Aller au contenu

kintaro37

Membres
  • Compteur de contenus

    9
  • Inscription

  • Dernière visite

kintaro37's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. Salut chrifleur, Lasse par ces alertes repetitives de windows defender alors qu'aucun autre outil ne trouve ce qu'il trouve, je me suis resolu a laisser tomber et desactiver windows defender. J'ai installe antivir qui devrait constituer une bonne base de protection. Je te tiens a te remercier sincerement pour toute ton aide, ca m' a vraiment ete tres utile. Bonne continuation !
  2. Re- Résultats du scan : aucun problème, et donc ça renforce mon impression que windows defender détecte un problème fantôme... ci-dessous le log: Avira AntiVir Personal Report file date: 23 November 2009 21:02 Scanning for 1389289 virus strains and unwanted programs. Licensee : Avira AntiVir Personal - FREE Antivirus Serial number : 0000149996-ADJIE-0000001 Platform : Windows Vista Windows version : (plain) [6.0.6000] Boot mode : Save mode Username : A Computer name : A-PC Version information: BUILD.DAT : 9.0.0.407 17961 Bytes 29/07/2009 10:34:00 AVSCAN.EXE : 9.0.3.7 466689 Bytes 21/07/2009 14:36:14 AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 11:58:24 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 12:35:49 LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 11:58:52 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 20:58:16 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 20:58:19 VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 20:58:19 VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 20:58:19 VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 20:58:19 VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 20:58:19 VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 20:58:19 VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 20:58:19 VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 20:58:19 VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 20:58:19 VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 20:58:19 VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 20:58:19 VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 20:58:19 VBASE013.VDF : 7.10.1.12 2048 Bytes 19/11/2009 20:58:19 VBASE014.VDF : 7.10.1.13 2048 Bytes 19/11/2009 20:58:19 VBASE015.VDF : 7.10.1.14 2048 Bytes 19/11/2009 20:58:19 VBASE016.VDF : 7.10.1.15 2048 Bytes 19/11/2009 20:58:20 VBASE017.VDF : 7.10.1.16 2048 Bytes 19/11/2009 20:58:20 VBASE018.VDF : 7.10.1.17 2048 Bytes 19/11/2009 20:58:20 VBASE019.VDF : 7.10.1.18 2048 Bytes 19/11/2009 20:58:20 VBASE020.VDF : 7.10.1.19 2048 Bytes 19/11/2009 20:58:20 VBASE021.VDF : 7.10.1.20 2048 Bytes 19/11/2009 20:58:20 VBASE022.VDF : 7.10.1.21 2048 Bytes 19/11/2009 20:58:20 VBASE023.VDF : 7.10.1.22 2048 Bytes 19/11/2009 20:58:20 VBASE024.VDF : 7.10.1.23 2048 Bytes 19/11/2009 20:58:20 VBASE025.VDF : 7.10.1.24 2048 Bytes 19/11/2009 20:58:20 VBASE026.VDF : 7.10.1.25 2048 Bytes 19/11/2009 20:58:20 VBASE027.VDF : 7.10.1.26 2048 Bytes 19/11/2009 20:58:20 VBASE028.VDF : 7.10.1.27 2048 Bytes 19/11/2009 20:58:20 VBASE029.VDF : 7.10.1.28 2048 Bytes 19/11/2009 20:58:20 VBASE030.VDF : 7.10.1.29 2048 Bytes 19/11/2009 20:58:20 VBASE031.VDF : 7.10.1.59 157184 Bytes 23/11/2009 20:58:20 Engineversion : 8.2.1.72 AEVDF.DLL : 8.1.1.2 106867 Bytes 23/11/2009 20:58:26 AESCRIPT.DLL : 8.1.2.45 586108 Bytes 23/11/2009 20:58:26 AESCN.DLL : 8.1.2.5 127346 Bytes 23/11/2009 20:58:25 AESBX.DLL : 8.1.1.1 246132 Bytes 23/11/2009 20:58:25 AERDL.DLL : 8.1.3.2 479604 Bytes 23/11/2009 20:58:25 AEPACK.DLL : 8.2.0.3 422261 Bytes 23/11/2009 20:58:24 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23/07/2009 10:59:39 AEHEUR.DLL : 8.1.0.180 2093432 Bytes 23/11/2009 20:58:23 AEHELP.DLL : 8.1.7.4 237943 Bytes 23/11/2009 20:58:21 AEGEN.DLL : 8.1.1.75 364918 Bytes 23/11/2009 20:58:21 AEEMU.DLL : 8.1.1.0 393587 Bytes 23/11/2009 20:58:21 AECORE.DLL : 8.1.8.2 184694 Bytes 23/11/2009 20:58:21 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 15:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 09:47:59 AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 11:32:15 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 15:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 11:32:09 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 16:05:41 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 11:37:08 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 16:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 09:21:33 NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 11:32:10 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 16:39:58 RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 11:19:48 Configuration settings for the scan: Jobname.............................: Complete system scan Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp Logging.............................: low Primary action......................: interactive Secondary action....................: ignore Scan master boot sector.............: on Scan boot sector....................: on Boot sectors........................: C:, D:, Process scan........................: on Scan registry.......................: on Search for rootkits.................: on Integrity checking of system files..: off Scan all files......................: All files Scan archives.......................: on Recursion depth.....................: 20 Smart extensions....................: on Macro heuristic.....................: on File heuristic......................: medium Start of the scan: 23 November 2009 21:02 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 17 processes with 17 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan executable files (registry). The registry was scanned ( '47' files ). Starting the file scan: Begin scan in 'C:\' <OS> C:\pagefile.sys [WARNING] The file could not be opened! [NOTE] This file is a Windows system file. [NOTE] This file cannot be opened for scanning. Begin scan in 'D:\' <RECOVERY> End of the scan: 23 November 2009 21:54 Used time: 51:53 Minute(s) The scan has been done completely. 21893 Scanned directories 401983 Files were scanned 0 Viruses and/or unwanted programs were found 0 Files were classified as suspicious 0 files were deleted 0 Viruses and unwanted programs were repaired 0 Files were moved to quarantine 0 Files were renamed 1 Files cannot be scanned 401982 Files not concerned 2126 Archives were scanned 1 Warnings 1 Notes
  3. Désolé pour ma méprise sur windows defender. Je n'ai pas d'antivirus. J'ai eu Mc Afee lors de mon achat de mon pc mais je n'ai pas renouvelé la license. Ca faisait au moins un an, aucun problème car je fais attention en général. Et puis en installant un crack (je sais, c'est risqué, j'en ai vu les conséquences) depuis à chaque reboot windows defender me donne cette alerte "sévère" backdoor:win32/rbot.gen Je vais installer antivir et je posterai le rapport. En revanche, j'a idéjà fait 2 fois le scan de mon disque avec malwarebytes, il n'a jamais rien trouvé. a moins que tu me dises que c'est vraiment important de le refaire une troisème fois, je peut peut-être sauter cette étape. Merci encore, je poste le log de antivir après reboot + scan mode sans echec.
