luminou13

le rapport log Logfile of random's system information tool 1.06 (written by random/random) Run by butters at 2010-02-15 21:26:23 Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 System drive C: has 184 GB (81%) free of 228 GB Total RAM: 3002 MB (60% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:26:30, on 15/02/2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Internet Explorer\ieuser.exe C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Everest Poker\Everest Poker.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\butters\Desktop\RSIT.exe C:\Program Files\trend micro\butters.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...rio&pf=cnnb R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe" O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" O4 - HKLM\..\Run: [uCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [updatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe -- End of file - 9388 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-10-28 150040] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-10-28 178712] "Persistence"=C:\Windows\system32\igfxpers.exe [2008-10-28 154136] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-12-04 1410344] "QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-09-23 468264] "UpdateLBPShortCut"=C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2008-06-13 210216] "UpdatePSTShortCut"=C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-12-24 210216] "UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2008-12-03 218408] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-10-10 206128] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "UpdateP2GoShortCut"=C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-10-30 210216] "UpdatePDIRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-06-13 210216] "HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008] "HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576] "WirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-12-08 432432] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280] "SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-01-20 483420] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-01-07 1394000] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"=C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe [2009-10-28 257440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-10-28 221184] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2010-02-15 21:26:24 ----D---- C:\Program Files\trend micro 2010-02-15 21:26:23 ----D---- C:\rsit 2010-02-15 19:40:28 ----D---- C:\Users\butters\AppData\Roaming\Malwarebytes 2010-02-15 19:40:21 ----D---- C:\ProgramData\Malwarebytes 2010-02-15 19:40:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-02-14 21:31:28 ----D---- C:\Windows\system32\vi-VN 2010-02-14 21:31:28 ----D---- C:\Windows\system32\eu-ES 2010-02-14 21:31:28 ----D---- C:\Windows\system32\ca-ES 2010-02-14 21:20:42 ----D---- C:\Windows\system32\EventProviders 2010-02-14 21:20:38 ----D---- C:\ada7792d4d197b8db64b2eae7788 2010-02-10 22:20:16 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-02-10 22:20:16 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-02-10 22:20:13 ----A---- C:\Windows\system32\quartz.dll 2010-02-10 22:20:12 ----A---- C:\Windows\system32\tsbyuv.dll 2010-02-10 22:20:12 ----A---- C:\Windows\system32\msyuv.dll 2010-02-10 22:20:12 ----A---- C:\Windows\system32\msvidc32.dll 2010-02-10 22:20:12 ----A---- C:\Windows\system32\msvfw32.dll 2010-02-10 22:20:12 ----A---- C:\Windows\system32\msrle32.dll 2010-02-10 22:20:12 ----A---- C:\Windows\system32\mciavi32.dll 2010-02-10 22:20:12 ----A---- C:\Windows\system32\iyuv_32.dll 2010-02-10 22:20:12 ----A---- C:\Windows\system32\avifil32.dll 2010-01-22 09:09:04 ----A---- C:\Windows\system32\mshtml.dll 2010-01-22 09:09:01 ----A---- C:\Windows\system32\ieframe.dll 2010-01-22 09:08:59 ----A---- C:\Windows\system32\wininet.dll 2010-01-22 09:08:57 ----A---- C:\Windows\system32\urlmon.dll 2010-01-22 09:08:55 ----A---- C:\Windows\system32\ieapfltr.dll 2010-01-22 09:08:54 ----A---- C:\Windows\system32\ieui.dll 2010-01-22 09:08:53 ----A---- C:\Windows\system32\iepeers.dll 2010-01-22 09:08:53 ----A---- C:\Windows\system32\ieencode.dll 2010-01-17 21:19:52 ----D---- C:\ProgramData\Babylon 2010-01-17 21:19:51 ----D---- C:\Users\butters\AppData\Roaming\Babylon ======List of files/folders modified in the last 1 months====== 2010-02-15 21:26:27 ----D---- C:\Windows\Temp 2010-02-15 21:26:24 ----RD---- C:\Program Files 2010-02-15 20:55:03 ----A---- C:\ProgramData\HPWALog.txt 2010-02-15 20:44:45 ----D---- C:\Program Files\Everest Poker 2010-02-15 20:40:29 ----D---- C:\Windows\System32 2010-02-15 20:40:29 ----D---- C:\Windows\inf 2010-02-15 20:40:29 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-02-15 20:36:37 ----HD---- C:\ProgramData 2010-02-15 20:36:24 ----A---- C:\ProgramData\hpqp.ini 2010-02-15 20:35:46 ----D---- C:\Windows\system32\drivers 2010-02-15 20:35:08 ----D---- C:\Windows\Globalization 2010-02-15 19:40:34 ----SHD---- C:\System Volume Information 2010-02-15 19:37:21 ----SD---- C:\ProgramData\Microsoft 2010-02-14 21:51:01 ----D---- C:\Windows\rescache 2010-02-14 21:41:26 ----D---- C:\Windows\Microsoft.NET 2010-02-14 21:41:25 ----RSD---- C:\Windows\assembly 2010-02-14 21:37:32 ----D---- C:\Windows 2010-02-14 21:37:26 ----SHD---- C:\boot 2010-02-14 21:37:13 ----D---- C:\Windows\system32\catroot 2010-02-14 21:37:03 ----D---- C:\Windows\Prefetch 2010-02-14 21:35:29 ----D---- C:\Windows\system32\catroot2 