Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Cherche une aide pour désinfecter mon pc

Mynasa

Par Mynasa
dans Analyses et éradication malwares

 Partager

Messages recommandés

Mynasa Junior Member

Mynasa

Posté(e)
  • Auteur
Posté(e)

Re, désolé du retard :

 

Sinon, j'ai une petite question, quand j'essaye de jouer à un mmorpg je suis toujours déconnecté du serveur, je voudrais savoir si le malware qui m'as infecté est l'origine de ce problème

 

Voici les deux rapport

 

ComboFix 09-06-17.04 - Sanamy 18/06/2002 15:26.6 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.255.55 [GMT 1:00]

Lancé depuis: c:\documents and settings\Sanamy\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Sanamy\Bureau\CFScript.txt

AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\BackUp

C:\Autorun.inf

C:\explorer.exe

c:\windows\BackUp\autorun.inf

c:\windows\BackUp\explorer.exe

c:\windows\system32\iexplorer.exe

c:\windows\system32\wuauc1t.exe

D:\Autorun.inf

D:\explorer.exe

E:\Autorun.inf

E:\explorer.exe

F:\Autorun.inf

F:\explorer.exe

G:\Autorun.inf

G:\explorer.exe

H:\Autorun.inf

H:\explorer.exe

I:\Autorun.inf

I:\explorer.exe

J:\AUTORUN.INF

J:\explorer.exe

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2002-05-18 au 2002-06-18 ))))))))))))))))))))))))))))))))))))

.

 

2009-06-11 21:30 . 2002-06-17 16:26 -------- d-----w- c:\documents and settings\Sanamy\Application Data\gtk-2.0

2009-06-11 21:30 . 2009-06-11 21:30 -------- d-----w- c:\documents and settings\Sanamy\.thumbnails

2009-06-11 21:27 . 2002-06-17 21:42 -------- d-----w- c:\documents and settings\Sanamy\.gimp-2.6

2009-06-11 21:27 . 2009-06-11 21:27 -------- d-----w- c:\documents and settings\Sanamy\.gegl-0.0

2009-06-11 21:25 . 2009-06-11 21:25 -------- d-----w- c:\program files\GIMP-2.0

2009-06-08 12:42 . 2008-10-16 13:06 268648 ----a-w- c:\windows\system32\mucltui.dll

2009-06-08 12:42 . 2008-10-16 13:06 208744 ----a-w- c:\windows\system32\muweb.dll

2009-05-26 20:27 . 2008-06-13 00:00 225280 -c--a-w- c:\windows\system32\TubeFinder.exe

2009-05-26 20:27 . 2008-06-04 17:42 9728 -c--a-w- c:\windows\system32\PCCLPFR.DLL

2009-05-26 20:27 . 2008-06-04 17:42 32768 -c--a-w- c:\windows\system32\CMDLGFR.DLL

2009-05-26 20:27 . 2008-06-04 17:42 141312 -c--a-w- c:\windows\system32\MSCMCFR.DLL

2009-05-26 20:27 . 2002-06-01 13:48 -------- d-----w- c:\program files\Free FLV Converter

2009-05-20 20:46 . 2009-05-20 20:46 -------- d-----w- c:\program files\BlueSquad

2009-05-19 19:40 . 2002-05-22 17:54 -------- d-----w- c:\documents and settings\Sanamy\dwhelper

2009-05-18 12:43 . 2009-05-18 13:27 -------- d-----w- c:\documents and settings\Sanamy\Application Data\FileZilla

2009-05-04 12:37 . 2001-08-23 16:47 5632 -c--a-w- c:\windows\system32\ptpusb.dll

2009-05-04 12:37 . 2004-08-03 23:54 159232 ----a-w- c:\windows\system32\ptpusd.dll

2009-05-04 12:37 . 2004-08-03 21:58 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys

2009-05-03 18:15 . 2009-05-03 18:29 -------- d-----w- c:\documents and settings\Sanamy\Application Data\vlc

2009-04-28 14:53 . 2009-04-28 14:53 -------- d-----w- c:\documents and settings\Sanamy\Application Data\StoneTrip

2009-04-28 14:44 . 2002-05-25 11:25 -------- d-----w- c:\program files\KidNet

2009-04-26 17:09 . 2009-04-26 17:09 -------- d-----w- c:\windows\Sun

2009-04-20 12:39 . 2009-04-20 12:38 410984 -c--a-w- c:\windows\system32\deploytk.dll

2009-04-20 12:37 . 2009-04-20 12:37 152576 ----a-w- c:\documents and settings\Sanamy\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-04-20 11:51 . 2009-04-20 11:51 -------- d-----w- c:\documents and settings\Sanamy\.javaws

