici le log: Logfile of random's system information tool 1.06 (written by random/random) Run by Eloi at 2009-05-16 23:58:37 Microsoft Windows XP Professional Service Pack 3 System drive C: has 4 GB (7%) free of 60 GB Total RAM: 2047 MB (70% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:58:49, on 16.05.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ATK0100\HControl.exe C:\Programme\ASUS\ATK Media\DMEDIA.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\oodtray.exe C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Macrium\Reflect\ReflectService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Eloi\Desktop\RSIT.exe C:\Programme\trend micro\Eloi.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.graduate-jobs.com/gj/gjs/js011....amp;jobId=24717 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: OneCard - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programme\Macrium\Reflect\ReflectService.exe -- End of file - 7145 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\User_Feed_Synchronization-{07A27F51-66BE-453D-BD3F-D27E60DECF64}.job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-03-27 1088296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}] ASUS Security Protect Manager - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21 71192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CognizanceTS"=C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll [2003-12-22 17920] "HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-08-23 110592] "ATKMEDIA"=C:\Programme\ASUS\ATK Media\DMEDIA.EXE [2006-05-16 53248] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "SMSERIAL"=C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe [2006-08-07 573440] "SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521] "ATICCC"=C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112] "GrooveMonitor"=C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "Ad-Watch"=C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe [2009-05-04 516440] "OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2008-09-04 2524416] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] "avgnt"=C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Skype"=C:\Programme\Skype\Phone\Skype.exe [2009-03-27 24103720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="APSHook.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-10-24 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard] C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [2007-02-07 74240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli ASWLNPkg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\BitLord\BitLord.exe"="C:\Programme\BitLord\BitLord.exe:*:Enabled:BitLord" "C:\Programme\Pinnacle\Studio 12\Programs\RM.exe"="C:\Programme\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager" "C:\Programme\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Programme\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio" "C:\Programme\Pinnacle\Studio 12\Programs\umi.exe"="C:\Programme\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-05-16 23:58:37 ----D---- C:\rsit 2009-05-16 23:58:37 ----D---- C:\Programme\trend micro 2009-05-13 11:26:16 ----D---- C:\WINDOWS\Internet Logs 2009-05-13 11:13:57 ----D---- C:\Programme\Avira 2009-05-13 11:13:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2009-05-12 12:13:41 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Nero 2009-05-12 11:58:27 ----D---- C:\Programme\Windows Sidebar 2009-05-12 11:48:09 ----D---- C:\Programme\Nero 2009-05-12 11:47:47 ----D---- C:\Programme\Gemeinsame Dateien\Nero 2009-05-12 11:47:47 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nero 2009-05-12 10:42:12 ----D---- C:\WINDOWS\ie8updates 2009-05-12 10:41:40 ----D---- C:\WINDOWS\WBEM 2009-05-12 10:40:15 ----HDC---- C:\WINDOWS\ie8 2009-05-12 10:40:15 ----D---- C:\WINDOWS\system32\en-US 2009-05-12 09:05:35 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\WinRAR 2009-05-11 10:12:32 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\vlc 2009-05-11 10:11:22 ----D---- C:\Programme\VideoLAN 2009-05-10 10:04:18 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\skypePM 2009-05-10 10:03:38 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Skype 2009-05-09 16:30:28 ----D---- C:\Programme\WinSCP 2009-05-07 12:28:37 ----D---- C:\Programme\GPLGS 2009-05-07 12:27:05 ----A---- C:\WINDOWS\system32\cpwmon2k.dll 2009-05-07 12:26:58 ----D---- C:\Programme\Acro Software 2009-05-06 12:48:46 ----A---- C:\WINDOWS\system32\lsdelete.exe 2009-05-06 11:52:16 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Mozilla 2009-05-05 14:46:52 ----D---- C:\Programme\Gemeinsame Dateien\Pegasus Imaging 2009-05-05 12:32:51 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Macromedia 2009-05-05 12:32:40 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Adobe 2009-05-05 12:11:14 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\ATI 2009-05-05 12:10:59 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Identities 2009-05-05 12:10:52 ----ASH---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\desktop.ini 2009-05-05 12:10:51 ----SD---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Microsoft 2009-05-05 00:01:54 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2009-05-05 00:01:38 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2009-05-05 00:01:38 ----D---- C:\Programme\Adobe 2009-05-04 23:59:10 ----D---- C:\Programme\NOS 2009-05-04 23:59:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS 2009-05-04 10:10:47 ----A---- C:\WINDOWS\system32\MRT.exe 2009-05-03 13:45:13 ----D---- C:\Programme\MSXML 4.0 2009-05-02 12:18:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio Ultimate 2009-05-02 12:15:52 ----D---- C:\Programme\Gemeinsame Dateien\Yahoo! 