  4. Salut chrifleur, Merci de ne pas lacher l'affaire, c'est vraiment très sympa. Quelle que soit l'issue de ces tentatives de désinfections, je te suis très reconaissant. Voici les 2 logs de RSIT ci-dessous, et merci encore : LOG.TXT Logfile of random's system information tool 1.06 (written by random/random) Run by A at 2009-11-23 20:41:08 Microsoft® Windows Vista™ Home Premium System drive C: has 31 GB (22%) free of 140 GB Total RAM: 2046 MB (74% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:41:17, on 23/11/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16916) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\sttray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Users\A\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\A\Desktop\RSIT.exe C:\Program Files\trend micro\A.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ie/ig/dell?hl=en&cli...amp;ibd=1080312 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ie/ig/dell?hl=en&cli...amp;ibd=1080312 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (file missing) O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Remote File] C:\Users\A\AppData\Local\Temp\rashost.exe O4 - HKLM\..\Run: [EnableDCOM] N O4 - HKLM\..\Run: [restrictanonymous] O4 - HKLM\..\Run: [restrictanonymoussam] O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunServices: [Remote File] C:\Users\A\AppData\Local\Temp\rashost.exe O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\A\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Remote File] C:\Users\A\AppData\Local\Temp\rashost.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O13 - Gopher Prefix: O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/s...te/certdgi1.cab O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...r/wlscctrl2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8310 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Driver Robot.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2964503660-626179915-801367091-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2964503660-626179915-801367091-1000UA.job C:\Windows\tasks\ParetoLogic Registration.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-03-12 1006264] "ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-25 17920] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-20 815104] "SigmatelSysTrayApp"=C:\Windows\sttray.exe [2007-02-08 303104] "ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920] "dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384] "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064] "ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-01-30 13605408] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-01-30 92704] "NVHotkey"=C:\Windows\system32\nvHotkey.dll [2009-01-30 96800] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-10-03 39792] "Remote File"=C:\Users\A\AppData\Local\Temp\rashost.exe [2008-10-29 1167360] "EnableDCOM"=N [] "restrictanonymous"=1 [] "restrictanonymoussam"=1 [] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064] "AlcoholAutomount"=C:\Program Files\Alcohol 120\axcmd.exe [2007-12-22 222080] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] "Google Update"=C:\Users\A\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 133104] "Remote File"=C:\Users\A\AppData\Local\Temp\rashost.exe [2008-10-29 1167360] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "FilterAdministratorToken"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H] shell\AutoRun\command - H:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I] shell\AutoRun\command - I:\SETUP.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1f50d0a-0216-11dd-92d3-001c232af8d8}] shell\AutoRun\command - F:\LaunchU3.exe -a ======List of files/folders created in the last 1 months====== 2011-03-07 09:31:52 ----D---- C:\Program Files\PowerISO 2009-11-23 20:41:09 ----D---- C:\Program Files\trend micro 2009-11-23 20:41:08 ----D---- C:\rsit 2009-11-22 19:40:45 ----D---- C:\_OTM 2009-11-22 18:45:51 ----A---- C:\TCleaner.txt 2009-11-22 14:38:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-11-22 14:00:13 ----D---- C:\Program Files\a-squared Free 2009-11-22 12:55:51 ----D---- C:\ProgramData\Spybot - Search & Destroy 2009-11-22 12:55:51 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-11-22 11:57:06 ----A---- C:\rollback.ini 2009-11-22 11:52:06 ----D---- C:\Program Files\Windows Live Safety Center 2009-11-22 11:45:10 ----D---- C:\Program Files\Common Files\ParetoLogic 2009-11-22 11:14:12 ----D---- C:\ProgramData\SUPERAntiSpyware.com 2009-11-22 11:13:55 ----D---- C:\Users\A\AppData\Roaming\SUPERAntiSpyware.com 2009-11-22 11:13:55 ----D---- C:\Program Files\SUPERAntiSpyware 2009-11-22 11:06:55 ----D---- C:\Users\A\AppData\Roaming\Malwarebytes 2009-11-22 11:06:51 ----D---- C:\ProgramData\Malwarebytes 2009-11-22 10:59:55 ----A---- C:\Windows\ntbtlog.txt 2009-11-21 13:31:40 ----A---- C:\Windows\system32\XAudio2_5.dll 2009-11-21 13:31:39 ----A---- C:\Windows\system32\xactengine3_5.dll 2009-11-21 13:31:39 ----A---- C:\Windows\system32\D3DCompiler_42.dll 2009-11-21 13:31:37 ----A---- C:\Windows\system32\d3dx11_42.dll 2009-11-21 13:31:37 ----A---- C:\Windows\system32\d3dx10_42.dll 2009-11-21 13:31:37 ----A---- C:\Windows\system32\d3dcsx_42.dll 2009-11-21 13:31:36 ----A---- C:\Windows\system32\D3DX9_42.dll 2009-11-21 13:31:33 ----A---- C:\Windows\system32\XAPOFX1_3.dll 2009-11-21 13:31:30 ----A---- C:\Windows\system32\xactengine3_2.dll 2009-11-21 13:29:27 ----D---- C:\Program Files\Indie Games 2009-11-21 12:23:30 ----D---- C:\Users\A\AppData\Roaming\Stardock 2009-11-21 12:23:03 ----D---- C:\ProgramData\Stardock 2009-11-21 12:23:02 ----D---- C:\Program Files\Impulse 2009-11-21 12:22:49 ----HDC---- C:\ProgramData\{CCF7B54F-09A1-41ED-BA1B-471D81BFFC09} 2009-11-20 23:18:18 ----D---- C:\Program Files\1C Company 2009-11-20 22:25:14 ----A---- C:\Windows\system32\d3dx10_41.dll 2009-11-20 22:25:14 ----A---- C:\Windows\system32\D3DCompiler_41.dll 2009-11-20 22:25:12 ----A---- C:\Windows\system32\D3DX9_41.dll 2009-11-20 22:25:11 ----A---- C:\Windows\system32\XAudio2_4.dll 2009-11-20 22:25:11 ----A---- C:\Windows\system32\xactengine3_4.dll 2009-11-20 22:25:11 ----A---- C:\Windows\system32\X3DAudio1_6.dll 2009-11-20 22:25:10 ----A---- C:\Windows\system32\d3dx10_40.dll 2009-11-20 22:25:10 ----A---- C:\Windows\system32\D3DCompiler_40.dll 2009-11-20 22:25:06 ----A---- C:\Windows\system32\D3DX9_40.dll 2009-11-20 22:24:44 ----A---- C:\Windows\system32\xactengine2_5.dll 2009-11-20 22:24:44 ----A---- C:\Windows\system32\d3dx10.dll 2009-11-20 22:24:43 ----A---- C:\Windows\system32\xactengine2_4.dll 2009-11-20 22:24:43 ----A---- C:\Windows\system32\d3dx9_32.dll 2009-11-20 22:24:42 ----A---- C:\Windows\system32\d3dx9_31.dll 2009-11-20 22:24:41 ----A---- C:\Windows\system32\xinput1_2.dll 2009-11-20 22:24:41 ----A---- C:\Windows\system32\xactengine2_3.dll 2009-11-20 22:24:41 ----A---- C:\Windows\system32\xactengine2_2.dll 2009-11-20 22:24:40 ----A---- C:\Windows\system32\xinput1_1.dll 2009-11-20 22:24:40 ----A---- C:\Windows\system32\xactengine2_1.dll 2009-11-20 22:24:15 ----A---- C:\Windows\system32\xactengine2_0.dll 2009-11-20 22:24:15 ----A---- C:\Windows\system32\x3daudio1_0.dll 2009-11-20 22:24:15 ----A---- C:\Windows\system32\d3dx9_30.dll 2009-11-20 22:24:13 ----A---- C:\Windows\system32\d3dx9_29.dll 2009-11-20 22:24:10 ----A---- C:\Windows\system32\d3dx9_28.dll 2009-11-20 22:24:07 ----A---- C:\Windows\system32\d3dx9_26.dll 2009-11-20 22:24:01 ----A---- C:\Windows\system32\d3dx9_25.dll 2009-11-20 22:23:56 ----A---- C:\Windows\system32\d3dx9_24.dll 2009-11-20 21:49:48 ----A---- C:\Windows\system32\FrogASPI.DLL 2009-11-20 21:49:46 ----A---- C:\Windows\system32\WNASPINT.DLL 2009-11-20 20:32:03 ----D---- C:\Program Files\DAEMON Tools Lite 2009-11-20 20:31:43 ----D---- C:\Users\A\AppData\Roaming\DAEMON Tools Lite 2009-11-20 20:31:41 ----D---- C:\ProgramData\DAEMON Tools Lite 2009-11-20 20:22:02 ----D---- C:\Temp 2009-11-20 20:19:38 ----D---- C:\Program Files\VirtualCloneDrive 2009-11-15 12:17:56 ----D---- C:\Program Files\mfcdlist 2009-11-11 09:46:38 ----A---- C:\Windows\system32\WSDApi.dll 2009-11-05 18:39:17 ----A---- C:\Windows\system32\mshtml.dll 2009-10-30 14:23:43 ----A---- C:\Windows\system32\wups2.dll 2009-10-30 14:23:43 ----A---- C:\Windows\system32\wucltux.dll 2009-10-30 14:23:43 ----A---- C:\Windows\system32\wuaueng.dll 2009-10-30 14:23:43 ----A---- C:\Windows\system32\wuauclt.exe 2009-10-30 14:22:48 ----A---- C:\Windows\system32\wups.dll 2009-10-30 14:22:48 ----A---- C:\Windows\system32\wudriver.dll 2009-10-30 14:22:48 ----A---- C:\Windows\system32\wuapi.dll 2009-10-30 14:22:34 ----A---- C:\Windows\system32\wuwebv.dll 2009-10-30 14:22:34 ----A---- C:\Windows\system32\wuapp.exe 2009-10-29 17:44:58 ----D---- C:\Users\A\AppData\Roaming\runic games 2009-10-29 17:38:56 ----D---- C:\Program Files\Torchlight ======List of files/folders modified in