2009-04-20 11:51 . 2002-05-25 11:25 -------- d-----w- c:\program files\Java Web Start

2009-04-20 11:51 . 2009-04-20 12:38 -------- d-----w- c:\program files\Java

2009-04-20 11:36 . 2009-04-20 11:37 -------- d-----w- c:\program files\gs

2009-04-19 21:18 . 2009-04-19 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\PlotSoft

2009-04-19 21:18 . 2009-04-19 21:18 -------- d-----w- c:\program files\PlotSoft

2009-04-19 19:53 . 2002-06-13 16:48 -------- d-----w- c:\documents and settings\Sanamy\Application Data\BitTorrent

2009-04-19 19:52 . 2009-04-19 19:52 -------- d-----w- c:\documents and settings\Sanamy\Local Settings\Application Data\DNA

2009-04-19 19:52 . 2009-04-19 19:52 -------- d-----w- c:\program files\BitTorrent

2009-04-19 19:52 . 2002-06-07 19:59 -------- d-----w- c:\program files\DNA

2009-04-19 19:52 . 2002-06-07 19:59 -------- d-----w- c:\documents and settings\Sanamy\Application Data\DNA

2009-04-17 12:26 . 2009-04-17 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia

2009-04-17 10:06 . 2009-04-17 10:06 -------- d-----w- c:\program files\Sims Language

2009-04-17 10:06 . 1997-02-26 22:00 34816 -c--a-w- c:\windows\system32\DBGrdFR.dll

2009-04-17 10:06 . 1997-02-26 22:00 30720 -c--a-w- c:\windows\system32\DBLstFR.dll

2009-04-17 10:00 . 1998-03-14 13:47 96256 -c--a-w- c:\windows\system32\VB5FR.dll

2009-04-17 10:00 . 1997-02-26 22:00 73216 -c--a-w- c:\windows\ST5UNST.EXE

2009-04-17 10:00 . 1997-01-15 22:00 29696 -c--a-w- c:\windows\system32\VB5StKit.dll

2009-04-17 09:59 . 2009-04-17 09:59 -------- d-----w- c:\program files\RY's Games

2009-04-17 09:59 . 1998-10-29 14:45 376320 -c--a-w- c:\windows\IsUninst.exe

2009-04-16 13:13 . 2009-04-17 12:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-04-11 16:37 . 2009-04-11 16:37 -------- d-----w- c:\documents and settings\Sanamy\Application Data\Sony Corporation

2009-04-11 16:31 . 2007-04-04 16:53 81768 -c--a-w- c:\windows\system32\xinput1_3.dll

2009-04-11 16:31 . 2007-04-04 16:55 261480 -c--a-w- c:\windows\system32\xactengine2_7.dll

2009-04-11 16:31 . 2007-03-15 14:57 443752 -c--a-w- c:\windows\system32\d3dx10_33.dll

2009-04-11 16:31 . 2007-03-12 14:42 1123696 -c--a-w- c:\windows\system32\D3DCompiler_33.dll

2009-04-11 16:31 . 2007-03-12 14:42 3495784 -c--a-w- c:\windows\system32\d3dx9_33.dll

2009-04-11 16:31 . 2007-01-24 13:27 255848 -c--a-w- c:\windows\system32\xactengine2_6.dll

2009-04-11 16:23 . 2009-04-11 16:23 -------- d-----w- c:\program files\Sony

2009-04-09 18:30 . 2009-04-09 18:30 12862 ----a-r- c:\documents and settings\Sanamy\Application Data\Microsoft\Installer\{0E2B767B-EA6A-489B-BF83-8083FE1DB661}\_1EEFFF72773535163E4216.exe

2009-04-09 18:30 . 2009-04-09 18:30 -------- d-----w- c:\program files\Pcsx2

2009-04-07 13:35 . 2002-05-25 11:24 -------- d-----w- c:\program files\100%Naruto v2

2009-04-05 17:46 . 2009-04-05 17:46 -------- d-----w- c:\documents and settings\Sanamy\Application Data\Samsung

2009-04-05 17:30 . 2006-05-03 20:53 174592 ----a-w- c:\windows\system32\framedyn.dll

2009-04-05 17:29 . 2003-02-21 16:42 348160 -c--a-w- c:\windows\system32\msvcr71.dll

2009-04-05 17:29 . 2009-04-05 17:29 -------- d-----w- c:\program files\DIFX

2009-04-05 17:29 . 2009-04-05 17:29 -------- dc----w- c:\windows\system32\DRVSTORE