2009-05-02 12:15:51 ----D---- C:\Programme\Pinnacle 2009-05-02 12:15:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Studio 12 2009-05-02 12:15:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio Plus 2009-05-02 12:08:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle 2009-05-02 01:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-05-02 01:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-05-02 01:36:59 ----D---- C:\WINDOWS\system32\KB905474 2009-05-02 01:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$ 2009-05-02 01:36:20 ----D---- C:\Programme\Microsoft CAPICOM 2.1.0.2 2009-05-02 01:36:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-05-02 01:35:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-05-02 01:35:27 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$ 2009-05-02 01:35:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$ 2009-05-02 01:34:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-05-02 01:34:30 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$ 2009-05-02 01:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-05-02 01:34:13 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$ 2009-05-02 01:22:53 ----D---- C:\Programme\BitLord ======List of files/folders modified in the last 1 months====== 2009-05-16 23:58:37 ----RD---- C:\Programme 2009-05-16 23:58:20 ----D---- C:\Programme\Mozilla Firefox 2009-05-16 23:57:48 ----D---- C:\WINDOWS\Temp 2009-05-16 23:57:47 ----D---- C:\WINDOWS 2009-05-16 23:56:38 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-16 23:55:23 ----D---- C:\WINDOWS\Prefetch 2009-05-16 23:55:23 ----D---- C:\WINDOWS\Debug 2009-05-14 14:54:59 ----SHD---- C:\WINDOWS\Installer 2009-05-14 14:54:18 ----D---- C:\WINDOWS\system32 2009-05-14 12:09:53 ----HD---- C:\WINDOWS\inf 2009-05-14 12:09:52 ----D---- C:\WINDOWS\system32\CatRoot2 2009-05-13 11:14:00 ----D---- C:\WINDOWS\system32\drivers 2009-05-12 11:47:47 ----D---- C:\Programme\Gemeinsame Dateien 2009-05-12 11:47:31 ----D---- C:\WINDOWS\system32\DirectX 2009-05-12 11:47:14 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2009-05-12 10:46:51 ----SD---- C:\WINDOWS\Tasks 2009-05-12 10:44:07 ----D---- C:\Programme\Internet Explorer 2009-05-12 10:44:06 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-12 10:44:06 ----D---- C:\WINDOWS\Help 2009-05-12 10:42:06 ----HD---- C:\WINDOWS\$hf_mig$ 2009-05-12 10:41:32 ----D---- C:\WINDOWS\Media 2009-05-06 13:14:10 ----SHD---- C:\RECYCLER 2009-05-05 14:47:28 ----D---- C:\WINDOWS\WinSxS 2009-05-05 12:10:50 ----D---- C:\Dokumente und Einstellungen 2009-05-05 10:48:52 ----D---- C:\WINDOWS\system32\Macromed 2009-05-04 12:16:39 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-05-04 10:55:53 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft 2009-05-04 10:55:35 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-05-02 12:17:34 ----RSD---- C:\WINDOWS\Fonts 2009-05-02 10:22:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-05-02 10:17:10 ----D---- C:\WINDOWS\system32\wbem 2009-05-02 10:17:10 ----D---- C:\WINDOWS\AppPatch 2009-05-02 01:36:01 ----D---- C:\WINDOWS\system32\CatRoot 2009-05-02 01:35:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2009-05-02 01:27:25 ----D---- C:\WINDOWS\system32\oodag ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 ItSDisk;ItSDisk; C:\WINDOWS\System32\Drivers\ItSDisk.sys [2006-05-17 23496] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-10-24 1777664] R3 avgntflt;avgntflt; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys [] R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024] R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632] R3 NETw3x32;Intel® PRO/Wireless 3945ABG Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-10-17 1711104] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-08-07 980608] R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-03-22 10220032] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 sffdisk;SFF-Speicherklassentreiber; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904] S3 sffp_sd;SFF-Speicherprotokolltreiber für SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865] R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297] R2 ASBroker;Anmeldesitzungsbroker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 ASChannel;Lokaler Verbindungskanal; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-10-24 430080] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2009-05-04 953168] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe [2008-09-29 935208] R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-09-04 1295616] R2 ReflectService;Macrium Reflect Image Mounting Service; C:\Programme\Macrium\Reflect\ReflectService.exe [2008-08-06 216032] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- Eloi -
Virus Winehl.dll revient à l'ouverture d'ie ou ff [résolu]
Eloi a répondu à un(e) sujet de Eloi dans Analyses et éradication malwares
Salut et merci pour tes conseils... Comme tu me l'as proposé, j'ai changé mon antivirus pour Antivir... Voici le rapport: Avira AntiVir Personal Date de création du fichier de rapport : Mittwoch, 13. Mai 2009 11:40 La recherche porte sur 1391383 souches de virus. Détenteur de la licence :Avira AntiVir PersonalEdition Classic Numéro de série : 0000149996-ADJIE-0001 Plateforme : Windows XP Version de Windows :(Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur :NETTI Informations de version : BUILD.DAT : 8.2.0.53 17752 Bytes 23.03.2009 13:45:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 18.11.2008 07:21:00 AVSCAN.DLL : 8.1.4.1 49921 Bytes 21.07.2008 12:44:27 LUKE.DLL : 8.1.4.5 164097 Bytes 12.06.2008 11:44:16 LUKERES.DLL : 8.1.4.0 13057 Bytes 04.07.2008 06:30:27 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27.10.2008 10:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11.02.2009 09:15:01 ANTIVIR2.VDF : 7.1.3.185 2010112 Bytes 12.05.2009 09:15:08 ANTIVIR3.VDF : 7.1.3.195 51200 Bytes 13.05.2009 09:15:08 Version du moteur: 8.2.0.166 AEVDF.DLL : 8.1.1.1 106868 Bytes 13.05.2009 09:15:17 AESCRIPT.DLL : 8.1.1.81 385401 Bytes 13.05.2009 09:15:16 AESCN.DLL : 8.1.1.10 127348 Bytes 13.05.2009 09:15:15 AERDL.DLL : 8.1.1.3 438645 Bytes 04.11.2008 12:58:38 AEPACK.DLL : 8.1.3.16 397686 Bytes 13.05.2009 09:15:15 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 13.05.2009 09:15:14 AEHEUR.DLL : 8.1.0.128 1757559 Bytes 13.05.2009 09:15:13 AEHELP.DLL : 8.1.2.2 119158 Bytes 13.05.2009 09:15:11 AEGEN.DLL : 8.1.1.42 348531 Bytes 13.05.2009 09:15:10 AEEMU.DLL : 8.1.0.9 393588 Bytes 14.10.2008 09:05:56 AECORE.DLL : 8.1.6.9 176500 Bytes 13.05.2009 09:15:09 AEBB.DLL : 8.1.0.3 53618 Bytes 14.10.2008 09:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09.07.2008 07:40:02 AVPREF.DLL : 8.0.2.0 38657 Bytes 16.05.2008 08:27:58 AVREP.DLL : 