2010-02-14 21:31:57 ----D---- C:\Program Files\Windows Sidebar 2010-02-14 21:31:57 ----D---- C:\Program Files\Windows Photo Gallery 2010-02-14 21:31:57 ----D---- C:\Program Files\Windows Media Player 2010-02-14 21:31:57 ----D---- C:\Program Files\Windows Mail 2010-02-14 21:31:57 ----D---- C:\Program Files\Windows Collaboration 2010-02-14 21:31:57 ----D---- C:\Program Files\Windows Calendar 2010-02-14 21:31:57 ----D---- C:\Program Files\Movie Maker 2010-02-14 21:31:57 ----D---- C:\Program Files\Internet Explorer 2010-02-14 21:31:57 ----D---- C:\Program Files\Common Files\System 2010-02-14 21:31:56 ----D---- C:\Windows\servicing 2010-02-14 21:31:56 ----D---- C:\Program Files\Windows Defender 2010-02-14 21:31:49 ----D---- C:\Windows\system32\XPSViewer 2010-02-14 21:31:49 ----D---- C:\Windows\system32\sk-SK 2010-02-14 21:31:49 ----D---- C:\Windows\system32\oobe 2010-02-14 21:31:49 ----D---- C:\Windows\system32\migration 2010-02-14 21:31:49 ----D---- C:\Windows\system32\lv-LV 2010-02-14 21:31:49 ----D---- C:\Windows\system32\ko-KR 2010-02-14 21:31:49 ----D---- C:\Windows\system32\it-IT 2010-02-14 21:31:49 ----D---- C:\Windows\system32\hr-HR 2010-02-14 21:31:49 ----D---- C:\Windows\system32\fr 2010-02-14 21:31:49 ----D---- C:\Windows\system32\et-EE 2010-02-14 21:31:49 ----D---- C:\Windows\system32\en-US 2010-02-14 21:31:49 ----D---- C:\Windows\system32\el-GR 2010-02-14 21:31:49 ----D---- C:\Windows\system32\de-DE 2010-02-14 21:31:49 ----D---- C:\Windows\system32\da-DK 2010-02-14 21:31:49 ----D---- C:\Windows\IME 2010-02-14 21:31:48 ----D---- C:\Windows\system32\ru-RU 2010-02-14 21:31:48 ----D---- C:\Windows\system32\fr-FR 2010-02-14 21:31:48 ----D---- C:\Windows\system32\AdvancedInstallers 2010-02-14 21:31:47 ----D---- C:\Windows\system32\sv-SE 2010-02-14 21:31:47 ----D---- C:\Windows\system32\SLUI 2010-02-14 21:31:47 ----D---- C:\Windows\system32\setup 2010-02-14 21:31:47 ----D---- C:\Windows\system32\pt-PT 2010-02-14 21:31:47 ----D---- C:\Windows\system32\hu-HU 2010-02-14 21:31:47 ----D---- C:\Windows\system32\he-IL 2010-02-14 21:31:47 ----D---- C:\Windows\system32\fi-FI 2010-02-14 21:31:47 ----D---- C:\Windows\system32\cs-CZ 2010-02-14 21:31:46 ----D---- C:\Windows\system32\zh-TW 2010-02-14 21:31:46 ----D---- C:\Windows\system32\zh-CN 2010-02-14 21:31:46 ----D---- C:\Windows\system32\uk-UA 2010-02-14 21:31:46 ----D---- C:\Windows\system32\th-TH 2010-02-14 21:31:46 ----D---- C:\Windows\system32\sr-Latn-CS 2010-02-14 21:31:46 ----D---- C:\Windows\system32\sl-SI 2010-02-14 21:31:46 ----D---- C:\Windows\system32\ro-RO 2010-02-14 21:31:46 ----D---- C:\Windows\system32\pl-PL 2010-02-14 21:31:46 ----D---- C:\Windows\system32\manifeststore 2010-02-14 21:31:46 ----D---- C:\Windows\system32\ja-JP 2010-02-14 21:31:46 ----D---- C:\Windows\system32\es-ES 2010-02-14 21:31:46 ----D---- C:\Windows\system32\bg-BG 2010-02-14 21:31:45 ----D---- C:\Windows\system32\wbem 2010-02-14 21:31:45 ----D---- C:\Windows\system32\tr-TR 2010-02-14 21:31:45 ----D---- C:\Windows\system32\pt-BR 2010-02-14 21:31:45 ----D---- C:\Windows\system32\nl-NL 2010-02-14 21:31:45 ----D---- C:\Windows\system32\nb-NO 2010-02-14 21:31:45 ----D---- C:\Windows\system32\migwiz 2010-02-14 21:31:45 ----D---- C:\Windows\system32\lt-LT 2010-02-14 21:31:45 ----D---- C:\Windows\system32\ar-SA 2010-02-14 21:31:33 ----RSD---- C:\Windows\Fonts 2010-02-14 21:31:33 ----D---- C:\Windows\AppPatch 2010-02-14 21:31:28 ----D---- C:\Windows\system32\Boot 2010-02-14 21:27:38 ----D---- C:\Windows\winsxs 2010-02-04 21:13:47 ----D---- C:\Windows\system32\Tasks 2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe 2010-01-28 18:55:38 ----D---- C:\Program Files\PokerStars 2010-01-27 19:14:58 ----D---- C:\Program Files\Mozilla Firefox 2010-01-17 21:21:14 ----D---- C:\Program Files\TVAnts ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2009-11-25 23120] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2009-11-25 114768] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2009-11-25 48560] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-11-25 53328] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-12-19 1093120] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-10-28 2476544] R3 IntcHdmiAddService;Intel® High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-09-22 112128] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-12-23 138240] R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt.sys [2009-01-20 394240] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-12-04 204976] R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664] S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\aestsrv.exe [2009-01-20 81920] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680] R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504] R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728] R2 Recovery Service for Windows;Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [2008-12-23 365952] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2008-11-26 247152] R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_fa807195\STacSV.exe [2009-01-20 249938] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920] R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-12-04 222512] R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-23 223232] S3 GameConsoleService;GameConsoleService; C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2008-05-05 165416] S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2009-09-17 3397716] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF-----------------