2009-04-05 17:28 . 2006-07-24 14:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys

2009-04-05 17:14 . 2007-05-02 09:11 15112 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys

2009-04-05 17:14 . 2007-05-02 09:11 12424 -c--a-w- c:\windows\system32\drivers\ss_whnt.sys

2009-04-05 17:14 . 2007-05-02 09:11 12424 ----a-w- c:\windows\system32\drivers\ss_wh.sys

2009-04-05 17:14 . 2007-05-02 09:11 109704 ----a-w- c:\windows\system32\drivers\ss_mdm.sys

2009-04-05 17:14 . 2007-05-02 09:11 83592 ----a-w- c:\windows\system32\drivers\ss_bus.sys

2009-04-05 17:14 . 2007-05-02 09:11 12424 -c--a-w- c:\windows\system32\drivers\ss_cmnt.sys

2009-04-05 17:14 . 2007-05-02 09:11 12424 ----a-w- c:\windows\system32\drivers\ss_cm.sys

2009-04-05 17:14 . 2009-04-05 17:38 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers

2009-04-05 17:14 . 2009-04-11 05:01 -------- d-----w- c:\program files\Samsung

2009-04-05 17:12 . 2009-04-05 17:12 -------- d-----w- c:\program files\Fichiers communs\Adobe

2009-03-24 13:23 . 1999-12-17 08:13 86016 -c--a-w- c:\windows\unvise32.exe

2009-03-24 13:23 . 2009-03-24 13:24 -------- d-----w- c:\program files\YuGiOh Virtual Desktop

2009-03-23 18:50 . 2009-03-23 18:50 -------- d-----w- c:\documents and settings\Sanamy\Application Data\EPSON

2009-03-23 15:45 . 2009-03-23 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\UDL

2009-03-23 15:42 . 2009-03-23 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON

2009-03-23 15:42 . 2006-12-08 02:04 76800 ----a-w- c:\windows\system32\E_FLBBZR.DLL

2009-03-23 15:42 . 2006-04-19 02:00 62976 ----a-w- c:\windows\system32\E_FD4BBZR.DLL

2009-03-22 14:29 . 2002-06-18 13:56 -------- d-----w- C:\TDdownload

2009-03-22 14:28 . 2006-01-09 14:01 86016 ----a-w- c:\windows\system32\gigagetbho_v10.dll

2009-03-22 14:27 . 2009-03-22 14:27 -------- d-----w- c:\program files\Giganology

2009-03-21 16:00 . 2009-03-21 16:00 152576 ----a-w- c:\documents and settings\Sanamy\Application Data\Sun\Java\jre1.6.0_12\lzma.dll

2009-03-21 14:37 . 2002-06-07 19:59 -------- d-----w- c:\documents and settings\Sanamy\Tracing

2009-03-21 14:31 . 2009-03-21 14:31 -------- d-----w- c:\program files\Microsoft

2009-03-21 14:31 . 2009-03-21 14:31 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-03-21 14:30 . 2009-03-21 14:31 -------- d-----w- c:\program files\Windows Live

2009-03-19 20:37 . 2009-04-29 20:18 -------- d-----w- c:\documents and settings\Sanamy\Application Data\Skype

2009-03-19 20:36 . 2009-03-19 20:36 -------- d-----r- c:\program files\Skype

2009-03-19 20:36 . 2009-03-19 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-03-19 10:57 . 2009-03-19 10:57 -------- d--h--w- c:\windows\system32\GroupPolicy

2009-03-19 10:55 . 2009-03-19 11:10 -------- d-----w- c:\documents and settings\Sanamy\Local Settings\Application Data\Google

2009-03-18 20:34 . 2009-03-18 20:34 -------- d-----w- c:\program files\Fichiers communs\Windows Live

2009-03-18 18:29 . 2009-03-18 18:29 -------- d-----w- c:\documents and settings\Sanamy\Local Settings\Application Data\Help

2009-03-17 19:09 . 2002-06-15 13:58 -------- d-----w- c:\documents and settings\Sanamy\Application Data\dvdcss

2009-03-16 18:32 . 2004-09-10 20:12 49152 -c--a-w- c:\windows\system32\E_DCINST.DLL

2009-03-16 18:32 . 2003-12-10 00:13 76054 ----a-w- c:\windows\system32\EBPMON24.DLL

2009-03-16 18:32 . 2003-05-29 00:01 91648 -c--a-w- c:\windows\system32\E_SAGSET.DLL