8.0.0.3 155688 Bytes 13.05.2009 09:15:09 AVREG.DLL : 8.0.0.1 33537 Bytes 09.05.2008 10:26:37 AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 07:29:19 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12.06.2008 11:27:46 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 16:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12.06.2008 11:49:36 NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 11:05:07 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04.07.2008 06:23:16 RCTEXT.DLL : 8.0.52.1 86273 Bytes 17.07.2008 09:08:43 Configuration pour la recherche actuelle : Nom de la tâche..................: Contrôle intégral du système Fichier de configuration.........: c:\programme\avira\antivir personaledition classic\sysscan.avp Documentation....................: bas Action principale................: interactif Action secondaire................: ignorer Recherche sur les secteurs d'amorçage maître: marche Recherche sur les secteurs d'amorçage: marche Secteurs d'amorçage..............: C:, D:, Recherche dans les programmes actifs: marche Recherche en cours sur l'enregistrement: marche Recherche de Rootkits............: marche Fichier mode de recherche........: Sélection de fichiers intelligente Recherche sur les archives.......: marche Limiter la profondeur de récursivité: 20 Archive Smart Extensions.........: marche Types d'archives divergents......: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Heuristique de macrovirus........: marche Heuristique fichier..............: moyen Catégories de dangers divergentes: +APPL,+GAME,+JOKE,+PCK,+SPR, Début de la recherche : Mittwoch, 13. Mai 2009 11:40 La recherche d'objets cachés commence. '45033' objets ont été contrôlés, '0' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'skypePM.exe' - '1' module(s) sont contrôlés Processus de recherche 'CLI.exe' - '1' module(s) sont contrôlés Processus de recherche 'CLI.exe' - '1' module(s) sont contrôlés Processus de recherche 'ATKOSD.exe' - '1' module(s) sont contrôlés Processus de recherche 'Skype.exe' - '1' module(s) sont contrôlés Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'reader_sl.exe' - '1' module(s) sont contrôlés Processus de recherche 'CLI.exe' - '1' module(s) sont contrôlés Processus de recherche 'oodtray.exe' - '1' module(s) sont contrôlés Processus de recherche 'AAWTray.exe' - '1' module(s) sont contrôlés Processus de recherche 'GrooveMonitor.exe' - '1' module(s) sont contrôlés Processus de recherche 'SynTPEnh.exe' - '1' module(s) sont contrôlés Processus de recherche 'sm56hlpr.exe' - '1' module(s) sont contrôlés Processus de recherche 'RTHDCPL.exe' - '1' module(s) sont contrôlés Processus de recherche 'DMedia.exe' - '1' module(s) sont contrôlés Processus de recherche 'HControl.exe' - '1' module(s) sont contrôlés Processus de recherche 'scardsvr.exe' - '1' module(s) sont contrôlés Processus de recherche 'asghost.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés Processus de recherche 'wmiprvse.exe' - '1' module(s) sont contrôlés Processus de recherche 'unsecapp.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'wdfmgr.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'ReflectService.exe' - '1' module(s) sont contrôlés Processus de recherche 'oodag.exe' - '1' module(s) sont contrôlés Processus de recherche 'NBService.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés Processus de recherche 'AAWService.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'ati2evxx.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '49' processus ont été contrôlés avec '49' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! Secteur d'amorçage 'D:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence. Le registre a été contrôlé ( '66' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' <System> C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! C:\Dokumente und Einstellungen\Eloi\Desktop\Eloi\COURS\4ème année\Semestre 1\Marketing\Cours London.rar [RESULTAT] Contient le cheval de Troie TR/Agent.mcv.16 C:\Dokumente und Einstellungen\Eloi\Desktop\Eloi\COURS\4ème année\Semestre 1\Marketing\Cours London.rar [0] Type d'archive: RAR --> setup.exe [RESULTAT] Contient le cheval de Troie TR/Agent.mcv.16 [AVERTISSEMENT] Erreur lors de la création d'une copie de sécurité du fichier. Le fichier n'a pas été supprimé. Code d'erreur : 26004 [AVERTISSEMENT] Impossible de trouver le fichier source. [REMARQUE] Tentative en cours d'exécuter l'action à l'aide de la bibliothèque ARK. [AVERTISSEMENT] Erreur dans la bibliothèque ARK [REMARQUE] Le fichier a été repéré pour une suppression après un redémarrage. C:\System Volume Information\_restore{17393DF3-D603-4060-87DE-359BC4F351A3}\RP14\A0000595.exe [RESULTAT] Contient le cheval de Troie TR/Drop.Joos.B [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a3abcf6.qua' ! C:\System Volume Information\_restore{17393DF3-D603-4060-87DE-359BC4F351A3}\RP23\A0002674.dll [RESULTAT] Contient le cheval de Troie TR/PSW.Agent.mrh [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a3abd29.qua' ! C:\System Volume Information\_restore{17393DF3-D603-4060-87DE-359BC4F351A3}\RP26\A0002778.dll [RESULTAT] Contient le cheval de Troie TR/PSW.Agent.mrh [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a3abd32.qua' ! C:\System Volume Information\_restore{17393DF3-D603-4060-87DE-359BC4F351A3}\RP27\A0003826.sys [0] Type d'archive: OVL --> Object [RESULTAT] Contient le cheval de Troie TR/PSW.Agent.mrh [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a3abd44.qua' ! Recherche débutant dans 'D:\' <Data> D:\desktop\Eloi\COURS\4ème année\Semestre 1\Marketing\Cours London.rar [RESULTAT] Contient le cheval de Troie TR/Agent.mcv.16 D:\desktop\Eloi\COURS\4ème année\Semestre 1\Marketing\Cours London.rar [0] Type d'archive: RAR --> setup.exe [RESULTAT] Contient le cheval de Troie TR/Agent.mcv.16 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a7fbf02.qua' ! D:\desktop\Eloi\COURS\4ème année\Semestre 1\Marketing\Courses France.rar [0] Type d'archive: RAR --> setup.exe [RESULTAT] Contient le cheval de Troie TR/Agent.mcv.16 [RESULTAT] Contient le cheval de Troie TR/Agent.mcv.16 [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a7fbf07.qua' ! D:\Eigene Dateien\Desktop\800 Thème Windows Xp ,Theme, Style ,Fond, Son, Par Kordman.rar [0] Type d'archive: RAR --> 800 Thハme Windows Xp ,Theme, Style ,Fond, Son, Par Kordman\Resources\Themes\TomTom\TOMTOMOS-Install.zip [1] Type d'archive: ZIP --> TOMTOMOS-Install/6-Views/Views.zip [2] Type d'archive: ZIP --> Views/viewgui.