the last 1 months====== 2009-11-23 20:41:11 ----D---- C:\Windows\Temp 2009-11-23 20:41:09 ----RD---- C:\Program Files 2009-11-23 18:48:39 ----AD---- C:\ProgramData\TEMP 2009-11-23 18:34:21 ----D---- C:\Windows\System32 2009-11-23 18:34:21 ----D---- C:\Windows\inf 2009-11-23 18:34:21 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-11-22 22:40:49 ----HD---- C:\ProgramData 2009-11-22 17:02:02 ----D---- C:\Users\A\AppData\Roaming\uTorrent 2009-11-22 16:23:35 ----D---- C:\Users\A\AppData\Roaming\FileZilla 2009-11-22 16:19:58 ----D---- C:\Program Files\WinRAR 2009-11-22 14:38:57 ----D---- C:\Windows\system32\drivers 2009-11-22 14:37:25 ----D---- C:\Program Files\Mozilla Firefox 2009-11-22 14:30:41 ----SHD---- C:\Config.Msi 2009-11-22 14:00:26 ----D---- C:\Windows\Prefetch 2009-11-22 13:39:04 ----SHD---- C:\Windows\Installer 2009-11-22 13:39:04 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2009-11-22 13:37:25 ----D---- C:\Windows\Tasks 2009-11-22 13:37:24 ----D---- C:\Windows\system32\catroot 2009-11-22 11:58:07 ----D---- C:\Windows\system32\Tasks 2009-11-22 11:52:06 ----SD---- C:\Windows\Downloaded Program Files 2009-11-22 11:45:10 ----D---- C:\Program Files\Common Files 2009-11-22 10:59:55 ----D---- C:\Windows 2009-11-22 10:58:49 ----D---- C:\Windows\system32\catroot2 2009-11-22 10:43:39 ----D---- C:\Windows\winsxs 2009-11-22 10:39:58 ----SHD---- C:\System Volume Information 2009-11-21 21:51:26 ----AD---- C:\Films 2009-11-21 18:19:16 ----SD---- C:\Users\A\AppData\Roaming\Microsoft 2009-11-21 13:31:09 ----RSD---- C:\Windows\assembly 2009-11-21 12:23:35 ----D---- C:\Windows\Microsoft.NET 2009-11-21 12:22:15 ----D---- C:\Program Files\Steam 2009-11-20 22:42:50 ----D---- C:\Program Files\InfraRecorder 2009-11-20 22:38:57 ----A---- C:\Windows\winamp.ini 2009-11-20 20:49:32 ----D---- C:\eMule 2009-11-17 22:36:37 ----D---- C:\Backup joueur1.com 2009-11-17 21:49:39 ----D---- C:\joueur1.com 2009-11-16 21:51:53 ----D---- C:\Users\A\AppData\Roaming\dvdcss 2009-11-15 15:06:31 ----AD---- C:\Nds romz 2009-11-10 14:54:26 ----D---- C:\ProgramData\Adobe 2009-11-09 20:00:28 ----D---- C:\Program Files\Common Files\Adobe 2009-11-07 23:52:12 ----D---- C:\Images 2009-11-05 17:36:21 ----A---- C:\Windows\system32\mrt.exe 2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe 2009-10-31 08:56:07 ----D---- C:\Windows\system32\en-US 2009-10-26 21:12:42 ----RAD---- C:\Photos ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-11-02 56572] R2 acedrv10;acedrv10; \??\C:\Windows\system32\drivers\acedrv10.sys [2007-10-28 583128] R2 acehlp10;acehlp10; \??\C:\Windows\system32\drivers\acehlp10.sys [2007-10-26 250560] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-11-11 12672] R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-20 32256] R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-20 43520] R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-20 37376] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-11 8192] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-03-12 14208] R3 guardian2;guardian2; C:\Windows\System32\Drivers\oz776.sys [2007-01-29 61312] R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-11 986624] R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-11 206848] R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-01-30 7544832] R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-03-12 82432] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-02-08 647680] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-20 179256] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-11 659968] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-03-12 11264] S3 aildw9nt;aildw9nt; C:\Windows\system32\drivers\aildw9nt.sys [] S3 ar4dblwa;ar4dblwa; C:\Windows\system32\drivers\ar4dblwa.sys [] S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2007-06-21 49904] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880] S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032] S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\Windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208] S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-22 29696] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2006-11-02 514560] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-10-01 1858144] R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341] R2 nicconfigsvc;Dell Internal Network Card Power Management; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [2007-04-27 386592] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-01-30 203296] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968] R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2007-02-08 90112] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-11 386560] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-04-27 322032] S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [] -----------------EOF----------------- ********* ********* ********* ********* ********* ********* ********* ********* ********* ********* ********* ********* ********* ********* INFO.TXT info.txt logfile of random's system information tool 1.06 2009-11-23 20:41:18 ======Uninstall list====== -->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3} AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003} Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe" AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe" Broadcom Management Programs-->MsiExec.exe /X{D6771E19-1BB6-43B1-811E-ECC5A4613579} Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F} Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini" Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini" Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini" Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini" CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini" Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini" Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini" Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini" Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini" Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini" Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini" Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE} Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -IDellHDAz.inf Cool Sitemapper-->MsiExec.exe /I{414D4230-7F91-4F72-A06A-0F92EE15402F} Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045} Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1} Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly Dropbox-->"C:\Program Files\Dropbox\Uninstall.exe" EasyPHP 2.0b1-->"C:\Program Files\EasyPHP 2.0b1\unins000.exe" eMule-->"C:\Program Files\eMule\Uninstall.exe" ExplorerView 1.0.3-->C:\Program Files\ExplorerView\uninst.exe FastStone Image Viewer 3.5-->C:\Program Files\FastStone Image Viewer\uninst.exe FastStone Photo Resizer 2.5-->C:\Program Files\FastStone Photo Resizer\uninst.exe ffdshow [rev 2583] [2009-01-05]-->"C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe" FileZilla Client 3.1.2-->C:\Program Files\FileZilla FTP Client\uninstall.exe Flickr Uploadr 3.0.5-->"C:\Program Files\Flickr Uploadr\uninstall.exe" foobar2000 v0.9.5.5-->"C:\Program Files\foobar2000\uninstall.exe" FreeMind-->"C:\Program Files\FreeMind\unins000.exe" Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Impulse-->"C:\ProgramData\{CCF7B54F-09A1-41ED-BA1B-471D81BFFC09}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE Impulse-->C:\ProgramData\{CCF7B54F-09A1-41ED-BA1B-471D81BFFC09}\Impulse_setup.exe InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe IZArc 3.81-->"C:\Program Files\IZArc\unins000.exe" Java 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000} King's Bounty - Armored Princess-->"C:\Program Files\Indie Games\King's Bounty - Armored Princess\UninstHelper.exe" /autouninstall kbap K-Lite Mega Codec Pack 3.8.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Media Player Classic-->C:\Program Files\Media Player Classic\uninstall.exe MediaDirect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501} Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6} Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE} Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B} Mount&Blade-->C:\Program Files\Mount&Blade\uninstall.exe Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly Notepad++-->C:\Program Files\Notepad++\uninstall.exe NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3} OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56} Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E} PlugY, The Survival Kit-->"C:\Program Files\Diablo II\Mod PlugY\PlugY Uninstaller.exe" PowerISO-->"C:\Program Files\PowerISO\uninstall.exe" ProtectDisc Helper Driver 10-->C:\Program Files\ProtectDisc Driver Installer\uninstall_v10.exe QuickSet-->MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E} QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} Sothink Movie DVD Maker-->"C:\Program Files\Movie DVD Maker\unins000.