Mariooo57
-
Compteur de contenus
24 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Mariooo57
-
[Résolu] PC doublement infecté
Mariooo57 a répondu à un(e) sujet de Mariooo57 dans Analyses et éradication malwares
Rapport de DelFix : # DelFix v8.0 - Rapport créé le 05/06/2011 à 17:30 # Mis à jour le 01/06/11 à 13h par Xplode # Système d'exploitation : Microsoft Windows XP (32 bits) [version 5.1.2600] Service Pack 3 # Nom d'utilisateur : Flo & Alex - KLEIN-64DE5BBD8 (Administrateur) # Exécuté depuis : C:\Documents and Settings\Flo & Alex\Mes documents\Downloads\delfix.exe # Option [suppression] ~~~~~~ Dossier(s) ~~~~~~ Supprimé : C:\_OTM Supprimé : C:\tdsskiller Supprimé : C:\USBFix Supprimé : C:\Program Files\ZHPDiag Supprimé : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP ~~~~~~ Fichier(s) ~~~~~~ Supprimé : C:\JavaRa.log Supprimé : C:\PhysicalDisk0_MBR.bin Supprimé : C:\TDSSKiller.2.5.3.0_04.06.2011_11.10.55_log.txt Supprimé : C:\UsbFix.txt Supprimé : C:\UsbFix_Upload_Me_KLEIN-64DE5BBD8.zip Supprimé : C:\ZHPExportRegistry-04-06-2011-17-43-15.txt Supprimé : C:\ZHPExportRegistry-04-06-2011-18-11-16.txt Supprimé : C:\ZHPExportRegistry-04-06-2011-18-11-17.txt Supprimé : C:\ZHPExportRegistry-04-06-2011-18-12-15.txt Supprimé : C:\ZHPExportRegistry-04-06-2011-18-12-16.txt Supprimé : C:\ZHPExportRegistry-05-06-2011-14-19-35.txt Supprimé : C:\Documents and Settings\Flo & Alex\Bureau\ZHPDiag.txt Supprimé : C:\Documents and Settings\Flo & Alex\Bureau\ZHPFixReport.txt Supprimé : C:\Documents and Settings\All Users\Bureau\MBRCheck.lnk Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPDiag.lnk Supprimé : C:\Documents and Settings\All Users\Bureau\ZHPFix.lnk Supprimé : C:\Documents and Settings\Flo & Alex\Mes documents\Downloads\HiJackThis.exe Supprimé : C:\Documents and Settings\Flo & Alex\Mes documents\Downloads\Load_tdsskiller.exe Supprimé : C:\Documents and Settings\Flo & Alex\Mes documents\Downloads\OTM.exe Supprimé : C:\Documents and Settings\Flo & Alex\Mes documents\Downloads\TFC.exe ~~~~~~ Registre ~~~~~~ Clé Supprimée : HKCU\SOFTWARE\USBFix Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\ZHP Clé Supprimée : HKLM\Software\OldTimer Tools Clé Supprimée : HKLM\Software\TrendMicro\Hijackthis Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USBFix Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1 Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe ~~~~~~ Autre ~~~~~~ -> Prefetch vidé ########## EOF - "C:\DelFixSuppr.txt" - [2617 octets] ########## Merci beaucoup pour votre aide ! Je mets le premier post en résolu -
[Résolu] PC doublement infecté
Mariooo57 a répondu à un(e) sujet de Mariooo57 dans Analyses et éradication malwares
Rapport de ZHPFix : Rapport de ZHPFix 1.12.3295 par Nicolas Coolman, Update du 03/06/2011 Fichier d'export Registre : Run by Flo & Alex at 05/06/2011 14:19:35 Windows XP Home Edition Service Pack 3 (Build 2600) Web site : ZHPFix Fix de rapport ========== Clé(s) du Registre ========== SUPPRIME Partiel: O42 - Logiciel: Java 6 Update 14 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216014F0} SUPPRIME Partiel: O42 - Logiciel: Java 6 Update 16 - (.Sun Microsystems, Inc..) [HKLM] -- {26A24AE4-039D-4CA4-87B4-2F83216016F0} SUPPRIME Partiel: O42 - Logiciel: Java 6 Update 4 - (.Sun Microsystems, Inc..) [HKLM] -- {3248F0A8-6813-11D6-A77B-00B0D0160040} SUPPRIME Partiel: O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {A1194237-547A-461d-BD44-B97B1574A7DA} SUPPRIME Partiel: O42 - Logiciel: SweetIM for Messenger 3.4 - (.SweetIM Technologies Ltd..) [HKLM] -- {F70AE624-2B41-476F-BC9C-0A7F158C3F15} SUPPRIME CLSID BHO: {1392b8d2-5c05-419f-a8f6-b9f15a596612} SUPPRIME CLSID BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} SUPPRIME Service Legacy: LEGACY_1234B380 SUPPRIME Service Legacy: LEGACY_21292006 SUPPRIME Service Legacy: LEGACY_KLMD25 SUPPRIME HKCR\sweetie.ietoolbar SUPPRIME HKCR\sweetie.ietoolbar.1 SUPPRIME HKCR\sweetim_urlsearchhook.toolbarurlsearchhook SUPPRIME HKCR\sweetim_urlsearchhook.toolbarurlsearchhook.1 SUPPRIME HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\NetworkCrawler\Objects\WorkgroupCrawler SUPPRIME HKLM\Software\Classes\sweetie.ietoolbar SUPPRIME HKLM\Software\Classes\sweetie.ietoolbar.1 SUPPRIME HKLM\Software\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 SUPPRIME HKLM\Software\Classes\Toolbar3.sweetie SUPPRIME HKLM\Software\Classes\Toolbar3.sweetie.1 SUPPRIME HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612} SUPPRIME HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612} SUPPRIME HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612} SUPPRIME HKCR\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19} SUPPRIME HKLM\Software\Classes\TypeLib\{4d3b167e-5fd8-4276-8fd7-9df19c1e4d19} SUPPRIME HKCR\CLSID\{72B3882F-453A-4633-AAC9-8C3DCED62AFF} SUPPRIME HKLM\Software\Classes\CLSID\{72B3882F-453A-4633-AAC9-8C3DCED62AFF} SUPPRIME HKCR\CLSID\{82ac53b4-164c-4b07-a016-437a8388b81a} SUPPRIME HKLM\Software\Classes\CLSID\{82ac53b4-164c-4b07-a016-437a8388b81a} SUPPRIME HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{A1194237-547A-461d-BD44-B97B1574A7DA} SUPPRIME HKCR\Interface\{eee6c358-6118-11dc-9c72-001320c79847} SUPPRIME HKLM\Software\Classes\Interface\{eee6c358-6118-11dc-9c72-001320c79847} SUPPRIME HKCR\Interface\{eee6c35a-6118-11dc-9c72-001320c79847} SUPPRIME HKLM\Software\Classes\Interface\{eee6c35a-6118-11dc-9c72-001320c79847} SUPPRIME HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{eee6c35b-6118-11dc-9c72-001320c79847} SUPPRIME HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{eee6c35b-6118-11dc-9c72-001320c79847} SUPPRIME HKCR\CLSID\{eee6c35b-6118-11dc-9c72-001320c79847} SUPPRIME HKCR\TypeLib\{eee6c35e-6118-11dc-9c72-001320c79847} SUPPRIME HKCR\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847} SUPPRIME HKLM\Software\Classes\TypeLib\{eee6c35f-6118-11dc-9c72-001320c79847} SUPPRIME HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{eee6c360-6118-11dc-9c72-001320c79847} SUPPRIME HKCR\Installer\UpgradeCodes\CC94835868BCA58489B0D79DE655BCB1 SUPPRIME HKCR\Installer\Features\D82C50F59AED6DA47AA360145789E8BA SUPPRIME HKLM\Software\Classes\Installer\Features\D82C50F59AED6DA47AA360145789E8BA SUPPRIME HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Toolbar ========== Valeur(s) du Registre ========== ABSENT: R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} Clé orpheline ABSENT: O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} . (.Pas de propriétaire - Pas de description.) -- (.not file.) SUPPRIME RunValue: SweetIM ABSENT: O24 - Default MHTML Editor: Last - .(...) - (.not file.) SUPPRIME O52 - TDSD: \drivers.desc\"DivX.dll"="DivX 6.9.2 Codec" . (.Pas de propriétaire - Pas de description.) -- (.not file.) Aucune valeur présente dans la clé d'exception du registreFirewallRaz : ========== Elément(s) de donnée du Registre ========== SUPPRIME: R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com ========== Dossier(s) ========== SUPPRIME Reboot: C:\Program Files\SweetIM SUPPRIME C:\Documents and Settings\Flo & Alex\Application Data\teamspeak2 SUPPRIME c:\documents and settings\flo & alex\application data\mozilla\firefox\profiles\pj3z67cx.default\conduit SUPPRIME Flash Cookies: 64 SUPPRIME Temporaires Windows: : 78 ========== Fichier(s) ========== ERREUR suppression: c:\program files\sweetim\messenger\sweetim.exe () SUPPRIME c:\documents and settings\all users\application data\sweetim\messenger\data\contentdb\installcontentvalidation.xml SUPPRIME c:\documents and settings\all users\application data\sweetim\toolbars\internet explorer\cache\53b597b55d8412d563b720d3585c1af8.facebook.png SUPPRIME c:\documents and settings\all users\application data\sweetim\toolbars\internet explorer\cache\623e623f4ec1532c0b2f77d6fa4e80a9.toolbar41.xml SUPPRIME c:\documents and settings\all users\application data\sweetim\toolbars\internet explorer\cache\052fa331a4bfc3dfa2a3603ffa88e8f2.prad39.js SUPPRIME c:\documents and settings\all users\application data\sweetim\toolbars\internet explorer\cache\3f2214288ff3d8105a06844dfdaed46a.survey.png SUPPRIME c:\documents and settings\all users\application data\sweetim\toolbars\internet explorer\cache\744db5db6b8258e21fc3020b4cef0918.survey_hover.png ABSENT: c:\documents and settings\flo & alex\application data\teamspeak2 SUPPRIME Flash Cookies: 50 SUPPRIME Temporaires Windows: : 21 ========== Récapitulatif ========== 45 : Clé(s) du Registre 6 : Valeur(s) du Registre 1 : Elément(s) de donnée du Registre 5 : Dossier(s) 10 : Fichier(s) End of the scan J'ai redémarré le PC et le processus SweetIM.exe a enfin disparu ! -
[Résolu] PC doublement infecté
Mariooo57 a répondu à un(e) sujet de Mariooo57 dans Analyses et éradication malwares
ZHPDiag : Cijoint.fr - Service gratuit de dépôt de fichiers -
[Résolu] PC doublement infecté
Mariooo57 a répondu à un(e) sujet de Mariooo57 dans Analyses et éradication malwares
C'est fait ! Par contre après redémarrage, le processus SweetIM.exe semble toujours présent même si je n'ai pas de pubs et internet explorer qui s'affichent. Merci pour ce que vous avez fait ! -
[Résolu] PC doublement infecté
Mariooo57 a répondu à un(e) sujet de Mariooo57 dans Analyses et éradication malwares
Premier log de ZHPFix Rapport de ZHPFix 1.12.3295 par Nicolas Coolman, Update du 03/06/2011 Fichier d'export Registre : C:\ZHPExportRegistry-04-06-2011-17-43-15.txt Run by Flo & Alex at 04/06/2011 17:43:14 Windows XP Home Edition Service Pack 3 (Build 2600) Web site : ZHPFix Fix de rapport ========== Logiciel(s) ========== ABSENT: O42 - Logiciel: TeamSpeak 2 RC2 - (.Dominating Bytes Design.) [HKLM] -- Teamspeak 2 RC2_is1 ========== Clé(s) du Registre ========== SUPPRIME Partiel: O42 - Logiciel: SweetIM Toolbar for Internet Explorer 4.1 - (.SweetIM Technologies Ltd..) [HKLM] -- {A1194237-547A-461d-BD44-B97B1574A7DA} SUPPRIME CLSID BHO: {EB48D9EF-0AC9-E07E-F2DA-97218115873F} SUPPRIME CLSID BHO: {EEE6C35C-6118-11DC-9C72-001320C79847} SUPPRIME HKCU\Software\Ask&Record SUPPRIME HKCU\Software\SweetIM SUPPRIME HKLM\Software\AFBARRE SUPPRIME HKLM\Software\ImInstaller SUPPRIME HKLM\Software\SweetIM SUPPRIME HKLM\Software\WhiteSmoke SUPPRIME Service Legacy: LEGACY_SSHNAS ========== Valeur(s) du Registre ========== ABSENT: R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar Helper Module.) (4, 1, 0, 3) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll ABSENT: O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} . (.SweetIM Technologies Ltd. - SweetIM Toolbar for Internet Explorer.) -- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll SUPPRIME O81 - IFC: Internet Feature Controls [HKUS\.DEFAULT] [FEATURE_BROWSER_EMULATION] -- svchost.exe ABSENT: O81 - IFC: Internet Feature Controls [HKUS\S-1-5-18] [FEATURE_BROWSER_EMULATION] -- svchost.exe SUPPRIME FirewallRaz (SP) : C:\WINDOWS\TEMP\fyff\setup.exe SUPPRIME FirewallRaz (SP) : C:\WINDOWS\TEMP\ftfg\setup.exe Aucune valeur présente dans la clé d'exception du registreFirewallRaz : ========== Dossier(s) ========== SUPPRIME Reboot: C:\Program Files\SweetIM SUPPRIME C:\Program Files\WhiteSmoke SUPPRIME Flash Cookies: 1 SUPPRIME Temporaires Windows: : 10 ========== Fichier(s) ========== ABSENT: c:\program files\sweetim\toolbars\internet explorer\mghelper.dll ABSENT: c:\program files\sweetim\toolbars\internet explorer\mgtoolbarie.dll SUPPRIME c:\documents and settings\flo & alex\menu démarrer\programmes\assistant compatibilité des programmes.lnk SUPPRIME Flash Cookies: 0 SUPPRIME Temporaires Windows: : 20 ========== Récapitulatif ========== 10 : Clé(s) du Registre 7 : Valeur(s) du Registre 4 : Dossier(s) 5 : Fichier(s) 1 : Logiciel(s) End of the scan Si j'ai bien compris il doit y'avoir un deuxième rapport ensuite ? Le logiciel reste figé et je n'ai pas de demande concernant le redémarrage du pc... ou alors je suis peut-être trop impatient -
[Résolu] PC doublement infecté
Mariooo57 a répondu à un(e) sujet de Mariooo57 dans Analyses et éradication malwares
La suppression du Rootkit s'set faite avec succès merci ! Voilà le log de ZHPDiag Cijoint.fr - Service gratuit de dépôt de fichiers -
[Résolu] PC doublement infecté