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.ULPM.Gen --> Views/views.zip [3] Type d'archive: ZIP --> views.exe [RESULTAT] Contient le cheval de Troie TR/Crypt.ULPM.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a3abf2f.qua' ! D:\RECYCLER\S-1-9-94-100017701-100032201-100020243-3917.com [RESULTAT] Contient le cheval de Troie TR/Alureon.35840J [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a3bc088.qua' ! D:\System Volume Information\_restore{17393DF3-D603-4060-87DE-359BC4F351A3}\RP73\A0004351.com [RESULTAT] Contient le cheval de Troie TR/Alureon.35840J [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a3ac0d4.qua' ! Fin de la recherche : Mittwoch, 13. Mai 2009 14:44 Temps nécessaire: 3:03:36 Heure(s) La recherche a été effectuée intégralement 5081 Les répertoires ont été contrôlés 231521 Des fichiers ont été contrôlés 14 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 9 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 1 Impossible de contrôler des fichiers 231506 Fichiers non infectés 3686 Les archives ont été contrôlées 2 Avertissements 10 Consignes 45033 Des objets ont été contrôlés lors du Rootkitscan 0 Des objets cachés ont été trouvés Merci encore! Eloi -
Virus Winehl.dll revient à l'ouverture d'ie ou ff [résolu]
Eloi a répondu à un(e) sujet de Eloi dans Analyses et éradication malwares
J'ai fait la manip et j'ai effectivement dut redémarrer l'ordi... Voici le rapport: Error: Unable to interpret <:first> in the current context! ========== PROCESSES ========== Process explorer.exe killed successfully. ========== SERVICES/DRIVERS ========== Service\Driver winevk not found. Service\Driver winevk not found. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ deleted successfully. Registry key HKEY_CLASSES_ROOT\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\\ not found. ========== FILES ========== File/Folder C:\WINDOWS\system32\drivers\winevk.sys not found. File/Folder C:\WINDOWS\system32\winehl.dll not found. ========== COMMANDS ========== File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\etilqs_eLLB8PMqKhX4GMXkECPy scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\etilqs_HI2zyV0Nr2kOT9bXM0Cz scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla12.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla13.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla14.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla15.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla16.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF19.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF421.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF44B.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF6D32.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF6D4B.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF6E22.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF6E3A.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFBE83.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFBEA5.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFE036.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFE059.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFE08D.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFE0A2.tmp scheduled to be deleted on reboot. File delete failed. C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFFFF0.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Internet Explorer cache folder emptied. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{2A87D867-2ACC-4D24-8D16-6E1744CABA5E}.tmp scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{3798F6B8-46CC-44C7-A117-4F58CB51FC46}.tmp scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{5331A55C-933B-420A-BB39-5403A3BFF94D}.tmp scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{61CEE4DD-B347-4675-A3B2-30ACE19C4070}.tmp scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{9AB80365-6B54-4BE2-97CD-CDA73755DC74}.tmp scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{FFFD3B41-1FAD-46CA-B16D-05465285E8FC}.tmp scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\ctrl_tree[1].htc scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\ctrl_view[1].htc scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\members[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\rectangle_300x250[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\RE_%20Ucas%20points-2[2].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\virus-winehldll-revient-a-l-ouverture-d-ie-ou-ff-apres-chaque-t162675[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\welcome[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\728x300_MFPS[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\ads[6].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\ban_728x90[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\Boîte%20de%20réception[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\Eloi[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\onlinemembers1a[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4HEB056Z\AP_ADV_300x250[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4HEB056Z\myfreePaysite[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\ADSAdClient31[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\ads[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\AP_ADV_728x90[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\ctrl_notify[1].htc scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\de[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\google_de[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\hp[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\iframe[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\virus-winehldll-revient-a-l-ouverture-d-ie-ou-ff-apres-chaque-t162675[1].htm scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. File delete failed. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be deleted on reboot. User's Temporary Internet Files folder emptied. File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_750.dat scheduled to be deleted on reboot. Windows Temp folder emptied. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05122009_144825 Files moved on Reboot... File C:\DOKUME~1\Eloi\LOKALE~1\Temp\etilqs_eLLB8PMqKhX4GMXkECPy not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\etilqs_HI2zyV0Nr2kOT9bXM0Cz not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla12.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla13.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla14.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla15.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\fla16.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF19.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF421.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF44B.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF6D32.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF6D4B.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF6E22.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DF6E3A.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFBE83.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFBEA5.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFE036.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFE059.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFE08D.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFE0A2.tmp not found! File C:\DOKUME~1\Eloi\LOKALE~1\Temp\~DFFFF0.tmp not found! File C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{2A87D867-2ACC-4D24-8D16-6E1744CABA5E}.tmp not found! File C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{3798F6B8-46CC-44C7-A117-4F58CB51FC46}.tmp not found! File C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{5331A55C-933B-420A-BB39-5403A3BFF94D}.tmp not found! File C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{61CEE4DD-B347-4675-A3B2-30ACE19C4070}.tmp not found! File C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{9AB80365-6B54-4BE2-97CD-CDA73755DC74}.tmp not found! File C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.Word\~WRS{FFFD3B41-1FAD-46CA-B16D-05465285E8FC}.tmp not found! C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\ctrl_tree[1].htc moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\ctrl_view[1].htc moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\members[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\rectangle_300x250[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\RE_%20Ucas%20points-2[2].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\virus-winehldll-revient-a-l-ouverture-d-ie-ou-ff-apres-chaque-t162675[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKNEDUD3\welcome[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\728x300_MFPS[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\ads[6].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\ban_728x90[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\Boîte%20de%20réception[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\Eloi[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WLAZCPER\onlinemembers1a[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4HEB056Z\AP_ADV_300x250[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4HEB056Z\myfreePaysite[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\ADSAdClient31[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\ads[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\AP_ADV_728x90[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\ctrl_notify[1].htc moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\de[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\google_de[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\hp[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\iframe[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4D2F4H67\virus-winehldll-revient-a-l-ouverture-d-ie-ou-ff-apres-chaque-t162675[1].htm moved successfully. C:\Dokumente und Einstellungen\Eloi\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. C:\WINDOWS\temp\Perflib_Perfdata_750.dat moved successfully. Merci Eloi -
Virus Winehl.dll revient à l'ouverture d'ie ou ff [résolu]
Eloi a répondu à un(e) sujet de Eloi dans Analyses et éradication malwares
Salut, J'ai fait ce que tu m'as demandé mais, pour les deux fichiers, un message apparait me disant qu'il sont introuvables... C'est peut-etre dut au fait que je les ai mis en quarantaine via Avast... Que puis-je faire pour les retrouver et les analyser sur VirusTotal ? Eloi -
Virus Winehl.dll revient à l'ouverture d'ie ou ff [résolu]
Eloi a répondu à un(e) sujet de Eloi dans Analyses et éradication malwares
Merci beaucoup pour ta réponse. En voulant envoyer "C:\WINDOWS\system32\drivers\winevk.sys" sur virus total, Avast m'averti que c'est un ver... Je l'ai mis en quarantaine et plus moyen de finir la manipulation; idem pour winehl.dll Je decide donc de redémmarer le PC et là, à l'ouverture de Firefox avast ne détecte plus de virus... Serait-il éradiqué? Merci Eloi -
Virus Winehl.dll revient à l'ouverture d'ie ou ff [résolu]
Eloi a répondu à un(e) sujet de Eloi dans Analyses et éradication malwares
Bonjour et merci pour ta réponse. Voici les copies des fichiers obtenus: Logfile of random's system information tool 1.06 (written by random/random) Run by Eloi at 2009-05-11 17:14:18 Microsoft Windows XP Professional Service Pack 3 System drive C: has 6 GB (10%) free of 60 GB Total RAM: 2047 MB (69% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:14:21, on 11.05.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\ATK0100\HControl.exe C:\Programme\ASUS\ATK Media\DMEDIA.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\oodtray.exe C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Macrium\Reflect\ReflectService.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Eloi\Desktop\RSIT.exe C:\Dokumente und Einstellungen\Jeannette\Desktop\Eloi.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.graduate-jobs.com/gj/gjs/js011....amp;jobId=24717 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: OneCard - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programme\Macrium\Reflect\ReflectService.exe -- End of file - 6722 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\tasks\WGASetup.