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} STREET FIGHTER IV-->MsiExec.exe /X{59ABBDF0-E1E5-48AF-85FB-F523A08C3490} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe Torchlight-->C:\Program Files\Torchlight\uninstall.exe Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe" VLC media player 0.9.9-->C:\Program Files\VLC\uninstall.exe Winamp-->"C:\Program Files\Winamp5\UninstWA.exe" Windows Live OneCare safety scanner-->%ProgramFiles%\Windows Live Safety Center\wlschost.exe -Uninstall Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} World of Goo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/22000 ======Security center information====== FW: McAfee Personal Firewall AS: Windows Defender ======System event log====== Computer Name: A-PC Event Code: 1002 Message: The IP address lease 192.168.1.2 for the Network Card with network address 001CBFD50BE1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). Record Number: 125501 Source Name: Microsoft-Windows-Dhcp-Client Time Written: 20091123183116.000000-000 Event Type: Error User: Computer Name: A-PC Event Code: 3004 Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=370...;threatid=71945 Scan ID: {083D9804-7D84-48FA-B87B-EADFE037B2C7} User: A-PC\A Name: Backdoor:Win32/Rbot.gen ID: 71945 Severity ID: 5 Category ID: 6 Path Found: process:pid:3704 Alert Type: Spyware or other potentially unwanted software Detection Type: Heuristics Record Number: 125511 Source Name: Microsoft-Windows-Windows Defender Time Written: 20091123183129.000000-000 Event Type: Warning User: Computer Name: A-PC Event Code: 4 Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable. Record Number: 125521 Source Name: Microsoft-Windows-SpoolerWin32SPL Time Written: 20091123190950.000000-000 Event Type: Warning User: Computer Name: A-PC Event Code: 4 Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable. Record Number: 125522 Source Name: Microsoft-Windows-SpoolerWin32SPL Time Written: 20091123191300.000000-000 Event Type: Warning User: Computer Name: A-PC Event Code: 4 Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable. Record Number: 125523 Source Name: Microsoft-Windows-SpoolerWin32SPL Time Written: 20091123191300.000000-000 Event Type: Warning User: =====Application event log===== Computer Name: A-PC Event Code: 10010 Message: Application 'C:\Program Files\Internet Explorer\iexplore.exe' (pid 2880) cannot be restarted - Application SID does not match Conductor SID.. Record Number: 22507 Source Name: Microsoft-Windows-RestartManager Time Written: 20091122133743.210627-000 Event Type: Warning User: A-PC\A Computer Name: A-PC Event Code: 10010 Message: Application 'C:\Windows\System32\msiexec.exe' (pid 664) cannot be restarted - Application SID does not match Conductor SID.. Record Number: 22508 Source Name: Microsoft-Windows-RestartManager Time Written: 20091122133743.210627-000 Event Type: Warning User: A-PC\A Computer Name: A-PC Event Code: 1002 Message: The program ToolsCleaner2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: ed8 Start Time: 01ca6b9e0bb0cc38 Termination Time: 3 Record Number: 22592 Source Name: Application Hang Time Written: 20091122180404.000000-000 Event Type: Error User: Computer Name: A-PC Event Code: 1002 Message: The program OTM.exe version 3.1.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: f4c Start Time: 01ca6bb5f519fb7e Termination Time: 16 Record Number: 22622 Source Name: Application Hang Time Written: 20091122205901.000000-000 Event Type: Error User: Computer Name: A-PC Event Code: 20 Message: Record Number: 22666 Source Name: Google Update Time Written: 20091123182940.000000-000 Event Type: Error User: A-PC\A =====Security event log===== Computer Name: A-PC Event Code: 4648 Message: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-21-2964503660-626179915-801367091-1000 Account Name: A Account Domain: A-PC Logon ID: 0x21949 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: sdcentral Account Domain: Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: ash03.mi.stardock.com Additional Information: ash03.mi.stardock.com Process Information: Process ID: 0x698 Process Name: C:\Program Files\Impulse\Impulse.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Record Number: 32908 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091123184755.376534-000 Event Type: Audit Success User: Computer Name: A-PC Event Code: 4648 Message: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-21-2964503660-626179915-801367091-1000 Account Name: A Account Domain: A-PC Logon ID: 0x21949 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: sdcentral Account Domain: Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: ash03.mi.stardock.com Additional Information: ash03.mi.stardock.com Process Information: Process ID: 0x698 Process Name: C:\Program Files\Impulse\Impulse.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Record Number: 32909 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091123184759.479334-000 Event Type: Audit Success User: Computer Name: A-PC Event Code: 4648 Message: A logon was attempted using explicit credentials. Subject: Security ID: S-1-5-18 Account Name: A-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Account Whose Credentials Were Used: Account Name: SYSTEM Account Domain: NT AUTHORITY Logon GUID: {00000000-0000-0000-0000-000000000000} Target Server: Target Server Name: localhost Additional Information: localhost Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Network Address: - Port: - This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command. Record Number: 32910 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091123191301.477934-000 Event Type: Audit Success User: Computer Name: A-PC Event Code: 4624 Message: An account was successfully logged on. Subject: Security ID: S-1-5-18 Account Name: A-PC$ Account Domain: WORKGROUP Logon ID: 0x3e7 Logon Type: 5 New Logon: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Logon GUID: {00000000-0000-0000-0000-000000000000} Process Information: Process ID: 0x274 Process Name: C:\Windows\System32\services.exe Network Information: Workstation Name: Source Network Address: - Source Port: - Detailed Authentication Information: Logon Process: Advapi Authentication Package: Negotiate Transited Services: - Package Name (NTLM only): - Key Length: 0 This event is generated when a logon session is created. It is generated on the computer that was accessed. The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe. The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network). The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on. The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases. The authentication information fields provide detailed information about this specific logon request. - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event. - Transited services indicate which intermediate services have participated in this logon request. - Package name indicates which sub-protocol was used among the NTLM protocols. - Key length indicates the length of the generated session key. This will be 0 if no session key was requested. Record Number: 32911 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091123191301.477934-000 Event Type: Audit Success User: Computer Name: A-PC Event Code: 4672 Message: Special privileges assigned to new logon. Subject: Security ID: S-1-5-18 Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3e7 Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 32912 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20091123191301.477934-000 Event Type: Audit Success User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\IsoBuster "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0f06 "NUMBER_OF_PROCESSORS"=2 "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------
  5. Mon malheur, c'est bien que je ne comprenne pas où est la source précisement :/ En plus windows defender n'a pas l'air d'être l'antivirus ultime... L'info qu'il me donne c'est : Name: Backdoor:Win32/Rbot.gen Alert level: Severe Category: Backdoor Description: This program has potentially unwanted behavior. Advice: Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software. Resources: process: pid:3608 (j'ai checké ds le task manager, ce processus n'existe pas !) Sur le net j'ai vu que le trojan Rbot.gen était capable de se dupliquer sur le disque avec des noms différents à chaque fois pour rendre plus difficile son nettoyage total. Ce qu'il faudrait je pense, c'est un patch ou un outil spécifique pour tout nettoyer automatiquement mais je n'en ai pas trouvé après pas mal de recherches sur le net. Autre possibilité, windows defender est défaillant et fait une fausse alerte ? J'ai fait bcp de scans toute la journée avec différents anti malwares et ils n'ont jamais rien trouvé. Qu'en penses-tu ?
