bonjour et merci d'avance besoin aide décontamination

[AGECOBOY]

bonsoir ,désolé mais malware est installé mais ne se lance pas.

Essayé bien sur plusieurs fois.

amicalement

[no.ppp]

Bonsoir,

 

Désolé pour ce long délai.

 

Relance RSIT et envoie le rapport que je vois un peu où on en est.

[AGECOBOY]

Désolé pour ce long délai.

 

bonsoir aucun problème je viens moi aussi de te relire ce soir à 18h30,d'autres problèmes plus graves,donc

tu fais comme tu peux et c'est déjà sympa

 

le log

Logfile of random's system information tool 1.04 (written by random/random)

Run by Eric at 2008-12-19 18:36:51

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 395 GB (84%) free of 472 GB

Total RAM: 2046 MB (70% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:36:54, on 19/12/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\CTXFIHLP.EXE

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\osd.exe

C:\WINDOWS\Resources\Themes\VistaXP\vt\VisualToolTip.exe

C:\WINDOWS\SYSTEM32\CTXFISPI.EXE

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Hercules\WiFi Station\WifiStation.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Eric\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

C:\Documents and Settings\Eric\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\Program Files\Java\jre1.6.0_04\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe

C:\Documents and Settings\Eric\Bureau\RSIT.exe

C:\Program Files\HP\hpcoretech\comp\hpdarc.exe

C:\Program Files\trend micro\Eric.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neuf.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE

O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE

O4 - HKLM\..\Run: [OSD] C:\WINDOWS\osd.exe

O4 - HKLM\..\Run: [VisualTooltip] C:\WINDOWS\Resources\Themes\VistaXP\vt\VisualToolTip.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-18 Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Eric\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Eric\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe (User 'Default user')

O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Eric\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: WiFi Station.lnk = ?

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll

O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Documents and Settings\Eric\Mes documents\mes logiciels\Titan Poker\casino.exe

O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Documents and Settings\Eric\Mes documents\mes logiciels\Titan Poker\casino.exe

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.sony-europe.com

O15 - Trusted Zone: *.sonystyle-europe.com

O15 - Trusted Zone: *.vaio-link.com

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15033/CTPID.cab

O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll

O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

 

--

End of file - 9184 bytes

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2004-05-12 744960]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2007-10-27 2436160]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-11-29 737776]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-08-05 64512]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]

"CTHelper"=C:\WINDOWS\system32\CTHELPER.EXE [2006-11-28 19456]

"CTxfiHlp"=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-11-28 20480]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792]

"P17Helper"=Rundll32 P17.dll []

"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]

"OSD"=C:\WINDOWS\osd.exe [2007-01-21 86016]

"VisualTooltip"=C:\WINDOWS\Resources\Themes\VistaXP\vt\VisualToolTip.exe [2007-04-25 956928]

"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-07-08 7110656]

"NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-15 153136]

"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-08-04 49152]

"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2007-11-19 214456]

"SetDefaultMIDI"=C:\WINDOWS\MIDIDef.exe [2006-08-17 25600]

"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WifiStation.exe

Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

 

C:\Documents and Settings\Eric\Menu Démarrer\Programmes\Démarrage

Outil de notification Live Search.lnk - C:\Documents and Settings\Eric\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]

C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll [2007-10-17 10792]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDrives"=0

"NoDriveAutoRun"=67108863

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java Platform SE binary"

"C:\Documents and Settings\Eric\Mes documents\mes logiciels\incredimail_install.exe"="C:\Documents and Settings\Eric\Mes documents\mes logiciels\incredimail_install.exe:*:Enabled:IncrediMail Installer"

"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"

"C:\Program Files\adslTV\adsltv.exe"="C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28b87136-0b1b-11dd-be88-0060b3ce4220}]

shell\AutoRun\command - H:\start.exe

shell\iledefrance\command - H:\start.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95c24e78-7d98-11dc-be32-0013721228db}]

shell\AutoRun\command - wd_windows_tools\setup.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8101cce-ab10-11dc-be63-0008d3350bfe}]

shell\AutoRun\command - K:\setupSNK.exe

 

 

======List of files/folders created in the last 1 months======

 