Mariooo57 a répondu à un(e) sujet de Mariooo57 dans Analyses et éradication malwares
Concernant le log de ZHPDiag, aucun des deux sites proposés ne veut me l'uploader, est-ce normal ? -
[Résolu] PC doublement infecté
Mariooo57 a répondu à un(e) sujet de Mariooo57 dans Analyses et éradication malwares
Log de Malwarebytes : Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Version de la base de données: 6765 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 03/06/2011 22:36:37 mbam-log-2011-06-03 (22-36-37).txt Type d'examen: Examen complet (C:\|) Elément(s) analysé(s): 268410 Temps écoulé: 1 heure(s), 16 minute(s), 23 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 5 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\Software\Context\Context-Ads (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\idgbn5xehg (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Context\Context-Ads (Adware.AdRotator) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\$XNTUninstall643$ (Adware.AdRotator) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): c:\WINDOWS\$xntuninstall643$ (Adware.AdRotator) -> Quarantined and deleted successfully. Fichier(s) infecté(s): c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. c:\WINDOWS\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully. c:\WINDOWS\$xntuninstall643$\apuninstall.exe (Adware.AdRotator) -> Quarantined and deleted successfully. c:\WINDOWS\$xntuninstall643$\zrpt.xml (Adware.AdRotator) -> Quarantined and deleted successfully. -
[Résolu] PC doublement infecté
Mariooo57 a répondu à un(e) sujet de Mariooo57 dans Analyses et éradication malwares
Log de OTM : All processes killed ========== SERVICES/DRIVERS ========== Service AMService stopped successfully! Service AMService deleted successfully! ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4A603B-2231-4ABA-AEFF-A1F02D9CBCE4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4A603B-2231-4ABA-AEFF-A1F02D9CBCE4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF4A603B-2231-4ABA-AEFF-A1F02D9CBCE4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF4A603B-2231-4ABA-AEFF-A1F02D9CBCE4}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E178638F-36F7-48D5-B0ED-C653EBF17380}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E178638F-36F7-48D5-B0ED-C653EBF17380}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E178638F-36F7-48D5-B0ED-C653EBF17380}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E178638F-36F7-48D5-B0ED-C653EBF17380}\ not found. ========== FILES ========== File/Folder c:\windows\$xntuninstall643$\wktly.dll not found. File/Folder c:\windows\$xntuninstall643$\buomo.dll not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Administrateur.KLEIN-64DE5BBD8 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Flo & Alex ->Temp folder emptied: 199241 bytes ->Temporary Internet Files folder emptied: 61975 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 29470617 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 456 bytes User: klein ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 9890258 bytes ->Flash cache emptied: 784 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 466059 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 38,00 mb OTM by OldTimer - Version 3.1.18.0 log created on 06032011_203836 Files moved on Reboot... Registry entries deleted on Reboot... -
Bonjour à tous et à toutes, Depuis quelques temps mon pc semble infecté et ne cesse de buguer, voici la liste de choses gênantes que j'ai remarqué : - je suis rédirigé vers des pages (de pub?) qui s'ouvrent parfois même toutes seules - après un certain temps, je reçois un message d'erreur Win32 (parfois avant ceci j'entends un son windows qui est celui qu'on entend lorsqu'on veut confirmer la suppression d'un fichier) suivi par la transformation du skin XP en Windows 2000 et je n'ai plus de son - un processus svchost.exe bouffe beaucoup plus de ressources que le reste - internet explorer s'ouvre sans que je le lui demande etc... Voici le log Hijackthis : Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:00:47, on 03/06/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\steam\steam.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Mozilla Firefox\Firefox.exe C:\Program Files\Last.fm\LastFM.exe C:\Documents and Settings\Flo & Alex\Mes documents\Downloads\TomsDownloader15149.exe C:\DOCUME~1\FLO&AL~1\LOCALS~1\Temp\TomsDownloader15149.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Bing R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll R3 - URLSearchHook: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) O2 - BHO: Freecorder - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Z-opti Browser Enhancer - {CF4A603B-2231-4ABA-AEFF-A1F02D9CBCE4} - C:\WINDOWS\$XNTUninstall643$\wktly.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: Context-Ads Browser Enhancer - {E178638F-36F7-48D5-B0ED-C653EBF17380} - C:\WINDOWS\$XNTUninstall643$\buomo.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: (no name) - {EB48D9EF-0AC9-E07E-F2DA-97218115873F} - (no file) O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: (no name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [bipro] rundll32 "C:\WINDOWS\$XNTUninstall643$\wktly.dll",,Run O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe O4 - HKCU\..\Run: [steam] "D:\steam\steam.exe" -silent O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [4ECYTQ9SIC] C:\WINDOWS\TEMP\Emd.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM') O4 - .DEFAULT Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user') O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/LOnline/install.cab O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: mekomdo - Invalid registry found O20 - Winlogon Notify: memegon - Invalid registry found O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: AMService - Watoff Software - C:\WINDOWS\TEMP\gfdu\setup.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - Unknown owner - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe -- End of file - 10328 bytes Qu'est ce que je peux faire ? Merci d'avance pour votre aide !
-
Bonsoir, fifi29--> J'ai fais ce que vous m'avez proposé et ça marche ! (au moment du redémarrage le pc ne voulait plus s'éteindre mais bon ). Merci beaucoup pour votre aide, je vous souhaite de joyeuses fêtes de noël !
-
Voici les détails sur la carte mère : Propriétés Valeur Fabricant MICRO-STAR INTERNATIONAL CO., LTD Modèle MS-7142 Version 1.00 Numéro de série Zone nord (North Bridge) VIA K8M400 (VT8380) Révision 00 Zone sud (South Bridge) VIA VT8237 Révision 00 CPU AMD Sempron Processor 2800+ Socket CPU Socket 754 Slots Systèmes 4 PCI, 1 AGP Résumé mémoire Capacité Maximum 8192 MBytes Taille Maximum des modules mémoires 4096 MBytes Emplacement Mémoire 2 Correction d'erreurs Aucun Attention! L'exactitude des données DMI ne peut être garantie
-
J'ai du mal à comprendre ce que vous me demandez. Comment savoir si ma carte mère est à jour ? Car je n'ai pas eu de CD pour installer la carte mère. J'ai juste utilisé le cd pour installer windows...
-
Malheureusement, cela n'a rien changé... Mis à part ça, dans le gestionnaire de périphériques j'ai remarqué la présence d'un point d'interrogation jaune pour le Contrôleur RAID, est-il responsable de cette absence de son ?
-
Bonjour, Ce n'est pas la première fois que ça m'arrive, je n'ai plus de sons après avoir formaté le pc. D'habitude je télécharge puis installe le pilote audio Realtek AC'97 et le son revient mais ce n'est pas le cas pour cette fois. J'ai vérifié dans services.msc si l'audio était activé et démarré : tout est ok. Par contre, dans le panneau de configuration, quand je clique sur Realtek (dans matériel), il est écrit "Ce périphérique ne peut pas démarrer (Code 10)". D'ailleurs, tout est grisé dans les onglets audio. Je suis sous XP SP2. C'est pourquoi j'en viens à votre aide après moults recherches... En espérant trouver une solution à ce problème ! Je vous remercie d'avance. Cordialement.
-
Infection par Virut (FastNetSrv.exe etc...) (Résolu)
Mariooo57 a répondu à un(e) sujet de Mariooo57 dans Analyses et éradication malwares
J'ai installé la mise à jour et analysé mon PC avec la recherche d'outils malveillants de Windows, il m'en a trouvé un seul qu'il a supprimé. Je peux donc dire que mon problème est en partie résolu ? Merci pour votre aide précieuse ! -
Infection par Virut (FastNetSrv.exe etc...) (Résolu)
Mariooo57 a répondu à un(e) sujet de Mariooo57 dans Analyses et éradication malwares
Je ne peux pas me rendre sur les deux sites, que faire ? Reanalyser mon pc avec un des logiciels que vous m'avez conseillé ? edit : J'ai reboot mon pc, Antivir m'a détecté Conficker que j'ai supprimé, je peux maintenant me rendre sur les sites. -
Infection par Virut (FastNetSrv.exe etc...) (Résolu)
Mariooo57 a répondu à un(e) sujet de Mariooo57 dans Analyses et éradication malwares
Je m'excuse pour le retard. J'ai lancé Symantec en mode normal puis en mode sans échec, mais après la recherche j'ai ce message : W32.Downadup has not been found on your computer. Je peux déjà installer les mises à jour ? -
Infection par Virut (FastNetSrv.exe etc...) (Résolu)
Mariooo57 a répondu à un(e) sujet de Mariooo57 dans Analyses et éradication malwares
Les logs de Usbfix : ############################## | UsbFix V6.050 | User : alex (Administrateurs) # KLEIN-382B81EE9 Update on 09/11/2009 by Chiquitine29, C_XX & Chimay8 Start at: 21:03:57 | 10/11/2009 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com AMD Sempron Processor 2800+ Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Disabled AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ] A:\ -> Lecteur de disquettes 3 ½ pouces C:\ -> Disque fixe local # 78,13 Go (48,19 Go free) # NTFS D:\ -> Disque fixe local # 75,25 Go (26,8 Go free) [Disque local] # NTFS E:\ -> Disque CD-ROM F:\ -> Disque CD-ROM G:\ -> Disque amovible # 974,91 Mo (2,35 Mo free) # FAT32 H:\ -> Disque amovible # 7,72 Go (28,58 Mo free) [TREKSTOR] # FAT32 I:\ -> Disque amovible ############################## | Processus actifs | C:\WINDOWS\System32\smss.exe 532 C:\WINDOWS\system32\csrss.exe 596 C:\WINDOWS\system32\winlogon.exe 620 C:\WINDOWS\system32\services.exe 664 C:\WINDOWS\system32\lsass.exe 676 C:\WINDOWS\system32\svchost.exe 840 C:\WINDOWS\system32\svchost.exe 920 C:\WINDOWS\System32\svchost.exe 1016 C:\WINDOWS\system32\svchost.exe 1060 C:\WINDOWS\system32\svchost.exe 1172 C:\WINDOWS\system32\svchost.exe 1304 C:\WINDOWS\system32\spoolsv.exe 1432 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1480 C:\WINDOWS\system32\svchost.exe 1576 C:\WINDOWS\Explorer.EXE 1788 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1912 D:\steam\steam.exe 1944 C:\WINDOWS\system32\ctfmon.exe 1972 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1092 C:\WINDOWS\system32\svchost.exe 1684 C:\Program Files\Opera\opera.exe 256 C:\WINDOWS\system32\wbem\wmiapsrv.exe 2132 C:\WINDOWS\System32\alg.exe 2284 C:\WINDOWS\system32\wscntfy.exe 2360 C:\WINDOWS\System32\svchost.exe 2764 C:\WINDOWS\system32\wbem\wmiprvse.exe 2968 C:\WINDOWS\system32\wuauclt.exe 3196 C:\WINDOWS\system32\wuauclt.exe 3316 ################## | Fichiers # Dossiers infectieux | G:\Notepad.exe G:\RunDll32.exe H:\Notepad.exe H:\RunDll32.exe H:\update.exe ################## | Registre # Clés Run infectieuses | [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools" [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" ################## | Registre # Mountpoints2 | ################## | Suspect | http://www.virustotal.com | ################## | Cracks / Keygens / Serials | "C:\Documents and Settings\alex\Bureau\Amplitube\IK Multimedia Amplitube Metal v1.0\KeyGen.exe" 14/10/2009 18:10 |Size 458752 |Crc32 44e0de84 |Md5 f70de59373b01d8508e342623fd5e61e "C:\Documents and Settings\alex\Bureau\Amplitube\IK Multimedia AmpliTube v2.1\KeyGen.exe" 14/10/2009 18:10 |Size 36864 |Crc32 5927e6ff |Md5 c5d1cdc216ca66542cde520b0042cd39 ################## | ! Fin du rapport # UsbFix V6.050 ! | ############################## | UsbFix V6.050 | User : alex (Administrateurs) # KLEIN-382B81EE9 