  6. Les resultats de lop S&Det me paraissent encourageant mais apres un redemarrage, windows defender donne toujours la meme alerte :/ Je ne sais vraiment pas quoi faire
  7. Ok, voici donc le log que tu as demandé, suite à l'action 2 : Qu'en penses-tu ? --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft® Windows Vista™ Home Premium ( v6.0.6000 ) X86-based PC ( Multiprocessor Free : Intel® Core2 CPU T7200 @ 2.00GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A06 USER : A ( Administrator ) BOOT : Normal boot Firewall : McAfee Personal Firewall (Activated) C:\ (Local Disk) - NTFS - Total:136 Go (Free:29 Go) D:\ (Local Disk) - NTFS - Total:9 Go (Free:5 Go) E:\ (CD or DVD) G:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [2] ( 22/11/2009|17:03 ) [ UAC => 1 ] \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION Supprime! - C:\Users\A\AppData\Roaming\MICROS~1\Windows\Cookies\[email protected][2].txt Supprime! - C:\Users\A\AppData\Roaming\MICROS~1\Windows\Cookies\[email protected][2].txt Supprime! - C:\ProgramData\corn nurb nurb.h9e1qb1 Supprime! - C:\ProgramData\corn nurb nurb.jqzamui - [ Fichier Hosts ] .. Restaure! \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ --------------------\\ Listing des dossiers dans Local [07/03/2009|11:27] C:\Users\A\AppData\Local\2DBoy [19/04/2008|17:42] C:\Users\A\AppData\Local\Adobe [06/08/2008|19:08] C:\Users\A\AppData\Local\Ahead [17/10/2009|10:10] C:\Users\A\AppData\Local\Apple [14/03/2008|19:23] C:\Users\A\AppData\Local\Application Data [25/07/2009|12:42] C:\Users\A\AppData\Local\CAPCOM [26/08/2008|07:24] C:\Users\A\AppData\Local\d3d9caps.dat [18/11/2009|00:12] C:\Users\A\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [22/11/2009|11:44] C:\Users\A\AppData\Local\Downloaded Installations [30/07/2009|19:37] C:\Users\A\AppData\Local\eMule [09/06/2008|08:38] C:\Users\A\AppData\Local\Flickr [08/03/2009|09:44] C:\Users\A\AppData\Local\GDIPFONTCACHEV1.DAT [25/07/2009|11:01] C:\Users\A\AppData\Local\Google [14/03/2008|19:23] C:\Users\A\AppData\Local\History [22/11/2009|16:45] C:\Users\A\AppData\Local\IconCache.db [30/03/2008|09:53] C:\Users\A\AppData\Local\MediaDirect [22/11/2009|11:52] C:\Users\A\AppData\Local\Microsoft [30/07/2008|16:14] C:\Users\A\AppData\Local\Microsoft Games [14/03/2008|19:32] C:\Users\A\AppData\Local\MigWiz [14/03/2008|20:31] C:\Users\A\AppData\Local\Mozilla [06/08/2008|19:05] C:\Users\A\AppData\Local\Nero [01/04/2008|20:13] C:\Users\A\AppData\Local\Oblivion [21/11/2009|12:22] C:\Users\A\AppData\Local\PackageAware [29/03/2008|22:41] C:\Users\A\AppData\Local\Powercinema [14/03/2008|22:04] C:\Users\A\AppData\Local\Real [14/03/2008|22:10] C:\Users\A\AppData\Local\SupportSoft [22/11/2009|17:03] C:\Users\A\AppData\Local\Temp [14/03/2008|19:23] C:\Users\A\AppData\Local\Temporary Internet Files [22/11/2009|16:46] C:\Users\A\AppData\Local\VirtualStore --------------------\\ Tâches planifiées dans C:\Windows\tasks [22/11/2009 13:24][--a------] C:\Windows\tasks\ParetoLogic Registration.job [16/08/2009 03:31][--a------] C:\Windows\tasks\Driver Robot.job [22/11/2009 16:51][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2964503660-626179915-801367091-1000UA.job [21/11/2009 22:51][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2964503660-626179915-801367091-1000Core.job [22/11/2009 16:46][--ah-----] C:\Windows\tasks\SA.DAT [22/11/2009 16:45][--a------] C:\Windows\tasks\SCHEDLGU.TXT --------------------\\ Listing des dossiers dans C:\ProgramData [05/10/2009|22:00] C:\ProgramData\_Temp [21/11/2009|12:23] C:\ProgramData\{CCF7B54F-09A1-41ED-BA1B-471D81BFFC09} [07/03/2009|11:27] C:\ProgramData\2DBoy [10/11/2009|14:54] C:\ProgramData\Adobe [17/10/2009|10:10] C:\ProgramData\Apple [17/10/2009|10:11] C:\ProgramData\Apple Computer [14/03/2008|19:23] C:\ProgramData\Application Data [12/03/2008|03:11] C:\ProgramData\CyberLink [20/11/2009|20:31] C:\ProgramData\DAEMON Tools Lite [14/03/2008|22:20] C:\ProgramData\Dell [14/03/2008|19:23] C:\ProgramData\Desktop [14/03/2008|19:23] C:\ProgramData\Documents [15/03/2008|00:18] C:\ProgramData\eMule [14/03/2008|19:23] C:\ProgramData\Favorites [10/02/2009|19:46] C:\ProgramData\Google [12/03/2008|02:59] C:\ProgramData\InstallShield [22/11/2009|11:06] C:\ProgramData\Malwarebytes [15/08/2009|15:05] C:\ProgramData\McAfee [22/11/2009|16:41] C:\ProgramData\mfcdlist [17/01/2009|11:02] C:\ProgramData\Microsoft [06/08/2008|19:28] C:\ProgramData\Nero [20/11/2009|20:34] C:\ProgramData\ntuser.pol [15/08/2009|21:56] C:\ProgramData\NVIDIA [22/11/2009|16:46] C:\ProgramData\nvModes.001 [22/11/2009|14:31] C:\ProgramData\nvModes.dat [22/11/2009|13:38] C:\ProgramData\ParetoLogic [14/03/2008|22:04] C:\ProgramData\Real [01/04/2008|18:31] C:\ProgramData\Roxio [12/03/2008|03:01] C:\ProgramData\Sonic [22/11/2009|12:57] C:\ProgramData\Spybot - Search & Destroy [21/11/2009|12:23] C:\ProgramData\Stardock [14/03/2008|19:23] C:\ProgramData\Start Menu [22/11/2009|11:14] C:\ProgramData\SUPERAntiSpyware.com [12/03/2008|03:08] C:\ProgramData\SupportSoft [22/11/2009|17:03] C:\ProgramData\TEMP [14/03/2008|19:23] C:\ProgramData\Templates [05/05/2008|21:55] C:\ProgramData\ZoomBrowser --------------------\\ Listing des dossiers dans C:\Program Files [20/11/2009|23:18] C:\Program Files\1C Company [02/05/2009|17:00] C:\Program Files\AC3Filter [16/03/2009|16:48] C:\Program Files\Adobe [15/08/2009|21:50] C:\Program Files\AGEIA Technologies [15/08/2009|22:27] C:\Program Files\Alcohol 120 [17/10/2009|10:10] C:\Program Files\Apple Software Update [22/11/2009|14:08] C:\Program Files\a-squared Free [25/08/2009|18:14] C:\Program Files\AviSynth 2.5 [12/03/2008|02:55] C:\Program Files\Broadcom [17/03/2008|22:13] C:\Program Files\Canon [22/11/2009|11:45] C:\Program Files\Common Files [12/03/2008|02:39] C:\Program Files\CONEXANT [11/08/2008|18:58] C:\Program Files\coolsitemapper [12/03/2008|03:11] C:\Program Files\CyberLink [20/11/2009|20:32] C:\Program Files\DAEMON Tools Lite [12/03/2008|03:11] C:\Program Files\Dell [12/03/2008|03:08] C:\Program Files\Dell Support Center [17/10/2009|14:18] C:\Program Files\Diablo II [12/03/2008|02:58] C:\Program Files\Digital Line Detect [28/02/2004|11:06] C:\Program Files\directx [11/01/2009|10:44] C:\Program Files\Driver NVIDIA [23/07/2009|05:41] C:\Program Files\Dropbox [25/08/2009|18:13] C:\Program Files\Easy DVD Creator [15/08/2009|20:59] C:\Program Files\EasyCleaner [10/05/2008|13:34] C:\Program Files\EasyPHP 2.0b1 [16/03/2008|11:02] C:\Program Files\eMule [31/08/2008|16:50] C:\Program Files\ExplorerView [14/03/2008|21:59] C:\Program Files\FastStone Image Viewer [14/03/2008|22:05] C:\Program Files\FastStone Photo Resizer [31/08/2008|08:12] C:\Program Files\FileZilla FTP Client [12/06/2009|21:29] C:\Program Files\Flickr Uploadr [24/08/2008|14:24] C:\Program