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] Skype add-on (mastermind) - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-03-27 1088296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Live Anmelde-Hilfsprogramm - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}] ASUS Security Protect Manager - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll [2006-11-21 71192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000] "CognizanceTS"=C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll [2003-12-22 17920] "HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-08-23 110592] "ATKMEDIA"=C:\Programme\ASUS\ATK Media\DMEDIA.EXE [2006-05-16 53248] "RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-07-21 16261632] "SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488] "Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632] "SMSERIAL"=C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe [2006-08-07 573440] "SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521] "ATICCC"=C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe [2006-05-10 90112] "GrooveMonitor"=C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016] "Ad-Watch"=C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe [2009-05-04 516440] "OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2008-09-04 2524416] "Adobe Reader Speed Launcher"=C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "Skype"=C:\Programme\Skype\Phone\Skype.exe [2009-03-27 24103720] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="APSHook.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2006-10-24 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard] C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll [2007-02-07 74240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli ASWLNPkg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Programme\Microsoft Office\Office12\GROOVE.EXE"="C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove" "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Programme\BitLord\BitLord.exe"="C:\Programme\BitLord\BitLord.exe:*:Enabled:BitLord" "C:\Programme\Pinnacle\Studio 12\Programs\RM.exe"="C:\Programme\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager" "C:\Programme\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Programme\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio" "C:\Programme\Pinnacle\Studio 12\Programs\umi.exe"="C:\Programme\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\Windows Live\Messenger\wlcsdk.exe"="C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Programme\Windows Live\Messenger\msnmsgr.exe"="C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-05-11 17:05:15 ----D---- C:\rsit 2009-05-11 10:12:32 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\vlc 2009-05-11 10:11:22 ----D---- C:\Programme\VideoLAN 2009-05-10 10:04:18 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\skypePM 2009-05-10 10:03:38 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Skype 2009-05-09 16:30:28 ----D---- C:\Programme\WinSCP 2009-05-09 10:58:40 ----D---- C:\videodvdmaker 2009-05-07 12:28:37 ----D---- C:\Programme\GPLGS 2009-05-07 12:27:05 ----A---- C:\WINDOWS\system32\cpwmon2k.dll 2009-05-07 12:26:58 ----D---- C:\Programme\Acro Software 2009-05-06 12:48:46 ----A---- C:\WINDOWS\system32\lsdelete.exe 2009-05-06 11:52:16 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Mozilla 2009-05-05 14:46:52 ----D---- C:\Programme\Gemeinsame Dateien\Pegasus Imaging 2009-05-05 12:32:51 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Macromedia 2009-05-05 12:32:40 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Adobe 2009-05-05 12:11:14 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\ATI 2009-05-05 12:10:59 ----D---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Identities 2009-05-05 12:10:52 ----ASH---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\desktop.ini 2009-05-05 12:10:51 ----SD---- C:\Dokumente und Einstellungen\Eloi\Anwendungsdaten\Microsoft 2009-05-05 00:01:54 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2009-05-05 00:01:38 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2009-05-05 00:01:38 ----D---- C:\Programme\Adobe 2009-05-04 23:59:10 ----D---- C:\Programme\NOS 2009-05-04 23:59:10 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS 2009-05-04 10:10:47 ----A---- C:\WINDOWS\system32\MRT.exe 2009-05-03 13:45:13 ----D---- C:\Programme\MSXML 4.0 2009-05-02 12:18:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio Ultimate 2009-05-02 12:15:52 ----D---- C:\Programme\Gemeinsame Dateien\Yahoo! 2009-05-02 12:15:51 ----D---- C:\Programme\Pinnacle 2009-05-02 12:15:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Studio 12 2009-05-02 12:15:51 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio Plus 2009-05-02 12:08:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle 2009-05-02 01:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-05-02 01:37:00 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$ 2009-05-02 01:36:59 ----D---- C:\WINDOWS\system32\KB905474 2009-05-02 01:36:22 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$ 2009-05-02 01:36:20 ----D---- C:\Programme\Microsoft CAPICOM 2.1.0.2 2009-05-02 01:36:07 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-05-02 01:35:59 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-05-02 01:35:27 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$ 2009-05-02 01:35:17 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$ 2009-05-02 01:34:39 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-05-02 01:34:30 ----HDC---- C:\WINDOWS\$NtUninstallKB963027$ 2009-05-02 01:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-05-02 01:34:13 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$ 2009-05-02 01:22:53 ----D---- C:\Programme\BitLord ======List of files/folders modified in the last 1 months====== 2009-05-11 17:13:39 ----D---- C:\WINDOWS\Prefetch 2009-05-11 17:11:42 ----D---- C:\WINDOWS\Temp 2009-05-11 17:11:14 ----D---- C:\Programme\Mozilla Firefox 2009-05-11 17:11:12 ----D---- C:\WINDOWS\system32 2009-05-11 17:11:04 ----D---- C:\WINDOWS\system32\CatRoot2 2009-05-11 17:09:56 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-05-11 10:11:22 ----RD---- C:\Programme 2009-05-11 10:07:14 ----D---- C:\WINDOWS 