Update on 09/11/2009 by Chiquitine29, C_XX & Chimay8 Start at: 21:07:56 | 10/11/2009 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com AMD Sempron Processor 2800+ Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 2 Internet Explorer 8.0.6001.18702 Windows Firewall Status : Disabled AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ] A:\ -> Lecteur de disquettes 3 ½ pouces C:\ -> Disque fixe local # 78,13 Go (48,19 Go free) # NTFS D:\ -> Disque fixe local # 75,25 Go (26,8 Go free) [Disque local] # NTFS E:\ -> Disque CD-ROM F:\ -> Disque CD-ROM G:\ -> Disque amovible # 974,91 Mo (2,35 Mo free) # FAT32 H:\ -> Disque amovible # 7,72 Go (28,58 Mo free) [TREKSTOR] # FAT32 I:\ -> Disque amovible ############################## | Processus actifs | C:\WINDOWS\System32\smss.exe 532 C:\WINDOWS\system32\csrss.exe 596 C:\WINDOWS\system32\winlogon.exe 620 C:\WINDOWS\system32\services.exe 664 C:\WINDOWS\system32\lsass.exe 676 C:\WINDOWS\system32\svchost.exe 840 C:\WINDOWS\system32\svchost.exe 920 C:\WINDOWS\System32\svchost.exe 1016 C:\WINDOWS\system32\svchost.exe 1060 C:\WINDOWS\system32\svchost.exe 1172 C:\WINDOWS\system32\svchost.exe 1304 C:\WINDOWS\system32\spoolsv.exe 1432 C:\Program Files\Avira\AntiVir Desktop\sched.exe 1480 C:\WINDOWS\system32\svchost.exe 1576 C:\WINDOWS\Explorer.EXE 1788 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1912 D:\steam\steam.exe 1944 C:\WINDOWS\system32\ctfmon.exe 1972 C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1092 C:\WINDOWS\system32\svchost.exe 1684 C:\Program Files\Opera\opera.exe 256 C:\WINDOWS\system32\wbem\wmiapsrv.exe 2132 C:\WINDOWS\System32\alg.exe 2284 C:\WINDOWS\system32\wscntfy.exe 2360 C:\WINDOWS\System32\svchost.exe 2764 C:\WINDOWS\system32\wuauclt.exe 3316 C:\WINDOWS\system32\NOTEPAD.EXE 3396 C:\WINDOWS\system32\notepad.exe 3508 C:\WINDOWS\system32\wbem\wmiprvse.exe 3840 ################## | Fichiers # Dossiers infectieux | Supprimé ! G:\Notepad.exe Supprimé ! G:\RunDll32.exe Supprimé ! H:\Notepad.exe Supprimé ! H:\RunDll32.exe Supprimé ! H:\update.exe ################## | Registre # Clés Run infectieuses | Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools" Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" Supprimé ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives" ################## | Registre # Mountpoints2 | ################## | Listing des fichiers présent | [31/10/2009 12:13|--a------|1267] C:\Ask & Record Toolbar Setup Log.txt [13/10/2009 21:43|--a------|0] C:\AUTOEXEC.BAT [02/11/2009 15:49|---hs----|216] C:\boot.ini [05/08/2004 13:00|-rahs----|4952] C:\Bootfont.bin [02/11/2009 16:10|--a------|25061] C:\ComboFix.txt [13/10/2009 21:43|--a------|0] C:\CONFIG.SYS [?|?|?] C:\hiberfil.sys [13/10/2009 21:43|-rahs----|0] C:\IO.SYS [02/11/2009 16:10|--a------|25061] C:\log.txt [13/10/2009 21:43|-rahs----|0] C:\MSDOS.SYS [05/08/2004 13:00|-rahs----|47564] C:\NTDETECT.COM [05/08/2004 13:00|-rahs----|251712] C:\ntldr [?|?|?] C:\pagefile.sys [10/11/2009 19:25|--a------|2448] C:\TB.txt [10/11/2009 21:08|--a------|3392] C:\UsbFix.txt [12/08/2008 08:53|---hs----|2670] D:\AlbumArtSmall.jpg [12/08/2008 08:53|---hs----|9825] D:\AlbumArt_{9CB9C2AF-A86B-4AE4-BA88-19DCAFC6367B}_Large.jpg [12/08/2008 08:53|---hs----|2670] D:\AlbumArt_{9CB9C2AF-A86B-4AE4-BA88-19DCAFC6367B}_Small.jpg [12/08/2008 08:53|---hs----|328] D:\desktop.ini [12/08/2008 08:53|---hs----|9825] D:\Folder.jpg [25/03/2009 22:49|--ahs----|86528] D:\Thumbs.db [06/05/2009 17:37|--a------|2806289] G:\02 Almost Easy(1)(1).mp3 [06/05/2009 17:33|--a------|3465948] G:\03 Scream(1)(1).mp3 [10/05/2009 20:25|--a------|3489722] G:\06-avenged_sevenfold-tension(1).mp3 [10/05/2009 20:20|--a------|3041303] G:\07 Brompton Cocktail(1)(1).mp3 [01/06/2009 19:01|--a------|3690604] G:\02 - Order Restored(1).mp3 [01/06/2009 19:06|--a------|2922939] G:\06 - Haunt My Mind(1).mp3 [01/06/2009 19:09|--a------|2859435] G:\07 - This War Time(1).mp3 [01/06/2009 19:14|--a------|3492325] G:\08 - The Credit _We_ Deserve(1).mp3 [25/05/2009 22:02|--a------|2935048] G:\09 - Tap Dancing In A Minefield(1).mp3 [08/11/2009 23:12|--a------|3005482] G:\02 - Ticking Boxes(1).mp3 [14/10/2009 23:33|--a------|2061100] G:\02-as_tall_as_lions-sixes_and_sevens(1).mp3 [14/10/2009 23:33|--a------|2928131] G:\02- Last Call(1).mp3 [06/03/2009 21:39|--a------|3152308] G:\Circa Survive - Juturna - 07 - Stop the Car(1).mp3 [14/10/2009 23:04|--a------|2914306] G:\03 It Was Written In Blood(1).mp3 [14/10/2009 23:04|--a------|3130727] G:\04 Death Breath(1).mp3 [14/10/2009 23:05|--a------|3077602] G:\06 Sleep With One Eye Open(1).mp3 [05/11/2009 21:43|--a------|4034918] G:\30 Seconds To Mars - This Is War.mp3 [14/10/2009 23:19|--a------|2912152] G:\01 Dicephalous(1).mp3 [14/10/2009 23:35|--a------|2638677] G:\02-kingdoms-the_biltmore_hotel(1).mp3 [14/10/2009 23:35|--a------|2801539] G:\13 Common Existence(1).mp3 [14/10/2009 23:36|--a------|4176166] G:\30_Seconds_To_Mars_-_Kings_And_Queens(1).mp3 [14/10/2009 23:36|--a------|2241656] G:\Envy on the Coast - Devil's Tongue(1).mp3 [14/10/2009 23:37|--a------|3789942] G:\Minus the Bear - Into the Mirror(1).mp3 [14/10/2009 23:07|--a------|5993162] G:\10 Suicide Season(1).mp3 [10/05/2009 20:10|--a------|3786070] G:\01 Critical Acclaim(1)(1).mp3 [06/03/2009 21:06|--a------|2925963] G:\02 - In The Morning And Amazing...(1).mp3 [06/03/2009 22:09|--a------|2669774] G:\03 - The Greatest Lie(1).mp3 [06/03/2009 20:52|--a------|2084006] G:\Circa Survive 1,000+Witnesses(1).mp3 [06/03/2009 22:00|--a------|2615351] G:\08 - Kicking Your Crosses Down(1).mp3 [14/08/2009 00:05|--a------|3335053] G:\03-kaddisfly-(july)_waves(1).mp3 [14/10/2009 23:48|--a------|3454263] G:\02-daitro-part_ii(1).mp3 [19/09/2009 00:59|--a------|2900905] G:\04-evergreen_terrace-were_always_losing_blood(1).mp3 [09/09/2009 18:12|--a------|2451621] G:\01 - Chemicals (King Of The Carp)(1)1.mp3 [18/10/2009 22:27|--a------|3074136] G:\10 - Barbarians (Crackle Rotcha Tee Thout)(1).mp3 [12/08/2009 22:32|--a------|2636105] G:\02 A Message to The Flat Earth Society(1).mp3 [05/11/2009 19:29|--a------|3051678] G:\Admiral's Arms - The Thirteen Out Of Tune Trumpets.mp3 [04/04/2009 23:48|--a------|2587270] G:\05 - Ink(1).mp3 [04/11/2009 01:40|--a------|2741911] G:\Story Of The Year - To The Burial(1).mp3 [17/10/2009 18:17|--a------|3927339] G:\04 Blood(1).mp3 [13/09/2009 15:02|--a------|2862880] G:\Admiral's Arms - Dawn Of The New Age.mp3 [18/10/2009 14:40|--a------|2542366] G:\03 - You Cannot Rape The Willing(1).mp3 [19/10/2009 19:30|--a------|2740630] G:\01- The hey man(1).mp3 [29/04/2009 19:21|--a------|2510380] G:\06 - Fireflies(1).mp3 [05/04/2009 00:05|--a------|3353229] G:\12 - Bitemarks And Bloodstains(1).mp3 [11/10/2009 00:58|--a------|2437120] G:\School Food Punishment - Riff-Rain - 04 Killer(1).mp3 [11/10/2009 00:54|--a------|2715648] G:\School Food Punishment - Riff-Rain - 02 Feedback(1).mp3 [05/11/2009 00:13|--a------|2326766] G:\02 Hate Everyone(1).mp3 [05/11/2009 00:17|--a------|2639537] G:\Harvard - Memory Police(1).mp3 [06/09/2008 18:49|--a------|3226090] H:\12 No Smiles on Christmas(1).mp3 [15/04/2008 15:36|--a------|1773286] H:\121 Galaxy Plant(1).mp3 [08/04/2009 21:55|--a------|1474030] H:\203 To the Gateway(1).mp3 [15/04/2008 15:37|--a------|1423790] H:\206 Astronomy Dome(1).mp3 [08/04/2009 22:01|--a------|536165] H:\234 Inside the Drainpipe(1).mp3 [15/04/2008 15:37|--a------|1003879] H:\253 Family(1).mp3 [11/12/2008 17:01|--a------|2708484] H:\American Hi-Fi - Fight Of Frequency(1).mp3 [11/12/2008 17:02|--a------|2253588] H:\American_Hi-Fi_-_Keep_It_Like_A_Secret(1).mp3 [15/04/2008 15:22|--a------|1717947] H:\01_-_main_menu(1).mp3 [15/04/2008 15:24|--a------|3197566] H:\03._theme_from_battery(1).mp3 [15/04/2008 15:20|--a------|512000] H:\Clutch - Mice & Gods(1).mp3 [06/04/2009 18:33|--a------|2675260] H:\Death Before Disco - Modern Times(1).mp3 [11/08/2007 13:58|--a------|6089351] H:\05 - Drop Dead Gorgeous - They'll Never Get Me (Word With You) - (03-32).mp3 [20/08/2009 17:22|--a------|2354427] H:\Sum 41 - Subject To Change(1).mp3 [01/05/2008 22:35|--a------|4096] H:\Silverchair - Without You(1).mp3 [15/04/2008 15:32|--a------|4096] H:\The Fall of Troy - 09 - Ex-Creations(1).mp3 [08/04/2009 20:44|--a------|4096] H:\The Kooks - Ooh Laa(1).mp3 [22/03/2009 22:52|--a------|3124534] H:\Oasis - Falling Down(1).mp3 [15/04/2008 15:35|--a------|4096] H:\Uncommonmenfrommars - Falling Back Line(1).mp3 [15/04/2008 15:17|--a------|4096] H:\Vanilla Sky - Umbrella(1).mp3 [01/05/2008 22:29|--a------|4096] H:\Will Haven - Carpe Diem(1).mp3 [29/04/2009 18:38|--a------|2929854] H:\01-the_streets-everything_is_borrowed(1).mp3 [28/02/2009 00:14|--a------|1965067] H:\Blink-182 - 02-Obvious(1).mp3 [19/04/2009 23:52|--a------|2554320] H:\02-fightstar-the_english_way(1).mp3 [13/09/2009 16:55|--a------|2302630] H:\Lostprophets - Unreleased - The Secret(1).mp3 [11/09/2009 21:09|--a------|2704776] H:\simpleplanyourloveisalierockamring2008(1).mp3 [05/08/2004 14:00|--ah-----|45568] H:\MTRSP.EXE [05/08/2004 14:00|--ah-----|45568] H:\HL2.EXE [05/08/2004 14:00|--ah-----|45568] H:\WINRAR.EXE [05/08/2004 14:00|--ah-----|45568] H:\ALG.EXE [05/08/2004 14:00|--ah-----|45568] H:\MSIEXEC.EXE ################## | Vaccination | # C:\autorun.inf -> Dossier créé par UsbFix. # D:\autorun.inf -> Dossier créé par UsbFix. # G:\autorun.inf -> Dossier créé par UsbFix. # H:\autorun.inf -> Dossier créé par UsbFix. ################## | Suspect | http://www.virustotal.com | ################## | Cracks / Keygens / Serials | "C:\Documents and Settings\alex\Bureau\Amplitube\IK Multimedia Amplitube Metal v1.0\KeyGen.exe" 14/10/2009 18:10 |Size 458752 |Crc32 44e0de84 |Md5 f70de59373b01d8508e342623fd5e61e "C:\Documents and Settings\alex\Bureau\Amplitube\IK Multimedia AmpliTube v2.1\KeyGen.exe" 14/10/2009 18:10 |Size 36864 |Crc32 5927e6ff |Md5 c5d1cdc216ca66542cde520b0042cd39 ################## | Upload | Veuillez envoyer le fichier : C:\DOCUME~1\alex\Bureau\UsbFix_Upload_Me_KLEIN-382B81EE9.zip : http://forum-aide-contre-virus.be/usbfix/choix_fichier.php Merci pour votre contribution . ################## | ! Fin du rapport # UsbFix V6.050 ! | Je sais maintenant par quoi j'ai eu ce virus... -
Infection par Virut (FastNetSrv.exe etc...) (Résolu)
Mariooo57 a répondu à un(e) sujet de Mariooo57 dans Analyses et éradication malwares