2008-12-13 09:07:14 ----SHD---- C:\RECYCLER

2008-12-12 20:42:03 ----D---- C:\WINDOWS\temp

2008-12-12 20:42:02 ----A---- C:\ComboFix.txt

2008-12-12 20:34:21 ----A---- C:\Boot.bak

2008-12-12 20:34:19 ----RASHD---- C:\cmdcons

2008-12-12 20:30:22 ----A---- C:\WINDOWS\NIRCMD.exe

2008-12-12 20:30:19 ----D---- C:\WINDOWS\ERDNT

2008-12-12 20:30:19 ----D---- C:\Qoobox

2008-12-12 18:07:33 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$

2008-12-12 18:07:03 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$

2008-12-12 18:06:58 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$

2008-12-12 18:06:50 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$

2008-12-10 20:38:37 ----D---- C:\Documents and Settings\Eric\Application Data\Malwarebytes

2008-12-10 20:38:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2008-12-09 21:45:36 ----D---- C:\_OTMoveIt

2008-12-08 22:39:17 ----D---- C:\rsit

2008-12-08 22:39:17 ----D---- C:\Program Files\trend micro

2008-12-08 22:04:53 ----A---- C:\WINDOWS\ntbtlog.txt

2008-12-07 18:01:44 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$

2008-12-07 18:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$

2008-12-07 18:00:55 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$

2008-12-07 18:00:45 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$

2008-12-07 14:51:22 ----D---- C:\WINDOWS\SxsCaPendDel

2008-12-07 13:32:10 ----D---- C:\Program Files\Avira

2008-12-07 13:32:10 ----D---- C:\Documents and Settings\All Users\Application Data\Avira

2008-12-07 11:02:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-12-06 22:17:12 ----D---- C:\Documents and Settings\Eric\Application Data\Talkback

2008-12-06 22:16:16 ----D---- C:\Program Files\Mozilla Firefox

2008-12-06 21:22:46 ----D---- C:\Program Files\AxBx

2008-12-06 09:09:33 ----D---- C:\Documents and Settings\Eric\Application Data\Windows Search

2008-12-05 23:37:22 ----HDC---- C:\WINDOWS\$NtUninstallKB943729$

2008-12-05 23:37:18 ----D---- C:\Program Files\Microsoft Silverlight

2008-12-05 23:36:45 ----D---- C:\Documents and Settings\Eric\Application Data\Windows Desktop Search

2008-12-05 23:36:10 ----HD---- C:\WINDOWS\system32\GroupPolicy

2008-12-05 23:36:10 ----D---- C:\Program Files\Windows Desktop Search

2008-12-05 23:35:57 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$

2008-12-05 23:35:50 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$

2008-12-05 23:35:13 ----N---- C:\WINDOWS\system32\spmsg.dll

2008-12-05 23:35:12 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$

2008-12-05 23:34:41 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$

2008-12-05 23:33:37 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$

2008-12-05 23:33:01 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$

2008-12-05 23:32:16 ----HDC---- C:\WINDOWS\$NtUninstallKB925766$

2008-12-05 21:02:24 ----SHD---- C:\Config.Msi

2008-12-05 08:12:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$

2008-12-05 08:12:11 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$

2008-12-04 20:03:46 ----D---- C:\WINDOWS\system32\logs

2008-12-04 20:03:22 ----D---- C:\Program Files\BitDefender

2008-12-04 20:02:03 ----D---- C:\Program Files\Fichiers communs\BitDefender

2008-12-04 19:52:46 ----D---- C:\WINDOWS\BDOSCAN8

2008-12-04 13:41:58 ----A---- C:\WINDOWS\OEWABLog.txt

2008-12-04 13:41:40 ----D---- C:\WINDOWS\Prefetch

2008-12-04 13:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$

2008-12-04 13:11:22 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$

2008-12-04 13:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$

2008-12-04 13:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$

2008-12-04 13:11:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$

2008-12-04 13:10:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$

2008-12-04 13:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$

2008-12-04 13:10:46 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$

2008-12-04 13:10:40 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$

2008-12-04 13:10:34 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$

2008-12-04 13:10:28 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$

2008-12-04 13:10:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$

2008-12-04 13:10:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$

2008-12-04 13:10:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$

2008-12-04 13:10:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$

2008-12-04 13:10:00 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$

2008-12-04 13:09:53 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$

2008-12-04 13:09:49 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$

2008-12-04 13:08:19 ----A---- C:\WINDOWS\setuplog.txt

2008-12-04 13:07:48 ----D---- C:\WINDOWS\system32\fr

2008-12-04 13:07:48 ----D---- C:\WINDOWS\system32\bits

2008-12-04 13:07:48 ----D---- C:\WINDOWS\l2schemas

2008-12-04 13:06:44 ----D---- C:\WINDOWS\ServicePackFiles

2008-12-04 13:05:17 ----A---- C:\WINDOWS\imsins.BAK

2008-12-04 13:04:16 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$

2008-11-24 21:35:58 ----A---- C:\WINDOWS\system32\ltclr13n.dll

2008-11-24 21:35:58 ----A---- C:\WINDOWS\system32\lftif13n.dll

2008-11-24 21:35:58 ----A---- C:\WINDOWS\system32\lffax13n.dll

 