Files\foobar2000 [08/04/2008|19:05] C:\Program Files\FreeMind [25/08/2009|18:14] C:\Program Files\Haali [22/11/2009|14:41] C:\Program Files\HijackThis [21/11/2009|12:23] C:\Program Files\Impulse [21/11/2009|13:29] C:\Program Files\Indie Games [20/11/2009|22:42] C:\Program Files\InfraRecorder [15/08/2009|14:57] C:\Program Files\InstallShield Installation Information [17/10/2009|10:12] C:\Program Files\Internet Explorer [14/03/2008|22:02] C:\Program Files\IZArc [30/08/2009|21:15] C:\Program Files\Java [14/03/2008|22:04] C:\Program Files\K-Lite Codec Pack [09/04/2008|19:00] C:\Program Files\Maguma Open Studio [22/11/2009|14:39] C:\Program Files\Malwarebytes' Anti-Malware [02/05/2009|16:55] C:\Program Files\Media Player Classic [15/11/2009|12:17] C:\Program Files\mfcdlist [02/11/2006|12:37] C:\Program Files\Microsoft Games [19/02/2009|18:29] C:\Program Files\Microsoft Games for Windows - LIVE [07/04/2008|19:35] C:\Program Files\Microsoft Office [25/09/2009|00:04] C:\Program Files\Microsoft Silverlight [08/07/2008|12:34] C:\Program Files\Microsoft Works [12/03/2008|02:57] C:\Program Files\Modem Diagnostic Tool [25/04/2009|16:12] C:\Program Files\Mount&Blade [25/08/2009|18:14] C:\Program Files\Movie DVD Maker [02/11/2006|12:42] C:\Program Files\Movie Maker [22/11/2009|14:37] C:\Program Files\Mozilla Firefox [14/03/2009|18:48] C:\Program Files\Mozilla Firefox3 [12/03/2009|15:40] C:\Program Files\MSBuild [02/11/2006|12:37] C:\Program Files\MSN [14/03/2008|19:54] C:\Program Files\MSXML 4.0 [12/03/2008|02:56] C:\Program Files\NetWaiting [09/04/2008|19:07] C:\Program Files\Notepad++ [15/08/2009|22:09] C:\Program Files\Photo Story 3 for Windows [07/03/2011|09:31] C:\Program Files\PowerISO [27/05/2008|20:01] C:\Program Files\ProtectDisc Driver Installer [17/10/2009|10:12] C:\Program Files\QuickTime [12/03/2009|15:40] C:\Program Files\Reference Assemblies [12/03/2008|02:54] C:\Program Files\SigmaTel [22/11/2009|12:57] C:\Program Files\Spybot - Search & Destroy [21/11/2009|12:22] C:\Program Files\Steam [25/07/2009|12:33] C:\Program Files\StreetFighterIV [22/11/2009|13:39] C:\Program Files\SUPERAntiSpyware [12/03/2008|10:33] C:\Program Files\Synaptics [15/08/2009|21:12] C:\Program Files\SystemRequirementsLab [29/10/2009|21:33] C:\Program Files\Torchlight [02/11/2006|13:01] C:\Program Files\Uninstall Information [20/11/2009|22:18] C:\Program Files\VirtualCloneDrive [08/06/2009|20:07] C:\Program Files\VLC [15/03/2008|10:11] C:\Program Files\Winamp [04/01/2009|10:51] C:\Program Files\Winamp5 [12/03/2008|10:27] C:\Program Files\Windows Calendar [12/03/2008|10:23] C:\Program Files\Windows Defender [02/11/2006|12:42] C:\Program Files\Windows Journal [22/11/2009|11:52] C:\Program Files\Windows Live Safety Center [14/03/2008|20:15] C:\Program Files\Windows Mail [15/08/2009|14:49] C:\Program Files\Windows Media Player [02/11/2006|12:37] C:\Program Files\Windows NT [02/11/2006|12:42] C:\Program Files\Windows Photo Gallery [14/03/2008|20:15] C:\Program Files\Windows Sidebar [22/11/2009|16:19] C:\Program Files\WinRAR --------------------\\ Listing des dossiers dans C:\Program Files\Common Files [08/07/2008|12:40] C:\Program Files\Common Files\ACD Systems [09/11/2009|20:00] C:\Program Files\Common Files\Adobe [17/10/2009|10:11] C:\Program Files\Common Files\Apple [19/08/2008|20:04] C:\Program Files\Common Files\Blizzard Entertainment [11/08/2008|18:58] C:\Program Files\Common Files\Borland Shared [17/03/2008|22:12] C:\Program Files\Common Files\Canon [07/04/2008|19:35] C:\Program Files\Common Files\Designer [12/03/2008|02:59] C:\Program Files\Common Files\InstallShield [12/03/2008|02:53] C:\Program Files\Common Files\Java [15/08/2009|22:09] C:\Program Files\Common Files\microsoft shared [06/08/2008|19:28] C:\Program Files\Common Files\Nero [22/11/2009|13:38] C:\Program Files\Common Files\ParetoLogic [01/04/2008|18:31] C:\Program Files\Common Files\Roxio Shared [02/11/2006|11:18] C:\Program Files\Common Files\Services [25/08/2009|18:14] C:\Program Files\Common Files\SourceTec [02/11/2006|11:18] C:\Program Files\Common Files\SpeechEngines [15/08/2009|22:07] C:\Program Files\Common Files\Steam [12/03/2008|03:08] C:\Program Files\Common Files\supportsoft [12/03/2008|10:32] C:\Program Files\Common Files\System [22/11/2009|13:39] C:\Program Files\Common Files\Wise Installation Wizard --------------------\\ Process ( 59 Processes ) ... OK ! --------------------\\ Recherche avec S_Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Recherche de Fichiers / Dossiers Lop Aucun fichier / dossier Lop trouvé ! --------------------\\ Verification du Registre ..... OK ! --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-22 17:03:43 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections Aucune autre infection trouvée ! [F:47][D:128]-> C:\Users\A\AppData\Local\Temp [F:170][D:1]-> C:\Users\A\AppData\Roaming\MICROS~1\Windows\Cookies [F:322][D:4]-> C:\Users\A\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5 [F:265][D:5]-> C:\$Recycle.Bin 1 - "C:\Lop SD\LopR_1.txt" - 22/11/2009|15:18 - Option : [1] 2 - "C:\Lop SD\LopR_2.txt" - 22/11/2009|16:54 - Option : [1] 3 - "C:\Lop SD\LopR_3.txt" - 22/11/2009|17:04 - Option : [2] --------------------\\ Fin du rapport a 17:04:41 [ UAC => 1 ]
  8. Salut Chrifleur, Merci de m'avoir répondu c'est sympa d'essayer de me tirer de mon mauvais pas !! Voici le log que tu as demandé : Il y a juste Malwarebytes qui a tourné pendant ce temps (un scan super long qui a demarré depuis très longtemps et que je voulais finir) et Windows Defender (le truc par defaut dans Vista) Si c'est problématique dis moi et je referai un nouveau scan en désactivant ces trucs. Et merci encore ! ____________________________ --------------------\\ Lop S&D 4.2.5-0 XP/Vista Microsoft® Windows Vista™ Home Premium ( v6.0.6000 ) X86-based PC ( Multiprocessor Free : Intel® Core2 CPU T7200 @ 2.00GHz ) BIOS : Phoenix ROM BIOS PLUS Version 1.10 A06 USER : A ( Administrator ) BOOT : Normal boot Firewall : McAfee Personal Firewall (Activated) C:\ (Local Disk) - NTFS - Total:136 Go (Free:29 Go) D:\ (Local Disk) - NTFS - Total:9 Go (Free:5 Go) E:\ (CD or DVD) G:\ (CD or DVD) "C:\Lop SD" ( MAJ : 19-12-2008|23:40 ) Option : [1] ( 22/11/2009|15:14 ) [ UAC => 0 ] --------------------\\ Listing des dossiers dans Local [07/03/2009|11:27] C:\Users\A\AppData\Local\2DBoy [19/04/2008|17:42] C:\Users\A\AppData\Local\Adobe [06/08/2008|19:08] C:\Users\A\AppData\Local\Ahead [17/10/2009|10:10] C:\Users\A\AppData\Local\Apple [14/03/2008|19:23] C:\Users\A\AppData\Local\Application Data [25/07/2009|12:42] C:\Users\A\AppData\Local\CAPCOM [26/08/2008|07:24] C:\Users\A\AppData\Local\d3d9caps.dat [18/11/2009|00:12] C:\Users\A\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [22/11/2009|11:44] C:\Users\A\AppData\Local\Downloaded