Les logs de Toolbar S&D : -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : AMD Sempron Processor 2800+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : alex ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:78 Go (Free:48 Go) D:\ (Local Disk) - NTFS - Total:75 Go (Free:26 Go) E:\ (CD or DVD) F:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [1] ( 10/11/2009|19:07 ) -----------\\ Recherche de Fichiers / Dossiers ... C:\DOCUME~1\alex\APPLIC~1\Search Settings C:\DOCUME~1\alex\APPLIC~1\Search Settings\kb128 C:\DOCUME~1\alex\APPLIC~1\Search Settings\kb128\temp C:\DOCUME~1\alex\APPLIC~1\Search Settings\kb128\temp\ws-14546.log C:\DOCUME~1\alex\APPLIC~1\Search Settings\kb128\temp\ws-14548.log C:\DOCUME~1\alex\APPLIC~1\Search Settings\kb128\temp\ws-14549.log C:\DOCUME~1\alex\APPLIC~1\Search Settings\kb128\temp\ws-14550.log C:\DOCUME~1\klein\APPLIC~1\Search Settings C:\DOCUME~1\klein\APPLIC~1\Search Settings\kb128 C:\DOCUME~1\klein\APPLIC~1\Search Settings\kb128\temp C:\DOCUME~1\klein\APPLIC~1\Search Settings\kb128\temp\ws-14545.log C:\DOCUME~1\klein\APPLIC~1\Search Settings\kb128\temp\ws-14548.log -----------\\ Extensions (alex) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user (alex) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper (klein) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Search Page"="http://www.google.com"'>http://www.google.com" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Search Bar"="http://www.google.com/ie"'>http://www.google.com/ie" "Start Page"="http://www.orange.fr"'>http://www.orange.fr" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\alex\Application Data\BitTorrent\GTA IV + Cracks.torrent C:\DOCUME~1\alex\Bureau\Amplitube\IK Multimedia Amplitube Metal v1.0\KeyGen.exe C:\DOCUME~1\alex\Bureau\Amplitube\IK Multimedia AmpliTube v2.1\KeyGen.exe 1 - "C:\ToolBar SD\TB_1.txt" - 10/11/2009|19:16 - Option : [1] -----------\\ ToolBar S&D 1.2.9 XP/Vista Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2 X86-based PC ( Uniprocessor Free : AMD Sempron Processor 2800+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : alex ( Administrator ) BOOT : Normal boot Antivirus : AntiVir Desktop 9.0.1.32 (Not Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total:78 Go (Free:48 Go) D:\ (Local Disk) - NTFS - Total:75 Go (Free:26 Go) E:\ (CD or DVD) F:\ (CD or DVD) "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [2] ( 10/11/2009|19:23 ) -----------\\ SUPPRESSION Supprime! - C:\DOCUME~1\alex\APPLIC~1\Search Settings\kb128 Supprime! - C:\DOCUME~1\klein\APPLIC~1\Search Settings\kb128 Supprime! - C:\DOCUME~1\alex\APPLIC~1\Search Settings Supprime! - C:\DOCUME~1\klein\APPLIC~1\Search Settings -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ Extensions (alex) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user (alex) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper (klein) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Search Page"="http://www.google.com" "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Search Bar"="http://www.google.com/ie" "Start Page"="http://www.orange.fr" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\DOCUME~1\alex\Application Data\BitTorrent\GTA IV + Cracks.torrent C:\DOCUME~1\alex\Bureau\Amplitube\IK Multimedia Amplitube Metal v1.0\KeyGen.exe C:\DOCUME~1\alex\Bureau\Amplitube\IK Multimedia AmpliTube v2.1\KeyGen.exe 1 - "C:\ToolBar SD\TB_1.txt" - 10/11/2009|19:16 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 10/11/2009|19:25 - Option : [2] Le log de Malwarebytes : Malwarebytes' Anti-Malware 1.41 Version de la base de données: 3140 Windows 5.1.2600 Service Pack 2 10/11/2009 20:57:22 mbam-log-2009-11-10 (20-57-21).txt Type de recherche: Examen complet (C:\|D:\|G:\|H:\|) Eléments examinés: 260634 Temps écoulé: 1 hour(s), 1 minute(s), 36 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 4 Valeur(s) du Registre infectée(s): 10 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 2 Fichier(s) infecté(s): 90 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fastnetsrv (Backdoor.Refpron) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BtwSrv (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_BTWSRV (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FASTNETSRV (Backdoor.Bot) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mBt (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udfa (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): G:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 (Trojan.Conficker.H) -> Quarantined and deleted successfully. H:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665 (Trojan.Conficker.H) -> Quarantined and deleted successfully. Fichier(s) infecté(s): G:\AUTORUN.INF (Trojan.Conficker.H) -> Quarantined and deleted successfully. G:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Trojan.Conficker.H) -> Quarantined and deleted successfully. H:\autorun.inf (Trojan.Conficker.H) -> Quarantined and deleted successfully. H:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx (Trojan.Conficker.H) -> Quarantined and deleted successfully. C:\Documents and Settings\alex\DoctorWeb\Quarantine\w[4].bin (Backdoor.Bot) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\Fonts\services.exe.vir (Trojan.VB) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP10\A0002055.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP10\A0002107.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP10\A0002108.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP10\A0002202.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP10\A0002206.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP10\A0002368.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP10\A0002369.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP10\A0002370.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP10\A0002371.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP10\A0002482.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP10\A0002603.dll (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP10\A0002608.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP10\A0002612.dll (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP10\A0002627.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP11\A0002690.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP11\A0002691.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP12\A0002710.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP12\A0002711.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP12\A0002712.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP12\A0002713.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP12\A0002714.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP12\A0002715.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP15\A0003179.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP15\A0003545.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP16\A0004487.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP16\A0004616.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP17\A0004630.dll (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP19\A0005160.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP3\A0000295.exe (Trojan.VB) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP3\A0000358.exe (Rogue.Eorezo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP3\A0000359.exe (Rogue.Eorezo) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP3\A0000365.dll (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP4\A0000374.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP4\A0000375.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP4\A0000393.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP4\A0000394.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP4\A0000395.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP5\A0000480.dll (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP5\A0000481.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP6\A0000522.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP6\A0000523.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP6\A0000586.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP6\A0000587.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP6\A0000601.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP6\A0000602.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP6\A0000616.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP6\A0000618.old (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP6\A0000619.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP6\A0000620.dll (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP6\A0000623.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP6\A0000624.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP6\A0000625.sys (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP6\A0000626.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP6\A0000627.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP6\A0000736.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP6\A0000737.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP7\A0000756.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP7\A0000748.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP7\A0000749.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP7\A0000755.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP7\A0000764.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP7\A0000791.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP7\A0001762.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP7\A0001763.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001835.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001836.old (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001837.dll (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001839.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001864.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001865.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001872.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001873.old (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001874.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001878.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001885.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001886.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001838.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001875.dll (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001991.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001992.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001993.old (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001994.dll (Backdoor.Bot) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{B318FB7C-76CD-47A6-BD5E-9DB1EFDF0F4F}\RP9\A0001995.exe (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\t1p0_173195491865.b1k (Backdoor.Bot) -> Quarantined and deleted successfully. Je vais scanner avec Usbfix, je posterai le log plus tard. -
Infection par Virut (FastNetSrv.exe etc...) (Résolu)
Mariooo57 a répondu à un(e) sujet de Mariooo57 dans Analyses et éradication malwares
Suite --> Logfile of random's system information tool 1.06 (written by random/random) Run by alex at 2009-11-09 17:45:23 Microsoft Windows XP Édition familiale Service Pack 2 System drive C: has 50 GB (63%) free of 80 GB Total RAM: 1023 MB (49% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:45:33, on 09/11/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\notepad.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\steam\steam.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\alex\Bureau\Logiciels\windows-live-messenger_wl_messenger_2009_14.0.8089.726_francais_19367.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\system32\msiexec.exe C:\Documents and Settings\alex\Local Settings\Application Data\Opera\Opera\temporary_downloads\RSIT.exe C:\Program Files\trend micro\alex.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll O3 - Toolbar: Ask && Record Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [steam] "d:\steam\steam.exe" -silent O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user') O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (qsax Control) - http://quickscan.bitdefender.com/qsax/qsax.