======List of files/folders modified in the last 1 months======

 

2008-12-19 18:34:53 ----A---- C:\WINDOWS\lvkosd.ini

2008-12-19 18:00:22 ----SHD---- C:\WINDOWS\Installer

2008-12-18 22:19:05 ----D---- C:\WINDOWS\system32\CatRoot2

2008-12-18 18:35:30 ----D---- C:\WINDOWS

2008-12-18 18:06:37 ----D---- C:\WINDOWS\Registration

2008-12-18 18:06:17 ----D---- C:\WINDOWS\system32

2008-12-18 18:05:45 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-12-18 18:00:37 ----HD---- C:\WINDOWS\inf

2008-12-18 18:00:34 ----RSHDC---- C:\WINDOWS\system32\dllcache

2008-12-18 18:00:32 ----D---- C:\WINDOWS\ie7updates

2008-12-18 18:00:27 ----HD---- C:\WINDOWS\$hf_mig$

2008-12-16 21:53:29 ----D---- C:\WINDOWS\system32\drivers

2008-12-14 14:13:28 ----SHD---- C:\System Volume Information

2008-12-14 14:13:28 ----D---- C:\WINDOWS\system32\Restore

2008-12-14 13:51:36 ----D---- C:\Program Files\Audacity

2008-12-14 13:45:01 ----SD---- C:\WINDOWS\Downloaded Program Files

2008-12-14 13:42:27 ----RD---- C:\Program Files

2008-12-13 18:55:01 ----D---- C:\WINDOWS\system32\oodag

2008-12-13 12:20:30 ----D---- C:\Documents and Settings\Eric\Application Data\Adobe

2008-12-13 07:37:56 ----A---- C:\WINDOWS\system32\mshtml.dll

2008-12-12 20:39:25 ----A---- C:\WINDOWS\system.ini

2008-12-12 20:38:18 ----D---- C:\WINDOWS\system32\config

2008-12-12 20:37:38 ----D---- C:\WINDOWS\AppPatch

2008-12-12 20:37:38 ----D---- C:\Program Files\Fichiers communs

2008-12-12 20:34:21 ----RASH---- C:\boot.ini

2008-12-12 18:13:34 ----D---- C:\Program Files\Internet Explorer

2008-12-07 18:00:51 ----D---- C:\WINDOWS\system32\CatRoot

2008-12-07 14:51:22 ----D---- C:\WINDOWS\WinSxS

2008-12-07 11:18:28 ----D---- C:\Program Files\Yahoo!

2008-12-06 22:26:52 ----D---- C:\Documents and Settings\Eric\Application Data\Mozilla

2008-12-06 19:30:01 ----D---- C:\WINDOWS\Minidump

2008-12-06 18:23:52 ----A---- C:\WINDOWS\NeroDigital.ini

2008-12-06 00:01:00 ----D---- C:\WINDOWS\ehome

2008-12-05 23:37:25 ----D---- C:\WINDOWS\system32\wbem

2008-12-05 23:37:06 ----RSD---- C:\WINDOWS\assembly

2008-12-05 23:36:24 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2008-12-05 23:36:19 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-12-05 23:36:13 ----D---- C:\WINDOWS\system32\fr-fr