Installations [30/07/2009|19:37] C:\Users\A\AppData\Local\eMule [09/06/2008|08:38] C:\Users\A\AppData\Local\Flickr [08/03/2009|09:44] C:\Users\A\AppData\Local\GDIPFONTCACHEV1.DAT [25/07/2009|11:01] C:\Users\A\AppData\Local\Google [14/03/2008|19:23] C:\Users\A\AppData\Local\History [22/11/2009|14:29] C:\Users\A\AppData\Local\IconCache.db [30/03/2008|09:53] C:\Users\A\AppData\Local\MediaDirect [22/11/2009|11:52] C:\Users\A\AppData\Local\Microsoft [30/07/2008|16:14] C:\Users\A\AppData\Local\Microsoft Games [14/03/2008|19:32] C:\Users\A\AppData\Local\MigWiz [14/03/2008|20:31] C:\Users\A\AppData\Local\Mozilla [06/08/2008|19:05] C:\Users\A\AppData\Local\Nero [01/04/2008|20:13] C:\Users\A\AppData\Local\Oblivion [21/11/2009|12:22] C:\Users\A\AppData\Local\PackageAware [29/03/2008|22:41] C:\Users\A\AppData\Local\Powercinema [14/03/2008|22:04] C:\Users\A\AppData\Local\Real [14/03/2008|22:10] C:\Users\A\AppData\Local\SupportSoft [22/11/2009|15:12] C:\Users\A\AppData\Local\Temp [14/03/2008|19:23] C:\Users\A\AppData\Local\Temporary Internet Files [16/03/2008|13:34] C:\Users\A\AppData\Local\VirtualStore --------------------\\ Tâches planifiées dans C:\Windows\tasks [22/11/2009 13:24][--a------] C:\Windows\tasks\ParetoLogic Registration.job [16/08/2009 03:31][--a------] C:\Windows\tasks\Driver Robot.job [22/11/2009 14:51][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2964503660-626179915-801367091-1000UA.job [21/11/2009 22:51][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2964503660-626179915-801367091-1000Core.job [22/11/2009 14:30][--ah-----] C:\Windows\tasks\SA.DAT [22/11/2009 14:29][--a------] C:\Windows\tasks\SCHEDLGU.TXT --------------------\\ Listing des dossiers dans C:\ProgramData [05/10/2009|22:00] C:\ProgramData\_Temp [21/11/2009|12:23] C:\ProgramData\{CCF7B54F-09A1-41ED-BA1B-471D81BFFC09} [07/03/2009|11:27] C:\ProgramData\2DBoy [10/11/2009|14:54] C:\ProgramData\Adobe [17/10/2009|10:10] C:\ProgramData\Apple [17/10/2009|10:11] C:\ProgramData\Apple Computer [14/03/2008|19:23] C:\ProgramData\Application Data [15/11/2009|12:17] C:\ProgramData\corn nurb nurb.h9e1qb1 [15/11/2009|12:17] C:\ProgramData\corn nurb nurb.jqzamui [12/03/2008|03:11] C:\ProgramData\CyberLink [20/11/2009|20:31] C:\ProgramData\DAEMON Tools Lite [14/03/2008|22:20] C:\ProgramData\Dell [14/03/2008|19:23] C:\ProgramData\Desktop [14/03/2008|19:23] C:\ProgramData\Documents [15/03/2008|00:18] C:\ProgramData\eMule [14/03/2008|19:23] C:\ProgramData\Favorites [10/02/2009|19:46] C:\ProgramData\Google [12/03/2008|02:59] C:\ProgramData\InstallShield [22/11/2009|11:06] C:\ProgramData\Malwarebytes [15/08/2009|15:05] C:\ProgramData\McAfee [15/11/2009|12:17] C:\ProgramData\mfcdlist [17/01/2009|11:02] C:\ProgramData\Microsoft [06/08/2008|19:28] C:\ProgramData\Nero [20/11/2009|20:34] C:\ProgramData\ntuser.pol [15/08/2009|21:56] C:\ProgramData\NVIDIA [22/11/2009|14:31] C:\ProgramData\nvModes.001 [22/11/2009|14:31] C:\ProgramData\nvModes.dat [22/11/2009|13:38] C:\ProgramData\ParetoLogic [14/03/2008|22:04] C:\ProgramData\Real [01/04/2008|18:31] C:\ProgramData\Roxio [12/03/2008|03:01] C:\ProgramData\Sonic [22/11/2009|12:57] C:\ProgramData\Spybot - Search & Destroy [21/11/2009|12:23] C:\ProgramData\Stardock [14/03/2008|19:23] C:\ProgramData\Start Menu [22/11/2009|11:14] C:\ProgramData\SUPERAntiSpyware.com [12/03/2008|03:08] C:\ProgramData\SupportSoft [22/11/2009|14:38] C:\ProgramData\TEMP [14/03/2008|19:23] C:\ProgramData\Templates [05/05/2008|21:55] C:\ProgramData\ZoomBrowser --------------------\\ Listing des dossiers dans C:\Program Files [20/11/2009|23:18] C:\Program Files\1C Company [02/05/2009|17:00] C:\Program Files\AC3Filter [16/03/2009|16:48] C:\Program Files\Adobe [15/08/2009|21:50] C:\Program Files\AGEIA Technologies [15/08/2009|22:27] C:\Program Files\Alcohol 120 [17/10/2009|10:10] C:\Program Files\Apple Software Update [22/11/2009|14:08] C:\Program Files\a-squared Free [25/08/2009|18:14] C:\Program Files\AviSynth 2.5 [12/03/2008|02:55] C:\Program Files\Broadcom [17/03/2008|22:13] C:\Program Files\Canon [22/11/2009|11:45] C:\Program Files\Common Files [12/03/2008|02:39] C:\Program Files\CONEXANT [11/08/2008|18:58] C:\Program Files\coolsitemapper [12/03/2008|03:11] C:\Program Files\CyberLink [20/11/2009|20:32] C:\Program Files\DAEMON Tools Lite [12/03/2008|03:11] C:\Program Files\Dell [12/03/2008|03:08] C:\Program Files\Dell Support Center [17/10/2009|14:18] C:\Program Files\Diablo II [12/03/2008|02:58] C:\Program Files\Digital Line Detect [28/02/2004|11:06] C:\Program Files\directx [11/01/2009|10:44] C:\Program Files\Driver NVIDIA [23/07/2009|05:41] C:\Program Files\Dropbox [25/08/2009|18:13] C:\Program Files\Easy DVD Creator [15/08/2009|20:59] C:\Program Files\EasyCleaner [10/05/2008|13:34] C:\Program Files\EasyPHP 2.0b1 [16/03/2008|11:02] C:\Program Files\eMule [31/08/2008|16:50] C:\Program Files\ExplorerView [14/03/2008|21:59] C:\Program Files\FastStone Image Viewer [14/03/2008|22:05] C:\Program Files\FastStone Photo Resizer [31/08/2008|08:12] C:\Program Files\FileZilla FTP Client [12/06/2009|21:29] C:\Program Files\Flickr Uploadr [24/08/2008|14:24] C:\Program Files\foobar2000 [08/04/2008|19:05] C:\Program Files\FreeMind [25/08/2009|18:14] C:\Program Files\Haali [22/11/2009|14:41] C:\Program Files\HijackThis [21/11/2009|12:23] C:\Program Files\Impulse [21/11/2009|13:29] C:\Program Files\Indie Games [20/11/2009|22:42] C:\Program Files\InfraRecorder [15/08/2009|14:57] C:\Program Files\InstallShield Installation Information [17/10/2009|10:12] C:\Program Files\Internet Explorer [14/03/2008|22:02] C:\Program Files\IZArc [30/08/2009|21:15] C:\Program Files\Java [14/03/2008|22:04] C:\Program Files\K-Lite Codec Pack [09/04/2008|19:00] C:\Program Files\Maguma Open Studio [22/11/2009|14:39] C:\Program Files\Malwarebytes' Anti-Malware [02/05/2009|16:55] C:\Program Files\Media Player Classic [15/11/2009|12:17] C:\Program Files\mfcdlist [02/11/2006|12:37] C:\Program Files\Microsoft Games [19/02/2009|18:29] C:\Program Files\Microsoft Games for Windows - LIVE [07/04/2008|19:35] C:\Program Files\Microsoft Office [25/09/2009|00:04] C:\Program Files\Microsoft Silverlight [08/07/2008|12:34] C:\Program Files\Microsoft Works [12/03/2008|02:57] C:\Program Files\Modem Diagnostic Tool [25/04/2009|16:12] C:\Program Files\Mount&Blade [25/08/2009|18:14] C:\Program Files\Movie DVD Maker [02/11/2006|12:42] C:\Program Files\Movie Maker [22/11/2009|14:37] C:\Program Files\Mozilla Firefox [14/03/2009|18:48] C:\Program Files\Mozilla Firefox3 [12/03/2009|15:40] C:\Program Files\MSBuild [02/11/2006|12:37] C:\Program Files\MSN [14/03/2008|19:54] C:\Program Files\MSXML 4.0 [12/03/2008|02:56] C:\Program Files\NetWaiting [09/04/2008|19:07] C:\Program Files\Notepad++ [15/08/2009|22:09] C:\Program Files\Photo