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1255547659625 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: fastnetsrv Service (fastnetsrv) - Unknown owner - C:\WINDOWS\system32\FastNetSrv.exe (file missing) O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 7241 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-10-19 329312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-25 256112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-17 762864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll [2009-07-31 698880] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-10-25 458736] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] Ask && Record Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-06-04 1144712] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-25 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-21 368640] {B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\pdfforgeToolbarIE.dll [2009-07-31 698880] {D4027C7F-154A-4066-A1AD-4243D8127440} - Ask && Record Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-06-04 1144712] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-25 256112] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ORAHSSSessionManager"=C:\Program Files\OrangeHSS\SessionManager\SessionManager.exe [2007-12-12 107248] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-25 149280] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] "PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-06-18 271360] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-10-19 198160] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Steam"=d:\steam\steam.exe [2009-10-25 1217808] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-10-17 39408] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-05 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe [2005-06-06 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ask and Record FLV Service] C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe [2009-03-10 156672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU C:\DOCUME~1\alex\LOCALS~1\Temp\E_S4BA.tmp /EF HKCU [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe [2004-10-14 32768] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe [2004-08-23 20480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe"="C:\Program Files\OrangeHSS\Connectivity\ConnectivityManager.exe:*:enabled:CSS" "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b9aab490-b839-11de-a84f-0013d3a9b892}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee0c0834-b8ad-11de-a852-0013d3a9b892}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn ======List of files/folders created in the last 1 months====== 2009-11-09 17:45:24 ----D---- C:\Program Files\trend micro 2009-11-09 17:45:23 ----D---- C:\rsit 2009-11-09 17:38:04 ----D---- C:\_OTM 2009-11-09 17:36:08 ----D---- C:\Program Files\Fichiers communs\Windows Live 2009-11-09 10:49:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$ 2009-11-09 10:49:41 ----HDC---- C:\WINDOWS\$NtUninstallKB925720$ 2009-11-08 17:09:50 ----HDC---- C:\WINDOWS\ie8 2009-11-08 07:34:44 ----D---- C:\WINDOWS\system32\XPSViewer 2009-11-08 07:34:40 ----D---- C:\Program Files\MSBuild 2009-11-08 07:34:38 ----D---- C:\WINDOWS\system32\en-US 2009-11-08 07:34:32 ----D---- C:\Program Files\Reference Assemblies 2009-11-08 07:34:12 ----N---- C:\WINDOWS\system32\xpsshhdr.dll 2009-11-08 07:34:12 ----N---- C:\WINDOWS\system32\prntvpt.dll 2009-11-08 07:34:11 ----N---- C:\WINDOWS\system32\xpssvcs.dll 2009-11-08 07:34:11 ----D---- C:\546ef18315a0fa6ad23af7cf09 2009-11-08 07:31:46 ----HDC---- C:\WINDOWS\$NtUninstallWIC$ 2009-11-08 07:31:41 ----D---- C:\Program Files\MSXML 6.0 2009-11-08 06:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$ 2009-11-07 20:12:28 ----D---- C:\Documents and Settings\alex\Application Data\QuickScan 2009-11-07 07:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB976749$ 2009-11-06 23:56:43 ----D---- C:\0104218eeca7189dc154 2009-11-06 06:09:27 ----A---- C:\WINDOWS\system32\muweb.dll 2009-11-06 06:09:27 ----A---- C:\WINDOWS\system32\mucltui.dll 2009-11-06 06:05:47 ----D---- C:\Config.Msi 2009-11-03 02:13:11 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$ 2009-11-03 02:12:59 ----A---- C:\WINDOWS\imsins.BAK 2009-11-03 02:12:55 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$ 2009-11-02 22:03:50 ----A---- C:\WINDOWS\system32\mucltui.dll.mui 2009-11-02 17:03:33 ----D---- C:\WINDOWS\system32\CatRoot_bak 2009-11-02 17:01:13 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-11-02 16:10:50 ----D---- C:\WINDOWS\temp 2009-11-02 16:10:48 ----A---- C:\log.txt 2009-11-02 16:10:48 ----A---- C:\ComboFix.txt 2009-11-02 16:03:24 ----A---- C:\WINDOWS\ntbtlog.txt 2009-11-02 16:02:30 ----A---- C:\WINDOWS\zip.exe 2009-11-02 16:02:30 ----A---- C:\WINDOWS\SWXCACLS.exe 2009-11-02 16:02:30 ----A---- C:\WINDOWS\SWSC.exe 2009-11-02 16:02:30 ----A---- C:\WINDOWS\SWREG.exe 2009-11-02 16:02:30 ----A---- C:\WINDOWS\sed.exe 2009-11-02 16:02:30 ----A---- C:\WINDOWS\PEV.exe 2009-11-02 16:02:30 ----A---- C:\WINDOWS\NIRCMD.exe 2009-11-02 16:02:30 ----A---- C:\WINDOWS\MBR.exe 2009-11-02 16:02:30 ----A---- C:\WINDOWS\grep.exe 2009-11-02 16:02:26 ----D---- C:\WINDOWS\ERDNT 2009-11-02 16:02:23 ----D---- C:\ComboFix 2009-11-02 16:02:12 ----D---- C:\Qoobox 2009-11-02 15:50:03 ----HDC---- C:\WINDOWS\$NtUninstallKB943232$ 2009-11-02 15:41:41 ----D---- C:\Program Files\Zone Labs 2009-11-02 15:41:23 ----D---- C:\WINDOWS\Internet Logs 2009-11-02 15:29:09 ----D---- C:\Program Files\Avira 2009-11-02 15:29:09 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2009-11-02 15:18:55 ----D---- C:\WINDOWS\Sun 2009-11-02 15:12:37 ----D---- C:\WINDOWS\pss 2009-11-01 16:32:52 ----D---- C:\Documents and Settings\alex\Application Data\Malwarebytes 2009-11-01 16:32:44 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-01 16:32:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2009-10-31 16:10:06 ----D---- C:\Program Files\Unlocker 2009-10-31 15:04:21 ----D---- C:\Documents and Settings\alex\Application Data\Amazon 2009-10-31 15:03:33 ----D---- C:\Program Files\Amazon 2009-10-29 11:32:47 ----D---- C:\Documents and Settings\alex\Application Data\EPSON 2009-10-28 15:26:12 ----SHDC---- C:\Program Files\Fichiers communs\WindowsLiveInstaller 2009-10-28 15:25:51 ----D---- C:\Program Files\Windows Live 2009-10-28 15:25:39 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller 2009-10-28 03:40:35 ----N---- C:\WINDOWS\system32\pxwma.dll 2009-10-26 20:50:16 ----D---- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited 2009-10-26 20:50:03 ----D---- C:\Program Files\CDBurnerXP 2009-10-26 18:10:50 ----RSD---- C:\WINDOWS\assembly 2009-10-26 18:10:16 ----D---- C:\WINDOWS\Microsoft.NET 2009-10-26 18:05:00 ----D---- C:\WINDOWS\San Andreas Mod Installer 2009-10-26 17:10:30 ----A---- C:\WINDOWS\system32\CmdLineExt.dll 2009-10-26 14:31:42 ----D---- C:\Program Files\Rockstar Games 2009-10-25 18:40:47 ----A---- C:\WINDOWS\system32\javaws.exe 2009-10-25 18:40:47 ----A---- C:\WINDOWS\system32\javaw.exe 2009-10-25 18:40:47 ----A---- C:\WINDOWS\system32\java.exe 2009-10-25 18:40:47 ----A---- C:\WINDOWS\system32\deploytk.dll 2009-10-25 18:40:24 ----D---- C:\Program Files\Java 2009-10-25 18:39:08 ----D---- C:\Documents and Settings\alex\Application Data\Sun 2009-10-25 11:05:23 ----D---- C:\Documents and Settings\alex\Application Data\PC Suite 2009-10-25 09:04:35 ----D---- C:\Program Files\OO Software 2009-10-25 07:11:42 ----HDC---- C:\WINDOWS\$NtUninstallWudf01005$ 2009-10-25 07:09:21 ----D---- C:\Documents and Settings\All Users\Application Data\PC Suite 2009-10-25 07:06:21 ----D---- C:\Program Files\Fichiers communs\PCSuite 2009-10-25 07:06:20 ----D---- C:\Program Files\Fichiers communs\Nokia 2009-10-25 07:06:05 ----D---- C:\Program Files\DIFX 2009-10-25 07:05:55 ----D---- C:\Program Files\PC Connectivity Solution 2009-10-25 07:05:44 ----DC---- C:\WINDOWS\system32\DRVSTORE 2009-10-25 07:05:44 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll 2009-10-25 07:05:42 ----D---- C:\Program Files\Nokia 2009-10-25 07:05:42 ----A---- C:\WINDOWS\system32\nmwcdcls.dll 2009-10-25 07:04:08 ----D---- C:\Documents and Settings\All Users\Application Data\Installations 2009-10-25 03:17:25 ----D---- C:\UsbFix 2009-10-24 15:10:17 ----D---- C:\Documents and Settings\alex\Application Data\vlc 2009-10-19 14:49:33 ----D---- C:\Program Files\Combined Community Codec Pack 2009-10-19 14:39:52 ----D---- C:\Documents and Settings\alex\Application Data\Media Player Classic 2009-10-19 14:36:35 ----A---- C:\WINDOWS\system32\rmoc3260.dll 2009-10-19 14:36:27 ----A---- C:\WINDOWS\system32\pndx5032.dll 2009-10-19 14:36:27 ----A---- C:\WINDOWS\system32\pndx5016.dll 2009-10-19 14:36:26 ----D---- C:\Program Files\Fichiers communs\xing shared 2009-10-19 14:36:13 ----D---- C:\Program Files\Real 2009-10-19 14:36:13 ----A---- C:\WINDOWS\system32\pncrt.dll 2009-10-19 14:36:12 ----D---- C:\Program Files\Fichiers communs\Real 2009-10-19 14:36:11 ----D---- C:\Documents and Settings\All Users\Application Data\Real 2009-10-19 14:36:10 ----D---- C:\Documents and Settings\alex\Application Data\Real 2009-10-19 14:32:28 ----D---- C:\Documents and Settings\alex\Application Data\dvdcss 2009-10-19 13:26:42 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$ 2009-10-19 13:26:18 ----N---- C:\WINDOWS\system32\spmsg.dll 2009-10-19 13:26:13 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$ 2009-10-17 18:16:01 ----D---- C:\Documents and Settings\alex\Application Data\BitTorrent 2009-10-17 18:10:45 ----D---- C:\Program Files\BitTorrent 2009-10-17 16:28:11 ----D---- C:\Program Files\Ask.com 2009-10-17 16:27:58 ----D---- C:\Program Files\Ask & Record Toolbar 2009-10-17 16:00:26 ----D---- C:\Documents and Settings\alex\Application Data\Mozilla 2009-10-17 16:00:10 ----D---- C:\Program Files\Mozilla Firefox 2009-10-17 13:02:04 ----D---- C:\WINDOWS\system32\Adobe 2009-10-17 13:01:20 ----D---- C:\Documents and Settings\alex\Application Data\Google 2009-10-17 12:58:43 ----D---- C:\Program Files\Google 2009-10-17 12:58:43 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2009-10-17 12:47:39 ----D---- C:\WINDOWS\Ask & Record Toolbar 2009-10-17 12:47:06 ----A---- C:\Ask & Record Toolbar Setup Log.txt 2009-10-17 11:20:21 ----D---- C:\WINDOWS\ie8updates 2009-10-17 11:19:57 ----D---- C:\WINDOWS\WBEM 2009-10-17 11:19:06 ----D---- C:\WINDOWS\system32\fr-FR 2009-10-17 11:18:09 ----A---- C:\WINDOWS\system32\MRT.exe 2009-10-17 05:53:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-10-17 05:53:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-10-17 05:53:25 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$ 2009-10-17 05:53:19 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2009-10-17 05:53:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-10-17 05:53:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$ 2009-10-17 05:52:45 ----HDC---- C:\WINDOWS\$NtUninstallKB974455$ 2009-10-17 05:52:39 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$ 2009-10-17 05:52:35 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2009-10-17 05:52:27 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2009-10-17 05:52:22 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$ 2009-10-17 05:52:18 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-10-17 05:52:14 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$ 2009-10-17 05:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$ 2009-10-17 05:52:06 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2009-10-17 05:51:57 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$ 2009-10-17 05:51:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$ 2009-10-17 05:51:46 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$ 2009-10-17 02:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$ 2009-10-17 02:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$ 2009-10-17 02:05:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2009-10-17 02:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$ 2009-10-17 02:05:10 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2009-10-17 02:04:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9L$ 2009-10-17 02:04:52 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$ 2009-10-17 02:04:44 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2009-10-17 02:04:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$ 2009-10-17 02:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-10-17 02:04:29 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-10-17 02:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-10-17 02:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-10-17 02:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$ 2009-10-17 02:04:06 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-10-17 02:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-10-17 02:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-10-17 02:03:41 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$ 2009-10-17 02:03:36 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$ 2009-10-17 02:03:23 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$ 2009-10-17 02:03:09 ----D---- C:\WINDOWS\ServicePackFiles 2009-10-17 02:03:06 ----HDC---- C:\WINDOWS\$NtUninstallKB958470$ 2009-10-17 02:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$ 2009-10-17 02:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$ 2009-10-17 02:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$ 2009-10-17 02:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$ 2009-10-17 02:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-10-17 02:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-10-17 02:02:06 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-10-17 02:02:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$ 