2008-12-05 23:35:06 ----A---- C:\WINDOWS\win.ini

2008-12-05 23:34:50 ----D---- C:\Program Files\Windows Media Connect 2

2008-12-05 23:34:49 ----D---- C:\Program Files\Windows Media Player

2008-12-05 23:34:47 ----D---- C:\WINDOWS\Help

2008-12-05 23:33:05 ----D---- C:\WINDOWS\system32\LogFiles

2008-12-05 22:57:26 ----D---- C:\WINDOWS\network diagnostic

2008-12-04 13:44:06 ----D---- C:\WINDOWS\Debug

2008-12-04 13:20:30 ----RSD---- C:\WINDOWS\Fonts

2008-12-04 13:20:30 ----D---- C:\WINDOWS\system32\Setup

2008-12-04 13:19:49 ----D---- C:\WINDOWS\security

2008-12-04 13:09:54 ----D---- C:\Program Files\Messenger

2008-12-04 13:07:55 ----D---- C:\WINDOWS\system32\inetsrv

2008-12-04 13:07:54 ----D---- C:\WINDOWS\ime

2008-12-04 13:07:48 ----D---- C:\WINDOWS\system32\usmt

2008-12-04 13:07:48 ----D---- C:\WINDOWS\PeerNet

2008-12-04 13:07:48 ----D---- C:\Program Files\Movie Maker

2008-12-04 13:06:38 ----D---- C:\WINDOWS\system32\npp

2008-12-04 13:06:38 ----D---- C:\WINDOWS\msagent

2008-12-04 13:06:37 ----D---- C:\WINDOWS\srchasst

2008-12-04 13:06:37 ----D---- C:\Program Files\NetMeeting

2008-12-04 13:06:36 ----D---- C:\WINDOWS\system32\Com

2008-12-04 13:06:35 ----D---- C:\Program Files\Windows NT

2008-12-04 13:06:35 ----D---- C:\Program Files\Outlook Express

2008-12-04 13:06:33 ----D---- C:\Program Files\Fichiers communs\System

2008-12-04 13:06:25 ----D---- C:\WINDOWS\system32\oobe

2008-12-04 13:06:24 ----D---- C:\WINDOWS\system

2008-12-03 19:43:00 ----SD---- C:\WINDOWS\Tasks

2008-12-01 16:21:02 ----D---- C:\Documents and Settings\Eric\Application Data\OpenOffice.org2

2008-12-01 09:13:49 ----D---- C:\Documents and Settings\Eric\Application Data\Azureus

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2007-12-19 43488]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-12-10 75072]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-10-27 20747]

R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2004-09-24 15781]

R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-08-17 502272]

R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-17 500480]

R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-08-17 7168]

R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-08-17 143872]

R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-03-31 180736]

R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-08-17 78336]

R3 ha20x2k;Creative 20X HAL Driver; C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-08-17 1110528]

R3 HidIr;Pilote HID infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\hidir.sys [2008-04-13 19200]

R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-01-05 51056]

R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-01-05 16496]

R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-01-05 21488]

R3 IrBus;Pilote de filtre de bus infrarouge pour les contrôles distants eHome; C:\WINDOWS\system32\DRIVERS\IrBus.sys [2008-04-13 46592]

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12288]

R3 NBXG7031;NB 802.11g XG703 SP1 Driver; C:\WINDOWS\system32\DRIVERS\WlanUIG.sys [2004-09-24 381312]

R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-07-08 3198304]

R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-17 116224]

R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

R3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 61883;Pilote d'unité 61883; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]

S3 Avc;Périphérique AVC; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]

S3 catchme;catchme; \??\C:\pouetpouet\catchme.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2006-08-17 340176]

S3 hcwPP2;Hauppauge WinTV PVR PCI II ([23|25|26]xxx); C:\WINDOWS\system32\DRIVERS\hcwPP2.sys [2005-03-15 148608]

S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]

S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []

S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []

S3 RT2500USB;Hercules Wireless USB Dongle Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-01-12 252928]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]

R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2006-10-09 237568]

R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]

R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-07-08 127043]

R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2005-11-02 265216]

R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

R3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-01-05 65795]

R3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 GoToAssist;GoToAssist; C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe [2007-10-17 16936]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-27 138168]

S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-03-22 779824]

S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-03-22 271920]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

 

-----------------EOF-----------------

[no.ppp]

Bonsoir,

 

Sais-tu ce qu'est H:\start.exe ?

 

Toujours impossible de lancer MBAM ? Si oui, supprime le, retélécharge le, renomme le setup en ce que tu veux (on sait jamais) et relance le.

[no.ppp]

Bonjour,

 

start.exe, c'est crapis (merci Le Sioux)

 

Télécharge Flash Disinfector sur ton Bureau

Connecte tous les périphériques externes infectés (DD, USB, etc ...)

Ne les ouvre pas.

Double clique sur Flash Disinfector et laisse-toi guider.