Story 3 for Windows [07/03/2011|09:31] C:\Program Files\PowerISO [27/05/2008|20:01] C:\Program Files\ProtectDisc Driver Installer [17/10/2009|10:12] C:\Program Files\QuickTime [12/03/2009|15:40] C:\Program Files\Reference Assemblies [12/03/2008|02:54] C:\Program Files\SigmaTel [22/11/2009|12:57] C:\Program Files\Spybot - Search & Destroy [21/11/2009|12:22] C:\Program Files\Steam [25/07/2009|12:33] C:\Program Files\StreetFighterIV [22/11/2009|13:39] C:\Program Files\SUPERAntiSpyware [12/03/2008|10:33] C:\Program Files\Synaptics [15/08/2009|21:12] C:\Program Files\SystemRequirementsLab [29/10/2009|21:33] C:\Program Files\Torchlight [02/11/2006|13:01] C:\Program Files\Uninstall Information [20/11/2009|22:18] C:\Program Files\VirtualCloneDrive [08/06/2009|20:07] C:\Program Files\VLC [15/03/2008|10:11] C:\Program Files\Winamp [04/01/2009|10:51] C:\Program Files\Winamp5 [12/03/2008|10:27] C:\Program Files\Windows Calendar [12/03/2008|10:23] C:\Program Files\Windows Defender [02/11/2006|12:42] C:\Program Files\Windows Journal [22/11/2009|11:52] C:\Program Files\Windows Live Safety Center [14/03/2008|20:15] C:\Program Files\Windows Mail [15/08/2009|14:49] C:\Program Files\Windows Media Player [02/11/2006|12:37] C:\Program Files\Windows NT [02/11/2006|12:42] C:\Program Files\Windows Photo Gallery [14/03/2008|20:15] C:\Program Files\Windows Sidebar [08/02/2009|19:52] C:\Program Files\WinRAR --------------------\\ Listing des dossiers dans C:\Program Files\Common Files [08/07/2008|12:40] C:\Program Files\Common Files\ACD Systems [09/11/2009|20:00] C:\Program Files\Common Files\Adobe [17/10/2009|10:11] C:\Program Files\Common Files\Apple [19/08/2008|20:04] C:\Program Files\Common Files\Blizzard Entertainment [11/08/2008|18:58] C:\Program Files\Common Files\Borland Shared [17/03/2008|22:12] C:\Program Files\Common Files\Canon [07/04/2008|19:35] C:\Program Files\Common Files\Designer [12/03/2008|02:59] C:\Program Files\Common Files\InstallShield [12/03/2008|02:53] C:\Program Files\Common Files\Java [15/08/2009|22:09] C:\Program Files\Common Files\microsoft shared [06/08/2008|19:28] C:\Program Files\Common Files\Nero [22/11/2009|13:38] C:\Program Files\Common Files\ParetoLogic [01/04/2008|18:31] C:\Program Files\Common Files\Roxio Shared [02/11/2006|11:18] C:\Program Files\Common Files\Services [25/08/2009|18:14] C:\Program Files\Common Files\SourceTec [02/11/2006|11:18] C:\Program Files\Common Files\SpeechEngines [15/08/2009|22:07] C:\Program Files\Common Files\Steam [12/03/2008|03:08] C:\Program Files\Common Files\supportsoft [12/03/2008|10:32] C:\Program Files\Common Files\System [22/11/2009|13:39] C:\Program Files\Common Files\Wise Installation Wizard --------------------\\ Process ( 56 Processes ) iexplore.exe ~ [PID:3520] --------------------\\ Recherche avec S_Lop C:\ProgramData\corn nurb nurb.h9e1qb1 C:\ProgramData\corn nurb nurb.jqzamui C:\ProgramData\mfcdlist C:\ProgramData\mfcdlist\Hearttwo.exe --------------------\\ Recherche de Fichiers / Dossiers Lop C:\Users\A\AppData\Roaming\MICROS~1\Windows\Cookies\[email protected][2].txt C:\Users\A\AppData\Roaming\MICROS~1\Windows\Cookies\[email protected][2].txt --------------------\\ Verification du Registre [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\joy 32 inter] "DisplayName"="CiD Help" "UninstallString"="C:\\PROGRA~2\\mfcdlist\\Hearttwo.exe -uninstall" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bird For"="\"C:\\ProgramData\\corn nurb nurb.jqzamui\"" --------------------\\ Verification du fichier Hosts Fichier Hosts PROPRE --------------------\\ Recherche de fichiers avec Catchme catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-22 15:14:56 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden files: 0 --------------------\\ Recherche d'autres infections --------------------\\ Cracks & Keygens .. C:\Users\A\AppData\Roaming\uTorrent\Mount & Blade 1.011 Crack.torrent C:\Users\A\AppData\Roaming\uTorrent\RISE.OF.NATIONS.RISE.OF.LEGENDS-NoCd Crack.torrent C:\Users\A\AppData\Roaming\uTorrent\Titan Quest + Immortal Throne + Patch + Crack.torrent [F:23][D:126]-> C:\Users\A\AppData\Local\Temp [F:172][D:1]-> C:\Users\A\AppData\Roaming\MICROS~1\Windows\Cookies [F:321][D:4]-> C:\Users\A\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5 [F:9][D:5]-> C:\$Recycle.Bin 1 - "C:\Lop SD\LopR_1.txt" - 22/11/2009|15:18 - Option : [1] --------------------\\ Fin du rapport a 15:18:07 [ UAC => 1 ]
  9. Bonjour à tous, Je galère à mort pour éradiquer une saloperie de trojan. A chaque demarrage de Windows, Windows Defender détecte et alerte sur : Backdoor:Win32/Rbot.gen Depuis ce matin, j'ai passé des heures et des heures à installer différents antimalwares, et scanner mon disque. A chaque fois, rien n'est détecté. Et pourtant, à chaque démarrage, la même alerte windows. J'ai regardé sur internet, ce trojan a l'air assez méchant. Je ne sais pas du tout comment faire pour le supprimer. Ca serait vraiment super sympa de jeter un coup d'oeil à mon log hijackthis : MERCI!!!!! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:13:16, on 22/11/2009 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16916) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\sttray.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Dell Support Center\bin\sprtcmd.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Users\A\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ie/ig/dell?hl=en&cli...amp;ibd=1080312 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ie/ig/dell?hl=en&cli...amp;ibd=1080312 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing) O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (file missing) O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing) O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [bird For] "C:\ProgramData\corn nurb nurb.jqzamui" O4 - HKLM\..\Run: [Remote File] C:\Users\A\AppData\Local\Temp\rashost.exe O4 - HKLM\..\Run: [EnableDCOM] N O4 - HKLM\..\Run: [restrictanonymous] O4 - HKLM\..\Run: [restrictanonymoussam] O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunServices: [Remote File] C:\Users\A\AppData\Local\Temp\rashost.exe O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [Google Update] "C:\Users\A\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Remote File] C:\Users\A\AppData\Local\Temp\rashost.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O4 - Global Startup: QuickSet.lnk = ? O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O13 - Gopher Prefix: O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/s...te/certdgi1.cab O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...r/wlscctrl2.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing) O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 8361 bytes
×
×
  • Créer...