2009-10-17 02:01:56 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$ 2009-10-17 02:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$ 2009-10-17 02:01:13 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$ 2009-10-17 02:01:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ 2009-10-17 02:00:39 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$ 2009-10-16 22:43:38 ----D---- C:\Program Files\Guitar Pro 5 2009-10-16 19:59:13 ----N---- C:\WINDOWS\system32\tzchange.exe 2009-10-16 11:58:42 ----A---- C:\WINDOWS\system32\WooDial2000.dll 2009-10-16 11:58:35 ----D---- C:\WINDOWS\system32\AlertModule 2009-10-16 11:56:43 ----D---- C:\Program Files\Wanadoo 2009-10-16 11:19:06 ----A---- C:\WINDOWS\system32\Autodial2000.dll 2009-10-16 11:18:52 ----D---- C:\Program Files\OrangeHSS 2009-10-16 11:18:23 ----D---- C:\Program Files\Fichiers communs\France Telecom 2009-10-15 21:39:37 ----D---- C:\Documents and Settings\alex\Application Data\Audacity 2009-10-15 21:39:04 ----D---- C:\Documents and Settings\alex\Application Data\Mumble 2009-10-15 20:58:24 ----D---- C:\Documents and Settings\alex\Application Data\teamspeak2 2009-10-15 20:58:02 ----D---- C:\Program Files\Teamspeak2_RC2 2009-10-15 20:53:51 ----D---- C:\Program Files\Mumble 2009-10-15 19:25:00 ----N---- C:\WINDOWS\system32\pxsfs.dll 2009-10-15 19:25:00 ----N---- C:\WINDOWS\system32\pxinsa64.exe 2009-10-15 19:25:00 ----N---- C:\WINDOWS\system32\pxhpinst.exe 2009-10-15 19:25:00 ----N---- C:\WINDOWS\system32\pxcpya64.exe 2009-10-15 19:25:00 ----N---- C:\WINDOWS\system32\pxafs.dll 2009-10-15 19:24:59 ----N---- C:\WINDOWS\system32\vxblock.dll 2009-10-15 19:24:59 ----N---- C:\WINDOWS\system32\pxwave.dll 2009-10-15 19:24:59 ----N---- C:\WINDOWS\system32\pxmas.dll 2009-10-15 19:24:59 ----N---- C:\WINDOWS\system32\pxdrv.dll 2009-10-15 19:24:59 ----N---- C:\WINDOWS\system32\px.dll 2009-10-15 19:24:57 ----D---- C:\Program Files\Winamp 2009-10-15 19:24:57 ----D---- C:\Documents and Settings\alex\Application Data\Winamp 2009-10-15 14:27:26 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2009-10-15 14:27:17 ----D---- C:\Program Files\Fichiers communs\Adobe 2009-10-15 14:27:17 ----D---- C:\Program Files\Adobe 2009-10-15 05:38:01 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$ 2009-10-15 05:37:43 ----D---- C:\WINDOWS\system32\PreInstall 2009-10-15 05:37:41 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$ 2009-10-15 05:37:41 ----HD---- C:\WINDOWS\$hf_mig$ 2009-10-14 21:42:17 ----D---- C:\Documents and Settings\All Users\Application Data\Last.fm 2009-10-14 21:41:48 ----D---- C:\Program Files\Last.fm 2009-10-14 21:41:07 ----A---- C:\WINDOWS\system32\lame_enc.dll 2009-10-14 21:26:25 ----D---- C:\Program Files\CCleaner 2009-10-14 21:16:01 ----D---- C:\WINDOWS\Prefetch 2009-10-14 21:11:17 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest 2009-10-14 21:03:55 ----A---- C:\WINDOWS\system32\spxcoins.dll 2009-10-14 21:03:55 ----A---- C:\WINDOWS\system32\irclass.dll 2009-10-14 20:09:46 ----D---- C:\Documents and Settings\alex\Application Data\Search Settings 2009-10-14 20:09:45 ----D---- C:\Documents and Settings\alex\Application Data\pdfforge 2009-10-14 19:30:12 ----D---- C:\Program Files\Fichiers communs\speechengines 2009-10-14 19:26:28 ----D---- C:\found.000 2009-10-14 16:14:21 ----D---- C:\$AVG8.VAULT$ 2009-10-14 16:01:35 ----D---- C:\Program Files\AVG 2009-10-14 16:01:34 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2009-10-14 15:41:07 ----D---- C:\Documents and Settings\alex\Application Data\OpenOffice.org2 2009-10-14 15:09:05 ----D---- C:\Documents and Settings\alex\Application Data\WinRAR 2009-10-14 14:58:31 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode) 2009-10-14 14:57:26 ----D---- C:\Program Files\Free Audio Pack 2009-10-14 13:46:45 ----D---- C:\Program Files\Opera 2009-10-14 13:32:22 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-10-14 12:24:39 ----D---- C:\WINDOWS\Minidump 2009-10-14 12:20:46 ----A---- C:\WINDOWS\system32\ChCfg.exe 2009-10-14 12:20:00 ----A---- C:\WINDOWS\system32\ksuser.dll 2009-10-14 12:19:45 ----D---- C:\Program Files\Realtek AC97 2009-10-14 12:19:43 ----A---- C:\WINDOWS\system32\RtlCPAPI.dll 2009-10-14 12:19:43 ----A---- C:\WINDOWS\soundman.exe 2009-10-14 12:19:42 ----D---- C:\Program Files\VIA 2009-10-14 12:19:42 ----A---- C:\WINDOWS\system32\difxapi.dll 2009-10-14 12:19:42 ----A---- C:\WINDOWS\alcupd.exe 2009-10-14 12:19:42 ----A---- C:\WINDOWS\Alcrmv.exe 2009-10-14 12:15:15 ----D---- C:\Program Files\Windows Media Connect 2 2009-10-14 12:15:07 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$ 2009-10-14 12:14:39 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$ 2009-10-14 12:14:13 ----D---- C:\WINDOWS\system32\LogFiles 2009-10-14 12:14:08 ----A---- C:\WINDOWS\system32\spupdsvc.exe 2009-10-14 12:13:41 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2009-10-14 12:12:12 ----D---- C:\Program Files\VideoLAN 2009-10-14 12:03:02 ----D---- C:\Program Files\WinRAR 2009-10-14 12:00:42 ----D---- C:\Documents and Settings\alex\Application Data\Macromedia 2009-10-14 12:00:42 ----D---- C:\Documents and Settings\alex\Application Data\Adobe 2009-10-14 11:45:03 ----D---- C:\Documents and Settings\alex\Application Data\Opera 2009-10-13 23:38:01 ----A---- C:\WINDOWS\system32\h323log.txt 2009-10-13 23:34:38 ----A---- C:\WINDOWS\system32\nv4_disp.dll 2009-10-13 23:33:07 ----SHD---- C:\WINDOWS\Installer 2009-10-13 23:33:07 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-10-13 23:33:06 ----D---- C:\Program Files\Fichiers communs\ODBC 2009-10-13 23:33:06 ----A---- C:\WINDOWS\ODBCINST.INI 2009-10-13 23:33:04 ----RD---- C:\Program Files 2009-10-13 23:33:04 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-10-13 23:33:04 ----D---- C:\Program Files\Fichiers communs 2009-10-13 23:32:52 ----A---- C:\WINDOWS\system32\EqnClass.Dll 2009-10-13 23:32:52 ----A---- C:\WINDOWS\system32\dgrpsetu.dll 2009-10-13 23:32:48 ----A---- C:\WINDOWS\system32\storprop.dll 2009-10-13 23:32:41 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini 2009-10-13 23:32:29 ----D---- C:\WINDOWS\system32\CatRoot2 2009-10-13 23:32:29 ----D---- C:\WINDOWS\system32\CatRoot 2009-10-13 23:32:24 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-10-13 23:31:43 ----D---- C:\Documents and Settings 2009-10-13 23:31:42 ----SHD---- C:\System Volume Information 2009-10-13 23:30:52 ----SH---- C:\boot.ini 2009-10-13 23:25:17 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-10-13 23:25:17 ----RSD---- C:\WINDOWS\Fonts 2009-10-13 23:25:17 ----RD---- C:\WINDOWS\Web 2009-10-13 23:25:17 ----HD---- C:\WINDOWS\inf 2009-10-13 23:25:17 ----D---- C:\WINDOWS\WinSxS 2009-10-13 23:25:17 ----D---- C:\WINDOWS\twain_32 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\wins 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\wbem 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\usmt 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\spool 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\ShellExt 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\Setup 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\ras 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\oobe 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\npp 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\mui 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\inetsrv 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\IME 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\icsxml 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\ias 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\export 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\drivers 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\dhcp 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\config 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\3com_dmi 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\3076 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\2052 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\1054 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\1042 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\1041 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\1037 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\1036 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\1033 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\1031 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\1028 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32\1025 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system32 2009-10-13 23:25:17 ----D---- C:\WINDOWS\system 2009-10-13 23:25:17 ----D---- C:\WINDOWS\security 2009-10-13 23:25:17 ----D---- C:\WINDOWS\Resources 2009-10-13 23:25:17 ----D---- C:\WINDOWS\repair 2009-10-13 23:25:17 ----D---- C:\WINDOWS\Provisioning 2009-10-13 23:25:17 ----D---- C:\WINDOWS\PeerNet 2009-10-13 23:25:17 ----D---- C:\WINDOWS\pchealth 2009-10-13 23:25:17 ----D---- C:\WINDOWS\mui 2009-10-13 23:25:17 ----D---- C:\WINDOWS\msapps 2009-10-13 23:25:17 ----D---- C:\WINDOWS\msagent 2009-10-13 23:25:17 ----D---- C:\WINDOWS\Media 2009-10-13 23:25:17 ----D---- C:\WINDOWS\java 2009-10-13 23:25:17 ----D---- C:\WINDOWS\ime 2009-10-13 23:25:17 ----D---- C:\WINDOWS\Help 2009-10-13 23:25:17 ----D---- C:\WINDOWS\Driver Cache 2009-10-13 23:25:17 ----D---- C:\WINDOWS\Debug 2009-10-13 23:25:17 ----D---- C:\WINDOWS\Cursors 2009-10-13 23:25:17 ----D---- C:\WINDOWS\Connection Wizard 2009-10-13 23:25:17 ----D---- C:\WINDOWS\Config 2009-10-13 23:25:17 ----D---- C:\WINDOWS\AppPatch 2009-10-13 23:25:17 ----D---- C:\WINDOWS\addins 2009-10-13 23:25:17 ----D---- C:\WINDOWS 2009-10-13 22:47:17 ----A---- C:\WINDOWS\system32\WMAFile.dll 2009-10-13 22:47:17 ----A---- C:\WINDOWS\system32\VB6STKIT.DLL 2009-10-13 22:47:17 ----A---- C:\WINDOWS\system32\TABCTFR.DLL 2009-10-13 22:47:17 ----A---- C:\WINDOWS\system32\inetfr.DLL 2009-10-13 22:47:17 ----A---- C:\WINDOWS\system32\CMDLGFR.DLL 2009-10-13 22:47:17 ----A---- C:\WINDOWS\system32\AudPlayer.dll 2009-10-13 22:47:17 ----A---- C:\WINDOWS\system32\AudioVisu.dll 2009-10-13 22:47:17 ----A---- C:\WINDOWS\system32\AudioRecord.dll 2009-10-13 22:47:17 ----A---- C:\WINDOWS\system32\AudioInfos.dll 2009-10-13 22:47:17 ----A---- C:\WINDOWS\system32\AudFile.dll 2009-10-13 22:47:17 ----A---- C:\WINDOWS\system32\AudDisplay.dll 2009-10-13 22:47:17 ----A---- C:\WINDOWS\system32\AudDesign.dll 2009-10-13 22:47:16 ----A---- C:\WINDOWS\system32\msvcr70.dll 2009-10-13 22:36:31 ----D---- C:\Documents and Settings\alex\Application Data\EoRezo 2009-10-13 22:36:28 ----A---- C:\WINDOWS\system32\wmpns.dll 2009-10-13 22:36:27 ----D---- C:\Documents and Settings\alex\Application Data\Identities 2009-10-13 22:36:22 ----SD---- C:\Documents and Settings\alex\Application Data\Microsoft 2009-10-13 22:36:22 ----ASH---- C:\Documents and Settings\alex\Application Data\desktop.ini 2009-10-13 22:31:02 ----D---- C:\Program Files\pdfforge Toolbar 2009-10-13 22:30:50 ----A---- C:\WINDOWS\system32\pdfcmnnt.dll 2009-10-13 22:30:47 ----D---- C:\Program Files\PDFCreator 2009-10-13 22:30:47 ----A---- C:\WINDOWS\system32\VB6FR.DLL 2009-10-13 22:30:47 ----A---- C:\WINDOWS\system32\MSMPIDE.DLL 2009-10-13 22:30:47 ----A---- C:\WINDOWS\system32\MSCMCFR.DLL 2009-10-13 22:30:47 ----A---- C:\WINDOWS\system32\MSCC2FR.DLL 2009-10-13 22:18:42 ----A---- C:\WINDOWS\system32\wpa.bak 2009-10-13 22:15:28 ----D---- C:\Program Files\OpenOffice.org 2.4 2009-10-13 22:15:03 ----D---- C:\Program Files\Fichiers communs\Java 2009-10-13 22:07:45 ----D---- C:\Documents and Settings\All Users\Application Data\UDL 2009-10-13 22:07:00 ----HD---- C:\Program Files\InstallShield Installation Information 2009-10-13 22:06:56 ----D---- C:\Program Files\Fichiers communs\InstallShield 2009-10-13 22:05:14 ----A---- C:\WINDOWS\system32\PICSDK2.dll 2009-10-13 22:05:14 ----A---- C:\WINDOWS\system32\PICSDK.ini 2009-10-13 22:05:14 ----A---- C:\WINDOWS\system32\PICSDK.dll 2009-10-13 22:05:14 ----A---- C:\WINDOWS\system32\PICEntry.dll 2009-10-13 22:05:14 ----A---- C:\WINDOWS\system32\EpPicPrt.dll 2009-10-13 22:05:14 ----A---- C:\WINDOWS\system32\EPPicMgr.dll 2009-10-13 22:04:49 