 

 

Ce que tu peux faire avec MBAM également, c'est renommé le setup, mais également renommer MalwareByte's Antimalware en ce que tu veux (pouetpouet par exemple) puis de le lancer (branche bien tes périphériques externes également )

[AGECOBOY]

bonsoir ,avec difficulté j'ai réussi mbam en mode sans échec

voici le log

j'avais fait avant un disinfector mais pas l'air de s'ètre passé grand chose

bon ap et joyeux noel

 

 

Malwarebytes' Anti-Malware 1.31

Version de la base de données: 1537

Windows 5.1.2600 Service Pack 3

 

23/12/2008 20:07:49

mbam-log-2008-12-23 (20-07-49).txt

 

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|I:\|J:\|)

Eléments examinés: 224297

Temps écoulé: 36 minute(s), 46 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 2

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

C:\Documents and Settings\Eric\Local Settings\temp\TDSS86d4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\Documents and Settings\Eric\Local Settings\temp\TDSS86e4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

[no.ppp]

Bonjour,

 

Pour tes périphériques, on va tenter comme çà :

 

Telecharge UsbFix sur ton bureau

Lance l installation avec les paramètres par defaut

Branche tes périphériques externes (clé USB, disque dur externe, etc...) susceptible d'avoir été infectés sans les ouvrir

Double clique sur le raccourci UsbFix sur ton bureau

Choisis l'option 1 (nettoyage)

Le pc va redémarrer

Après redémarrage post le rapport UsbFix.txt

 

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque

[AGECOBOY]

salut

j'ai pas du faire comme il faut avec usbfix,il me parlait de suppression, c'avait l'air chaud

 

 

-------------- UsbFix V2.413.7 ---------------

 

* User : Eric - DELL

* Outils mis a jours le 24/12/2008 par Chiquitine29 et Chimay8

* Recherche effectuée à 23:20:03 le 25/12/2008

* Windows Xp - Internet Explorer 7.0.5730.13

 

 

--------------- [ Processus actifs ] ----------------

 

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\CTsvcCDA.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\oodag.exe

C:\WINDOWS\eHome\ehRec.exe

C:\WINDOWS\system32\logonui.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\userinit.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\SearchIndexer.exe

 

--------------- [ Informations lecteurs ] ----------------

 

C: - Lecteur fixe

 

G: - Lecteur amovible

 

H: - Lecteur fixe

 

I: - Lecteur de CD-ROM

 

J: - Lecteur de CD-ROM

 

K: - Lecteur amovible

 

 

+- Contenu de l'autorun : C:\autorun.inf

 

 

 

+- Contenu de l'autorun : G:\autorun.inf

 

 

 

+- Contenu de l'autorun : H:\autorun.inf

 

[Autorun]

OPEN=rundll32.exe url,FileProtocolHandler library.htm

 

+- Contenu de l'autorun : K:\autorun.inf

 

 

 

--------------- [ Lecteur C ] ----------------

 

C: - Lecteur fixe

 

 

+- Listing des fichiers présents :

 

[16/10/2007 09:51][--a------] C:\AUTOEXEC.BAT

[10/08/2004 13:00][-rahs----] C:\NTDETECT.COM

[12/12/2008 20:34][-rahs----] C:\boot.ini

[21/12/2008 12:52][drahs----] C:\autorun.inf

[23/12/2008 07:19][--a------] C:\avenger.txt

[23/12/2008 07:19][--a------] C:\ComboFix.txt

[23/12/2008 07:19][--a------] C:\UsbFix.txt

[16/10/2007 09:51][--a------] C:\CONFIG.SYS

[16/10/2007 09:51][--a------] C:\IO.SYS

[16/10/2007 09:51][--a------] C:\MSDOS.SYS

[16/10/2007 09:51][--a------] C:\pagefile.sys

 

--------------- [ Lecteur G ] ----------------

 

G: - Lecteur amovible

 

 

+- Listing des fichiers présents :

 

[21/12/2008 12:53][drahs----] G:\autorun.inf

 

--------------- [ Lecteur H ] ----------------

 

H: - Lecteur fixe

 

 

+- Listing des fichiers présents :

 

[20/01/2004 22:34][--a------] H:\ACD_smx_51213622.exe

[20/01/2004 22:34][--a------] H:\avg6656fu_free.exe

[20/01/2004 22:34][--a------] H:\DivX521XP2K.exe

[20/01/2004 22:34][--a------] H:\dxball.exe

[20/01/2004 22:34][--a------] H:\PMagic.exe

[20/01/2004 22:34][--a------] H:\ToolbarSetup.exe

[24/09/2005 18:26][--a------] H:\autorun.inf

[05/05/2004 21:39][--a------] H:\Log.txt

 

--------------- [ Lecteur I ] ----------------

 

I: - Lecteur de CD-ROM

 

 

+- Listing des fichiers présents :

 

 

--------------- [ Lecteur J ] ----------------

 

J: - Lecteur de CD-ROM

 

 

+- Listing des fichiers présents :