je pense qu il ny a plus de pb j ai fait un scan avec windows defender par contre je sais pas comment on passe le sujet en résolu

j ai suivi ta procédure nardino vista 2010 a disparu je poste le rapport et je te remercie Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3741 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 15/02/2010 20:34:36 mbam-log-2010-02-15 (20-34-36).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 286537 Temps écoulé: 52 minute(s), 23 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 1 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 2 Processus mémoire infecté(s): C:\Users\butters\AppData\Local\av.exe (Rogue.MultipleAV) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\secfile (Trojan.Fakealert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Users\butters\AppData\Local\av.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Users\butters\Local Settings\Application Data\av.exe (ROGUE.Win7Antispyware2010) -> Quarantined and deleted successfully.

Ok Merci Nardino Je vais tenter ça ce soir. Comme je n'ai plus accés au navigateurs internet, il faut que je télécharge le logiciel sur un autre PC et que le charge sur une clé ou un disque externe.Mais est ce que ce virus ne peut pas ensuite infecter la clé USB et transmettre le virus sur un autre ordi ?

Bonjour, encore un pc infecté par ce virus c est arrivé hier soir et depuis je ne peux plus accéder a IE ni mozilla j'ai vu sur le net divers logiciels à télécharger. Pouvez- vous m'indiquer par lequel commencer? par avance merci