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON 2009-10-13 22:04:47 ----A---- C:\WINDOWS\system32\E_FLBCAE.DLL 2009-10-13 22:04:47 ----A---- C:\WINDOWS\system32\E_FD4BCAE.DLL 2009-10-13 22:04:47 ----A---- C:\WINDOWS\system32\E_DCINST.DLL 2009-10-13 22:03:18 ----D---- C:\Program Files\epson 2009-10-13 22:03:09 ----A---- C:\WINDOWS\CDE DX4400DEFGIPS.ini 2009-10-13 22:01:52 ----A---- C:\WINDOWS\system32\eswiaml.dll 2009-10-13 22:01:52 ----A---- C:\WINDOWS\system32\eswia7e.dll 2009-10-13 22:01:52 ----A---- C:\WINDOWS\system32\esint7e.dll 2009-10-13 21:59:17 ----SHD---- C:\RECYCLER 2009-10-13 21:52:57 ----D---- C:\Program Files\Securitoo 2009-10-13 21:52:29 ----A---- C:\WINDOWS\system32\w32n50.dll 2009-10-13 21:51:52 ----N---- C:\WINDOWS\system32\MFC71.dll 2009-10-13 21:51:52 ----N---- C:\WINDOWS\system32\atl71.dll 2009-10-13 21:51:52 ----A---- C:\WINDOWS\system32\msvcr71.dll 2009-10-13 21:51:52 ----A---- C:\WINDOWS\system32\msvcp71.dll 2009-10-13 21:48:15 ----HD---- C:\Program Files\Uninstall Information 2009-10-13 21:47:41 ----D---- C:\WINDOWS\system32\SoftwareDistribution 2009-10-13 21:46:34 ----D---- C:\WINDOWS\SoftwareDistribution 2009-10-13 21:46:25 ----SD---- C:\WINDOWS\system32\Microsoft 2009-10-13 21:43:46 ----D---- C:\WINDOWS\system32\xircom 2009-10-13 21:43:46 ----D---- C:\Program Files\xerox 2009-10-13 21:43:46 ----D---- C:\Program Files\microsoft frontpage 2009-10-13 21:43:38 ----A---- C:\WINDOWS\control.ini 2009-10-13 21:43:38 ----A---- C:\AUTOEXEC.BAT 2009-10-13 21:43:21 ----A---- C:\WINDOWS\system32\mapi32.dll 2009-10-13 21:42:25 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-10-13 21:42:25 ----RD---- C:\WINDOWS\Offline Web Pages 2009-10-13 21:42:20 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest 2009-10-13 21:42:16 ----HD---- C:\Program Files\WindowsUpdate 2009-10-13 21:42:13 ----D---- C:\Program Files\Services en ligne 2009-10-13 21:41:59 ----D---- C:\WINDOWS\system32\DirectX 2009-10-13 21:41:42 ----A---- C:\WINDOWS\system32\atrace.dll 2009-10-13 21:41:39 ----A---- C:\WINDOWS\system32\desktop.ini 2009-10-13 21:41:39 ----A---- C:\WINDOWS\desktop.ini 2009-10-13 21:41:34 ----A---- C:\WINDOWS\system32\nmevtmsg.dll 2009-10-13 21:41:32 ----D---- C:\Program Files\Fichiers communs\Services 2009-10-13 21:41:32 ----A---- C:\WINDOWS\system32\acctres.dll 2009-10-13 21:41:30 ----SD---- C:\WINDOWS\Tasks 2009-10-13 21:41:30 ----A---- C:\WINDOWS\system32\icfgnt5.dll 2009-10-13 21:41:29 ----D---- C:\Program Files\Fichiers communs\MSSoap 2009-10-13 21:41:26 ----D---- C:\WINDOWS\srchasst 2009-10-13 21:41:25 ----D---- C:\WINDOWS\system32\Macromed 2009-10-13 21:41:23 ----A---- C:\WINDOWS\system32\wuweb.dll 2009-10-13 21:41:23 ----A---- C:\WINDOWS\system32\wucltui.dll 2009-10-13 21:41:22 ----A---- C:\WINDOWS\system32\wups.dll 2009-10-13 21:41:22 ----A---- C:\WINDOWS\system32\wuauserv.dll 2009-10-13 21:41:22 ----A---- C:\WINDOWS\system32\wuaueng1.dll 2009-10-13 21:41:22 ----A---- C:\WINDOWS\system32\wuaueng.dll 2009-10-13 21:41:22 ----A---- C:\WINDOWS\system32\wuauclt1.exe 2009-10-13 21:41:22 ----A---- C:\WINDOWS\system32\wuauclt.exe 2009-10-13 21:41:22 ----A---- C:\WINDOWS\system32\wuapi.dll 2009-10-13 21:41:22 ----A---- C:\WINDOWS\system32\bitsprx3.dll 2009-10-13 21:41:22 ----A---- C:\WINDOWS\system32\bitsprx2.dll 2009-10-13 21:41:21 ----N---- C:\WINDOWS\system32\qmgr.dll 2009-10-13 21:41:21 ----A---- C:\WINDOWS\system32\qmgrprxy.dll 2009-10-13 21:41:18 ----D---- C:\Program Files\Movie Maker 2009-10-13 21:41:15 ----A---- C:\WINDOWS\system32\safrslv.dll 2009-10-13 21:41:15 ----A---- C:\WINDOWS\system32\safrdm.dll 2009-10-13 21:41:15 ----A---- C:\WINDOWS\system32\safrcdlg.dll 2009-10-13 21:41:15 ----A---- C:\WINDOWS\system32\racpldlg.dll 2009-10-13 21:41:12 ----D---- C:\WINDOWS\system32\Restore 2009-10-13 21:41:12 ----A---- C:\WINDOWS\system32\srrstr.dll 2009-10-13 21:41:12 ----A---- C:\WINDOWS\system32\fltMc.exe 2009-10-13 21:41:12 ----A---- C:\WINDOWS\system32\fltlib.dll 2009-10-13 21:41:11 ----N---- C:\WINDOWS\system32\srsvc.dll 2009-10-13 21:41:11 ----A---- C:\WINDOWS\system32\srclient.dll 2009-10-13 21:41:11 ----A---- C:\WINDOWS\system32\mnmdd.dll 2009-10-13 21:41:11 ----A---- C:\WINDOWS\system32\isrdbg32.dll 2009-10-13 21:41:11 ----A---- C:\WINDOWS\system32\ils.dll 2009-10-13 21:41:10 ----A---- C:\WINDOWS\system32\nmmkcert.dll 2009-10-13 21:41:10 ----A---- C:\WINDOWS\system32\msconf.dll 2009-10-13 21:41:10 ----A---- C:\WINDOWS\system32\mnmsrvc.exe 2009-10-13 21:41:08 ----D---- C:\Program Files\NetMeeting 2009-10-13 21:41:08 ----A---- C:\WINDOWS\system32\msoert2.dll 2009-10-13 21:41:08 ----A---- C:\WINDOWS\system32\msoeacct.dll 2009-10-13 21:41:07 ----A---- C:\WINDOWS\system32\inetres.dll 2009-10-13 21:41:07 ----A---- C:\WINDOWS\system32\inetcomm.dll 2009-10-13 21:41:05 ----N---- C:\WINDOWS\system32\schedsvc.dll 2009-10-13 21:41:05 ----D---- C:\Program Files\Outlook Express 2009-10-13 21:41:05 ----A---- C:\WINDOWS\system32\mstinit.exe 2009-10-13 21:41:05 ----A---- C:\WINDOWS\system32\mstask.dll 2009-10-13 21:41:05 ----A---- C:\WINDOWS\system32\isign32.dll 2009-10-13 21:41:05 ----A---- C:\WINDOWS\system32\inetcfg.dll 2009-10-13 21:41:05 ----A---- C:\WINDOWS\system32\icwphbk.dll 2009-10-13 21:41:05 ----A---- C:\WINDOWS\system32\icwdial.dll 2009-10-13 21:41:00 ----D---- C:\Program Files\Fichiers communs\System 2009-10-13 21:40:55 ----D---- C:\Program Files\Internet Explorer 2009-10-13 21:40:46 ----D---- C:\Program Files\ComPlus Applications 2009-10-13 21:40:44 ----A---- C:\WINDOWS\vbaddin.ini 2009-10-13 21:40:44 ----A---- C:\WINDOWS\vb.ini 2009-10-13 21:40:40 ----D---- C:\WINDOWS\Registration 2009-10-13 21:40:13 ----D---- C:\Program Files\Windows Media Player 2009-10-13 21:40:13 ----D---- C:\Program Files\Online Services 2009-10-13 21:40:09 ----D---- C:\Program Files\Messenger 2009-10-13 21:40:06 ----D---- C:\Program Files\MSN Gaming Zone 2009-10-13 21:40:06 ----A---- C:\WINDOWS\system32\write.exe 2009-10-13 21:39:58 ----A---- C:\WINDOWS\system32\winchat.exe 2009-10-13 21:39:58 ----A---- C:\WINDOWS\system32\sndvol32.exe 2009-10-13 21:39:58 ----A---- C:\WINDOWS\system32\hticons.dll 2009-10-13 21:39:58 ----A---- C:\WINDOWS\system32\avwav.dll 2009-10-13 21:39:58 ----A---- C:\WINDOWS\system32\avtapi.dll 2009-10-13 21:39:58 ----A---- C:\WINDOWS\system32\avmeter.dll 2009-10-13 21:39:52 ----A---- C:\WINDOWS\system32\getuname.dll 2009-10-13 21:39:52 ----A---- C:\WINDOWS\system32\charmap.exe 2009-10-13 21:39:51 ----A---- C:\WINDOWS\system32\winmine.exe 2009-10-13 21:39:51 ----A---- C:\WINDOWS\system32\sol.exe 2009-10-13 21:39:51 ----A---- C:\WINDOWS\system32\mshearts.exe 2009-10-13 21:39:51 ----A---- C:\WINDOWS\system32\freecell.exe 2009-10-13 21:39:51 ----A---- C:\WINDOWS\system32\calc.exe 2009-10-13 21:39:50 ----A---- C:\WINDOWS\system32\usrlogon.cmd 2009-10-13 21:39:50 ----A---- C:\WINDOWS\system32\tsshutdn.exe 2009-10-13 21:39:50 ----A---- C:\WINDOWS\system32\tslabels.ini 2009-10-13 21:39:50 ----A---- C:\WINDOWS\system32\tskill.exe 2009-10-13 21:39:50 ----A---- C:\WINDOWS\system32\tsdiscon.exe 2009-10-13 21:39:50 ----A---- C:\WINDOWS\system32\tscon.exe 2009-10-13 21:39:50 ----A---- C:\WINDOWS\system32\shadow.exe 2009-10-13 21:39:50 ----A---- C:\WINDOWS\system32\rwinsta.exe 2009-10-13 21:39:50 ----A---- C:\WINDOWS\system32\reset.exe 2009-10-13 21:39:50 ----A---- C:\WINDOWS\system32\regini.exe 2009-10-13 21:39:50 ----A---- C:\WINDOWS\system32\rdpcfgex.dll 2009-10-13 21:39:50 ----A---- C:\WINDOWS\system32\qwinsta.exe 2009-10-13 21:39:50 ----A---- C:\WINDOWS\system32\qappsrv.exe 2009-10-13 21:39:50 ----A---- C:\WINDOWS\system32\msg.exe 2009-10-13 21:39:49 ----A---- C:\WINDOWS\system32\msdtcprf.ini 2009-10-13 21:39:49 ----A---- C:\WINDOWS\system32\logoff.exe 2009-10-13 21:39:49 ----A---- C:\WINDOWS\system32\dcomcnfg.exe 2009-10-13 21:39:49 ----A---- C:\WINDOWS\system32\cdmodem.dll 2009-10-13 21:39:48 ----A---- C:\WINDOWS\system32\stclient.dll 2009-10-13 21:39:48 ----A---- C:\WINDOWS\system32\mtxlegih.dll 2009-10-13 21:39:48 ----A---- C:\WINDOWS\system32\mtxex.dll 2009-10-13 21:39:48 ----A---- C:\WINDOWS\system32\mtxdm.dll 2009-10-13 21:39:48 ----A---- C:\WINDOWS\system32\comsnap.dll 2009-10-13 21:39:48 ----A---- C:\WINDOWS\system32\comrepl.dll 2009-10-13 21:39:48 ----A---- C:\WINDOWS\system32\comaddin.dll 2009-10-13 21:39:44 ----A---- C:\WINDOWS\system32\wmimgmt.msc 2009-10-13 21:39:37 ----D---- C:\Program Files\MSN 2009-10-13 21:39:36 ----A---- C:\WINDOWS\system32\sndrec32.exe 2009-10-13 21:39:36 ----A---- C:\WINDOWS\system32\mplay32.exe 2009-10-13 21:39:36 ----A---- C:\WINDOWS\system32\hypertrm.dll 2009-10-13 21:39:36 ----A---- C:\WINDOWS\system32\accwiz.exe 2009-10-13 21:39:35 ----D---- C:\Program Files\Windows NT 2009-10-13 21:39:35 ----A---- C:\WINDOWS\system32\spider.exe 2009-10-13 21:39:35 ----A---- C:\WINDOWS\system32\mspaint.exe 2009-10-13 21:39:35 ----A---- C:\WINDOWS\system32\clipbrd.exe 2009-10-13 21:39:34 ----A---- C:\WINDOWS\system32\tscfgwmi.dll 2009-10-13 21:39:34 ----A---- C:\WINDOWS\system32\sessmgr.exe 2009-10-13 21:39:34 ----A---- C:\WINDOWS\system32\remotepg.dll 2009-10-13 21:39:34 ----A---- C:\WINDOWS\system32\rdshost.exe 2009-10-13 21:39:34 ----A---- C:\WINDOWS\system32\rdsaddin.exe 2009-10-13 21:39:34 ----A---- C:\WINDOWS\system32\mstscax.dll 2009-10-13 21:39:34 ----A---- C:\WINDOWS\system32\mstsc.exe 2009-10-13 21:39:33 ----N---- C:\WINDOWS\system32\termsrv.dll 2009-10-13 21:39:33 ----A---- C:\WINDOWS\system32\tscupgrd.exe 2009-10-13 21:39:33 ----A---- C:\WINDOWS\system32\rdpwsx.dll 2009-10-13 21:39:33 ----A---- C:\WINDOWS\system32\rdpsnd.dll 2009-10-13 21:39:33 ----A---- C:\WINDOWS\system32\rdpclip.exe 2009-10-13 21:39:33 ----A---- C:\WINDOWS\system32\rdchost.dll 2009-10-13 21:39:33 ----A---- C:\WINDOWS\system32\qprocess.exe 2009-10-13 21:39:33 ----A---- C:\WINDOWS\system32\icaapi.dll 2009-10-13 21:39:33 ----A---- C:\WINDOWS\system32\cfgbkend.dll 2009-10-13 21:39:32 ----D---- C:\WINDOWS\system32\MsDtc 2009-10-13 21:39:32 ----A---- C:\WINDOWS\system32\xolehlp.dll 2009-10-13 21:39:32 ----A---- C:\WINDOWS\system32\mtxoci.dll 2009-10-13 21:39:32 ----A---- C:\WINDOWS\system32\msdtcuiu.dll 2009-10-13 21:39:32 ----A---- C:\WINDOWS\system32\msdtctm.dll 2009-10-13 21:39:32 ----A---- C:\WINDOWS\system32\msdtcprx.dll 2009-10-13 21:39:32 ----A---- C:\WINDOWS\system32\msdtclog.dll 2009-10-13 21:39:32 ----A---- C:\WINDOWS\system32\msdtc.exe 2009-10-13 21:39:31 ----D---- C:\WINDOWS\system32\Com 2009-10-13 21:39:31 ----A---- C:\WINDOWS\system32\colbact.dll 2009-10-13 21:39:31 ----A---- C:\WINDOWS\system32\clbcatex.dll 2009-10-13 21:39:31 ----A---- C:\WINDOWS\system32\catsrvut.dll 2009-10-13 21:39:31 ----A---- C:\WINDOWS\system32\catsrvps.dll 2009-10-13 21:39:31 ----A---- C:\WINDOWS\system32\catsrv.dll 2009-10-13 21:39:30 ----A---- C:\WINDOWS\system32\comuid.dll 2009-10-13 21:39:30 ----A---- C:\WINDOWS\system32\comsvcs.dll 2009-10-13 21:39:30 ----A---- C:\WINDOWS\system32\clbcatq.dll 2009-10-13 21:39:26 ----A---- C:\WINDOWS\system32\servdeps.dll 2009-10-13 21:39:26 ----A---- C:\WINDOWS\system32\mmfutil.dll 2009-10-13 21:39:26 ----A---- C:\WINDOWS\system32\licwmi.dll 2009-10-13 21:39:25 ----A---- C:\WINDOWS\system32\cmprops.dll ======List of files/folders modified in the last 1 months====== 2009-11-02 16:09:08 ----A---- C:\WINDOWS\system.ini 2009-11-02 15:49:29 ----A---- C:\WINDOWS\win.ini 2009-10-22 10:17:28 ----A---- C:\WINDOWS\system32\mshtml.dll ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-05 14848] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-11-06 28520] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-11-06 55656] R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-05 9600] R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-05 31616] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-05 26624] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-05 57600] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-05 20480] R3 VIAudio;Vinyl AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\vinyl97.sys [2007-06-27 207488] S1 zdixyvrbvnbbx1;zdixyvrbvnbbx1; C:\WINDOWS\system32\drivers\zdixyvrbvnbbx1.sys [] S1 zmvvbren7;zmvvbren7; C:\WINDOWS\system32\drivers\zmvvbren7.sys [] S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368] S3 catchme;catchme; \??