 

 

--------------- [ Lecteur K ] ----------------

 

K: - Lecteur amovible

 

 

+- Listing des fichiers présents :

 

[13/12/2008 16:01][--a------] K:\boum-setup.exe

[13/12/2008 16:01][--a------] K:\Flash_Disinfector.exe

[21/12/2008 12:53][drahs----] K:\autorun.inf

 

--------------- [ Registre / Startup ] ----------------

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe

IncrediMail=C:\Program Files\IncrediMail\bin\IncMail.exe /c

SetDefaultMIDI=MIDIDef.exe

msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

SpybotSD TeaTimer=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]

ehTray=C:\WINDOWS\ehome\ehtray.exe

SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"

CTHelper=CTHELPER.EXE

CTxfiHlp=CTXFIHLP.EXE

Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

P17Helper=Rundll32 P17.dll,P17Helper

UpdReg=C:\WINDOWS\UpdReg.EXE

OSD=C:\WINDOWS\osd.exe

VisualTooltip=C:\WINDOWS\Resources\Themes\VistaXP\vt\VisualToolTip.exe

NeroFilterCheck=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

HP Software Update="C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

HP Component Manager="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=

<NO NAME>=

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=

Installed=1

<NO NAME>=

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=

NoChange=1

Installed=1

<NO NAME>=

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=

Installed=1

<NO NAME>=

 

--------------- [ Registre / Mountpoint2 ] ----------------

 

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{28b87136-0b1b-11dd-be88-0060b3ce4220}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{95c24e78-7d98-11dc-be32-0013721228db}\Shell\AutoRun\command

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8101cce-ab10-11dc-be63-0008d3350bfe}\Shell\AutoRun\command

 

--------------- [ Nettoyage des disques ] ----------------

 

Echec de la supression !! - [25/12/2008 23:21] C:\autorun.inf

[no.ppp]

Bonsoir,

 

Me saoulent ces autorun.inf

 

Télécharge OTMoveIt3 (d'Old_Timer) sur ton Bureau.

• Copie (Ctrl+C) le texte se situant ci-dessous :

  :processes
  explorer.exe
   
  :files
  C:\autorun.inf
  G:\autorun.inf
  H:\autorun.inf
  K:\autorun.inf
   
  :commands
  [emptytemp]
  [reboot]

• Branche tous tes périphériques sans les ouvrir.
  
• Double-clique sur OTMoveIt3.exe pour le lancer.
  
• Colle (ou Ctrl+V) le texte précédemment copié dans le cadre : Paste Instructions for Items to be Moved
  
• Clique sur MoveIt! pour lancer la suppression.
  
• Le résultat apparaîtra dans le cadre Results
  
• Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES..
  
• Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
  
• Le nom du rapport correspond au moment de sa création : date_heure.log
  

[AGECOBOY]

bonsoir,et merci

ci apres rapport otmove,

amicalement

 

 

========== PROCESSES ==========

Process explorer.exe killed successfully.

========== FILES ==========

C:\autorun.inf moved successfully.

Folder move failed. G:\autorun.inf scheduled to be moved on reboot.

File/Folder H:\autorun.inf not found.

Folder move failed. K:\autorun.inf scheduled to be moved on reboot.

========== COMMANDS ==========

File delete failed. C:\DOCUME~1\Eric\LOCALS~1\Temp\etilqs_9Hy6yWSepmCjSkjkadTO scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Eric\LOCALS~1\Temp\~DFA52F.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Eric\LOCALS~1\Temp\~DFA541.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Eric\LOCALS~1\Temp\~DFB8E9.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\Eric\LOCALS~1\Temp\~DFB8FB.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

Windows Temp folder emptied.

Java cache emptied.

File delete failed. C:\Documents and Settings\Eric\Local Settings\Application Data\Mozilla\Firefox\Profiles\ner8aoov.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Eric\Local Settings\Application Data\Mozilla\Firefox\Profiles\ner8aoov.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Eric\Local Settings\Application Data\Mozilla\Firefox\Profiles\ner8aoov.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Eric\Local Settings\Application Data\Mozilla\Firefox\Profiles\ner8aoov.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Eric\Local Settings\Application Data\Mozilla\Firefox\Profiles\ner8aoov.default\urlclassifier3.sqlite scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\Eric\Local Settings\Application Data\Mozilla\Firefox\Profiles\ner8aoov.default\XUL.mfl scheduled to be deleted on reboot.

FireFox cache emptied.

Temp folders emptied.

 

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12272008_192538