2009-05-10 10:03:36 ----SHD---- C:\WINDOWS\Installer 2009-05-08 17:23:40 ----HD---- C:\WINDOWS\inf 2009-05-06 13:14:10 ----SHD---- C:\RECYCLER 2009-05-06 13:12:43 ----SD---- C:\WINDOWS\Tasks 2009-05-05 14:47:28 ----D---- C:\WINDOWS\WinSxS 2009-05-05 14:46:52 ----D---- C:\Programme\Gemeinsame Dateien 2009-05-05 12:10:50 ----D---- C:\Dokumente und Einstellungen 2009-05-05 10:48:52 ----D---- C:\WINDOWS\system32\Macromed 2009-05-04 12:16:40 ----D---- C:\WINDOWS\system32\drivers 2009-05-04 12:16:39 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-05-04 10:57:39 ----D---- C:\WINDOWS\Debug 2009-05-04 10:55:53 ----SD---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft 2009-05-04 10:55:35 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-05-02 12:17:34 ----RSD---- C:\WINDOWS\Fonts 2009-05-02 10:22:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-05-02 10:17:10 ----D---- C:\WINDOWS\system32\wbem 2009-05-02 10:17:10 ----D---- C:\WINDOWS\AppPatch 2009-05-02 01:37:07 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-05-02 01:36:05 ----HD---- C:\WINDOWS\$hf_mig$ 2009-05-02 01:36:01 ----D---- C:\WINDOWS\system32\CatRoot 2009-05-02 01:35:57 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2009-05-02 01:27:25 ----D---- C:\WINDOWS\system32\oodag ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944] R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376] R1 intelppm;Intel-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40448] R1 ItSDisk;ItSDisk; C:\WINDOWS\System32\Drivers\ItSDisk.sys [2006-05-17 23496] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268] R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032] R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-10-24 1777664] R3 CmBatt;Microsoft-Netzteiltreiber; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952] R3 HDAudBus;Microsoft UAA-Bustreiber für High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-07-24 4353024] R3 MODEMCSA;Unimodem-Datenstromfiltergerät; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128] R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632] R3 NETw3x32;Intel® PRO/Wireless 3945ABG Adaptertreiber für Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-10-17 1711104] R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824] R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976] R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232] R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-08-07 980608] R3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-03-22 10220032] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088] R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208] R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520] R3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608] S1 winevk;winevk; \??\C:\WINDOWS\system32\drivers\winevk.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880] S3 sffdisk;SFF-Speicherklassentreiber; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904] S3 sffp_sd;SFF-Speicherprotokolltreiber für SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232] S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 ASBroker;Anmeldesitzungsbroker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 ASChannel;Lokaler Verbindungskanal; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Programme\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-10-24 430080] R2 avast! Antivirus;avast! Antivirus; C:\Programme\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\AAWService.exe [2009-05-04 953168] R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2008-09-04 1295616] R2 ReflectService;Macrium Reflect Image Mounting Service; C:\Programme\Macrium\Reflect\ReflectService.exe [2008-08-06 216032] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Programme\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Programme\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824] S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2009-05-11 17:14:22 ======Uninstall list====== -->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {926CC8AE-8414-43DF-8EB4-CF26D9C3C663} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware-->"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE Ad-Aware-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A91000000001} Archiveur WinRAR-->C:\Programme\WinRAR\uninstall.exe ASUS Security Protect Manager-->rundll32.exe "C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\SetupHelper.dll",ExecMain /Uninstall {D8D4AF9A-6ADE-4B14-A7F5-BA858792729E} ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe ATI Catalyst Control Center-->MsiExec.exe /I{51B2C211-71AD-46A4-83B8-7D15015212E8} ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7} ATK Media-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\Setup.exe" -l0x9 ATK0100 ACPI UTILITY-->C:\WINDOWS\ATK0100\XPunin.exe AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{2E5F8579-12A8-4169-A3EC-688EC7004A00} avast! Antivirus-->C:\Programme\Alwil Software\Avast4\aswRunDll.exe "C:\Programme\Alwil Software\Avast4\Setup\setiface.dll",RunSetup BitLord 1.1-->C:\Programme\BitLord\uninst.exe CCleaner (remove only)-->"C:\Programme\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} CutePDF Writer 2.7-->C:\Programme\Acro Software\CutePDF Writer\uninscpw.exe HijackThis 2.0.2-->"C:\Dokumente und Einstellungen\Jeannette\Desktop\HijackThis.exe" /uninstall Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Macrium Reflect - Free Edition-->MsiExec.exe /I{3BAD2D97-4900-4014-A2F5-B549802CEEE2} Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0407-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Motorola SM56 Speakerphone Modem-->rundll32.exe sm56coin.dll,SM56UnInstaller Mozilla Firefox (3.0.10)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} O&O Defrag Professional Edition-->MsiExec.exe /I{E6CB18CD-04EF-4C6A-A5F3-5F49E7332895} Pinnacle Studio 12-->MsiExec.exe /I{D041EB9E-890A-4098-8F94-51DA194AC72A} PowerISO-->"C:\Programme\PowerISO\uninstall.exe" Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly REALTEK PCIE NIC Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{17E2F183-BAC4-4D01-BD7A-59F781E17EFA}\Setup.exe" -l0x7 REMOVE Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Sicherheitsupdate für Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe" Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D} Synaptics Pointing Device Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D} Update für Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update für Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe" Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" USB2.0 1.3M WebCam-->C:\WINDOWS\UninstIt.exe C:\WINDOWS\ASUSCAM.ini Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" VLC media player 0.9.9-->C:\Programme\VideoLAN\VLC\uninstall.exe Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4} Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Essentials-->C:\Programme\Windows Live\Installer\wlarp.exe Windows Live Essentials-->MsiExec.exe /I{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19} Windows Live Messenger-->MsiExec.exe /X{837B6259-6FF5-4E66-87C1-A5A15ED36FF4} Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player 10-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall WinSCP 4.2.1 beta-->"C:\Programme\WinSCP\unins000.exe" ======Security center information====== AV: avast! antivirus 4.8.1335 [VPS 090510-0] ======System event log====== Computer Name: NETTI Event Code: 15007 Message: Die von URL-Präfix "http://*:2869/" identifizierte Namespacereservierung wurde erfolgreich hinzugefügt. Record Number: 5 Source Name: HTTP Time Written: 20090403004431.000000+120 Event Type: Informationen User: Computer Name: NETTI Event Code: 3260 Message: Dieser Computer wurde erfolgreich "workgroup" hinzugefügt: "ARBEITSGRUPPE". Record Number: 4 Source Name: Workstation Time Written: 20090403004023.000000+120 Event Type: Informationen User: Computer Name: NETTI Event Code: 6011 Message: Der NetBIOS-Name und DNS-Hostname dieses Computers wurden von MACHINENAME in NETTI geändert. Record Number: 3 Source Name: EventLog Time Written: 20090403003859.000000+120 Event Type: Informationen User: Computer Name: MACHINENAME Event Code: 6005 Message: Der Ereignisprotokolldienst wurde gestartet. Record Number: 2 Source Name: EventLog Time Written: 20090403012937.000000+120 Event Type: Informationen User: Computer Name: MACHINENAME Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 3 Multiprocessor Free. Record Number: 1 Source Name: EventLog Time Written: 20090403012937.000000+120 Event Type: Informationen User: =====Application event log===== Computer Name: NETTI Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst MSDTC (MSDTC) wurden geladen. Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte. Record Number: 5 Source Name: LoadPerf Time Written: 20090403004150.000000+120 Event Type: Informationen User: Computer Name: NETTI Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst TermService (Terminaldienste) wurden geladen. Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte. Record Number: 4 Source Name: LoadPerf Time Written: 20090403004147.000000+120 Event Type: Informationen User: Computer Name: NETTI Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst RemoteAccess (Routing und RAS) wurden geladen. Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte. Record Number: 3 Source Name: LoadPerf Time Written: 20090403003942.000000+120 Event Type: Informationen User: Computer Name: NETTI Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst PSched (PSched) wurden geladen. Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte. Record Number: 2 Source Name: LoadPerf Time Written: 20090403003912.000000+120 Event Type: Informationen User: Computer Name: NETTI Event Code: 1000 Message: Die Leistungsindikatoren für den Dienst RSVP (QoS-RSVP) wurden geladen. Die Daten enthalten die dem Dienst zugeordneten neuen Indexwerte. Record Number: 1 Source Name: LoadPerf Time Written: 20090403003911.000000+120 Event Type: Informationen User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\ASUS Security Center\ASUS Security Protect Manager\bin;C:\Programme\ATI Technologies\ATI.ACE\;C:\Programme\Pinnacle\Shared Files\;C:\Programme\Pinnacle\Shared Files\Filter\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel "PROCESSOR_REVISION"=0e0c "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- Avec mes remerciements Eloi -
Virus Winehl.dll revient à l'ouverture d'ie ou ff [résolu]
Eloi a posté un sujet dans Analyses et éradication malwares
Bonjour, Après chaque redemarrage de mon orginateur, à l'ouverture d'internet explorer ou de firefox, Avast détecte un virus: C:\WINDOWS\system32\winehl.dll Ci-dessous, le rapport HighjackThis Merci infiniment pour votre aide. Eloi Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:23:01, on 05.05.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programme\Lavasoft\Ad-Aware\AAWService.exe C:\Programme\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\ATK0100\HControl.exe C:\Programme\ASUS\ATK Media\DMEDIA.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\ATI Technologies\ATI.ACE\CLI.EXE C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\oodtray.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Skype\Phone\Skype.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Programme\Skype\Plugin Manager\skypePM.exe C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Macrium\Reflect\ReflectService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Alwil Software\Avast4\ashMaiSv.exe C:\Programme\Alwil Software\Avast4\ashWebSv.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\ATI Technologies\ATI.ACE\cli.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe C:\Dokumente und Einstellungen\Jeannette\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmx.net/de/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.avast.com/go.php?verb=register-home&lang=fre O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Programme\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [sMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programme\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: APSHook.dll O20 - Winlogon Notify: OneCard - C:\Programme\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programme\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Macrium Reflect Image Mounting Service (ReflectService) - Unknown owner - C:\Programme\Macrium\Reflect\ReflectService.exe -- End of file - 6693 bytes