\C:\DOCUME~1\alex\LOCALS~1\Temp\catchme.sys [] S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216] S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320] S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288] S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-09-28 7168] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 26496] S3 utiyodg2;AVZ Kernel Driver; \??\C:\WINDOWS\system32\Drivers\utiyodg2.sys [] S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688] S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys [] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-11-06 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-11-06 185089] R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336] S2 BtwSrv;BtwSrv; C:\WINDOWS\system32\svchost.exe [2004-08-05 14336] S2 fastnetsrv;fastnetsrv Service; C:\WINDOWS\system32\FastNetSrv.exe [] S2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-12-11 65536] S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-25 153376] S2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2009-09-06 71096] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-10-17 182768] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-06-15 300544] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Je ne comprends pas, ces fichiers se seraient envolés sans que je retouche au pc ? Pourtant, dans le msconfig, je vois bien un processus fastnetsrv mais apparement, il est arrêté. De plus, j'ai remarqué la présence d'un processus nommé BtwSrv(aussi arrêté) et que je n'avais jamais vu (tout comme mscorsvw.exe), ces processus seraient dangereux ? edit : Mon père, sous conseil d'un ami, a défragmenté les disques durs. Selon lui, c'était la seule solution possible...... Alors, est-ce que défragmenter suffirait à détruire ces restes de Virut ? Ca me parait louche. -
Infection par Virut (FastNetSrv.exe etc...) (Résolu)
Mariooo57 a répondu à un(e) sujet de Mariooo57 dans Analyses et éradication malwares
Bonsoir, Voici le log de OTM : All processes killed ========== PROCESSES ========== No active process named lsm32 was found! ========== FILES ========== File/Folder C:\WINDOWS\system32\opeia.exe not found. File/Folder C:\WINDOWS\system32\lsm32.sys not found. File/Folder C:\WINDOWS\system32\msxm192z.dll not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ter8m not found. ========== COMMANDS ========== [EMPTYTEMP] User: alex ->Temp folder emptied: 99816521 bytes ->Temporary Internet Files folder emptied: 13937935 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 50577079 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: klein ->Temp folder emptied: 24184551 bytes ->Temporary Internet Files folder emptied: 15534785 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 13371171 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 4861821 bytes User: NetworkService ->Temp folder emptied: 0 bytes File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes C:\WINDOWS\msdownld.tmp folder deleted successfully. %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 7396352 bytes Windows Temp folder emptied: 33422649 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 250,98 mb OTM by OldTimer - Version 3.0.0.6 log created on 11092009_173804 Files moved on Reboot... Registry entries deleted on Reboot... Et le log de RSIT : info.txt logfile of random's system information tool 1.06 2009-11-09 17:45:42 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001} Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe" Adobe® Photoshop® Album Starter Edition 3.0-->MsiExec.exe /I{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B} Ask & Record Toolbar 4.01 -->"C:\WINDOWS\Ask & Record Toolbar\uninstall.exe" "/U:C:\Program Files\Ask & Record Toolbar\Uninstall\uninstall.xml" Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE} Audacity 1.3.9 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe" Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE BitTorrent-->C:\Program Files\BitTorrent\uninst.exe CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe" Combined Community Codec Pack 2009-09-09-->"C:\Program Files\Combined Community Codec Pack\unins000.exe" Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Correctif pour Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" CX4300_5500_DX4400 Manuel-->C:\Program Files\EPSON\TPMANUAL\CX4300_5500_DX4400\FRA\USE_G\DOCUNINS.EXE EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x40c -UnInstall EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}\SETUP.EXE" -l0x40c UNINST EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x40c -anything Free Mp3 Wma Converter V 1.81-->"C:\Program Files\Free Audio Pack\unins000.exe" Gestionnaire Internet-->C:\PROGRA~1\Wanadoo\uninstall.exe Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E582EA556D8DE101.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} GTA San Andreas-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c -removeonly Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe" HijackThis 2.0.2-->"C:\DOCUME~1\alex\LOCALS~1\Temp\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe" Hotfix for Windows XP (KB943232)-->"C:\WINDOWS\$NtUninstallKB943232$\spuninst\spuninst.exe" Java 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF} Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040} Last.fm 1.5.4.24567-->"C:\Program Files\Last.fm\unins000.exe" Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Logiciel d'archivage WinRAR-->C:\Program Files\WinRAR\uninstall.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWudf01005$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9L$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958470)-->"C:\WINDOWS\$NtUninstallKB958470$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB975364)-->"C:\WINDOWS\ie8updates\KB975364-IE8\spuninst\spuninst.exe" Mise à jour pour Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB925720)-->"C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe" Mozilla Firefox (3.5.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96} Mumble and Murmur-->C:\Program Files\Mumble\Uninstall.exe Nokia Connectivity Cable Driver-->MsiExec.exe /X{11964613-805F-432D-A12B-169554B793E7} Nokia PC Suite-->C:\Documents and Settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Nokia_PC_Suite_6_84_10_3_EA.exe Nokia PC Suite-->MsiExec.exe /I{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72} O&O MediaRecovery-->MsiExec.exe /X{53480870-02D8-48FB-BC27-72C956885168} OpenOffice.org 2.4-->MsiExec.exe /I{1E0FF527-971B-4BBF-83D1-987E8DEE437D} Opera 10.01-->MsiExec.exe /X{4B296228-DF7C-43EA-8DED-76027355B219} Orange - Logiciels Internet-->C:\Program Files\OrangeHSS\installation\core\Installgui.exe -u Package de pilotes Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_044C8712DB44F83D9DE6C376991EE9254E0A69E4\pccswpddriver.inf Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_F12A08B6F776984A95553486F64C541356F86E38\pccs_bluetooth.inf Package de pilotes Windows - Nokia Modem (05/24/2007 6.84.0.1)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_5E1541AFF1E1EA3554CE566743CCAD323ED1C108\nokbtmdm.inf PC Connectivity Solution-->MsiExec.exe /I{99A40651-0BC2-4095-8F9A-A40FAB224FEF} PDFCreator-->C:\Program Files\PDFCreator\unins000.exe pdfforge Toolbar v1.1.1-->MsiExec.exe /X{4EF8BE6A-899C-4196-94E7-297C5F7A203E} RealNetworks - Microsoft Visual C++ 2005 Runtime-->MsiExec.exe /I{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE} RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0 Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly SoftwareUpdate 1.0-->"C:\Documents and Settings\klein\Application Data\eoRezo\SoftwareUpdate\unins000.exe" TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe" Unlocker 1.8.8-->C:\Program Files\Unlocker\uninst.exe Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE} VIA Gestionnaire de périphériques de plate-forme-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} VLC media player 1.0.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe" Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" ======Security center information====== AV: AntiVir Desktop (disabled) ======System event log====== Computer Name: KLEIN-382B81EE9 Event Code: 10 Message: Ce lecteur ne semble pas prendre en charge la lecture audio numérique. Record Number: 1435 Source Name: redbook Time Written: 20091102150756.000000+060 Event Type: Informations User: Computer Name: KLEIN-382B81EE9 Event Code: 10 Message: Ce lecteur ne semble pas prendre en charge la lecture audio numérique. Record Number: 1434 Source Name: redbook Time Written: 20091102150756.000000+060 Event Type: Informations User: Computer Name: KLEIN-382B81EE9 Event Code: 10005 Message: DCOM a reçu l'erreur "%1058" lors de la mise en route du service BITS avec les arguments "" pour démarrer le serveur : {4991D34B-80A1-4291-83B6-3328366B9097} Record Number: 1433 Source Name: DCOM Time Written: 20091102150749.000000+060 Event Type: erreur User: KLEIN-382B81EE9\alex Computer Name: KLEIN-382B81EE9 Event Code: 6005 Message: Le service d'Enregistrement d'événement a démarré. Record Number: 1432 Source Name: EventLog Time Written: 20091102150738.000000+060 Event Type: Informations User: Computer Name: KLEIN-382B81EE9 Event Code: 6009 Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Uniprocessor Free. Record Number: 1431 Source Name: EventLog Time Written: 20091102150738.000000+060 Event Type: Informations User: =====Application event log===== Computer Name: KLEIN-382B81EE9 Event Code: 4113 Message: AntiVir a détecté dans le fichier C:\Program Files\PDFCreator\PDFCreator.exe un code suspect avec la désignation 'TR/Crypt.XPACK.Gen'! Record Number: 5 Source Name: Avira AntiVir Time Written: 20091104144841.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: KLEIN-382B81EE9 Event Code: 0 Message: Record Number: 4 Source Name: ServiceLayer Time Written: 20091104144836.000000+060 Event Type: Informations User: Computer Name: KLEIN-382B81EE9 Event Code: 4113 Message: AntiVir a détecté dans le fichier C:\Program Files\PDFCreator\PDFCreator.exe un code suspect avec la désignation 'TR/Crypt.XPACK.Gen'! Record Number: 3 Source Name: Avira AntiVir Time Written: 20091104144836.000000+060 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: KLEIN-382B81EE9 Event Code: 4096 Message: Le service AntiVir a bien démarré! Record Number: 2 Source Name: Avira AntiVir Time Written: 20091104144813.000000+060 Event Type: Informations User: AUTORITE NT\SYSTEM Computer Name: KLEIN-382B81EE9 Event Code: 1800 Message: Le service Centre de sécurité Windows a démarré. Record Number: 1 Source Name: SecurityCenter Time Written: 20091104144801.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PC Connectivity Solution "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD "PROCESSOR_REVISION"=2c02 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- -
Infection par Virut (FastNetSrv.exe etc...) (Résolu)
Mariooo57 a posté un sujet dans Analyses et éradication malwares
Bonsoir, Il y'a quelques semaines, mon pc a été infecté par le virut reader_s.exe, j'ai réussi à le supprimer en suivant un sujet d'une personne aussi infectée(mais j'ai du formaté le pc pour pouvoir aller sur une session en mode normal). Quelques jours plus tard, j'ai remarqué plusieurs fichiers louches dans le dossier Windows comme FastNetSrv.exe, opeia.exe, lsm32.sys, wmdtc.exe et ils apparaissent tous les 4 comme processus tous les soirs vers minuit et font ralentir le pc. J'ai aussi remarqué : impossibilité de télécharger les logiciels en passant par les sites officiels, que ce soit microsoft ou autre. impossibilité d'installer windows live messenger. impossibilité de passer en 800x600 En cherchant sur internet, j'ai vu que ce FastNetSrv agissait sur la connection internet... J'ai déjà analysé les disques durs à l'aide de Drwebcureit, Malwares bytes, Combo fix mais ils ne semblent pas détecter ces fichiers comme des virus ! J'en viens à votre aide, en espérant refaire fonctionner mon pc comme avant...