2009-03-16 18:32 . 2003-05-21 01:27 64000 -c--a-w- c:\windows\system32\ECBTEG.DLL

2009-03-16 18:32 . 2001-09-04 01:04 182 ----a-w- c:\windows\system32\EBPPORT4.DAT

2009-03-16 18:32 . 2000-06-07 00:01 34304 -c--a-w- c:\windows\system32\EBPCHP.DLL

2009-03-16 18:31 . 2009-03-23 15:44 -------- d-----w- c:\program files\EPSON

2009-03-16 18:22 . 2004-08-03 22:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys

2009-03-16 18:22 . 2004-08-03 22:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys

2009-03-16 11:13 . 2009-06-05 21:29 -------- d-----w- c:\documents and settings\Sanamy\Local Settings\Application Data\WMTools Downloaded Files

2009-03-15 11:03 . 2009-04-07 11:55 -------- d-----w- c:\program files\DBZ Online

2009-03-13 08:26 . 2009-03-13 08:26 32784 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\klbg.sys

2009-03-13 08:26 . 2009-03-13 08:26 227344 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\update\rollback\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys

2009-03-12 13:23 . 2002-05-27 06:33 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-03-12 13:23 . 2009-03-23 15:46 -------- d-----w- c:\program files\Fichiers communs\InstallShield

2009-03-12 11:06 . 2009-03-12 11:06 -------- d-----w- c:\program files\VideoLAN

2009-03-09 20:04 . 2003-06-19 00:31 17920 ----a-w- c:\windows\system32\mdimon.dll

2009-03-09 20:03 . 2009-03-09 20:03 -------- d-----w- c:\program files\Microsoft.NET

2009-03-09 20:02 . 2009-03-09 20:03 -------- d--h--w- c:\windows\ShellNew

2009-03-09 07:55 . 2009-03-09 07:55 -------- d-s---w- c:\documents and settings\Sanamy\UserData

2009-03-06 17:03 . 2009-03-06 17:03 -------- d-----w- c:\windows\system32\CatRoot_bak

2009-03-06 15:36 . 2005-02-25 03:35 22752 -c--a-w- c:\windows\system32\spupdsvc.exe

2009-03-06 15:03 . 2009-03-06 15:03 -------- d-----w- c:\program files\7-Zip

2009-03-06 11:06 . 2009-03-06 11:06 -------- d-----w- c:\documents and settings\Sanamy\Local Settings\Application Data\Identities

2009-03-06 07:26 . 2009-03-13 08:26 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys

2009-03-06 07:26 . 2009-03-06 07:26 206088 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe

2009-03-06 07:25 . 2009-03-13 08:26 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys

2009-03-05 15:10 . 2009-05-10 21:53 450592 -csha-w- c:\windows\system32\drivers\fidbox2.dat

2009-03-05 15:10 . 2009-05-10 21:53 1605664 -csha-w- c:\windows\system32\drivers\fidbox.dat

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-05-11 10:32 . 2002-03-05 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab

2009-05-10 21:53 . 2009-03-05 15:10 7860 -csha-w- c:\windows\system32\drivers\fidbox2.idx

2009-05-10 21:53 . 2009-03-05 15:10 18864 -csha-w- c:\windows\system32\drivers\fidbox.idx

2009-04-19 11:29 . 2002-09-07 00:00 49494 ----a-w- c:\windows\system32\perfc00C.dat

2009-04-19 11:29 . 2002-09-07 00:00 370414 ----a-w- c:\windows\system32\perfh00C.dat

2009-03-23 15:43 . 2009-03-23 15:43 -------- d-----w- c:\documents and settings\Sanamy\Application Data\InstallShield

2009-03-21 14:36 . 2002-03-05 18:45 57688 ----a-w- c:\documents and settings\Sanamy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-03-13 08:26 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys

2009-03-13 08:26 . 2002-03-05 15:15 89601 ----a-w- c:\windows\system32\drivers\klick.dat

2009-03-13 08:26 . 2002-03-05 15:15 101287 ----a-w- c:\windows\system32\drivers\klin.dat

2009-03-06 16:28 . 2009-03-05 14:56 86331 -c--a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-03-05 14:57 . 2009-03-05 14:57 -------- d-----w- c:\program files\microsoft frontpage

2009-03-05 14:55 . 2009-03-05 14:55 -------- d-----w- c:\program files\Services en ligne

2009-03-05 14:54 . 2009-03-05 14:54 21892 -c--a-w- c:\windows\system32\emptyregdb.dat

2009-02-11 09:19 . 2002-03-05 18:20 38496 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 09:19 . 2002-03-05 18:20 15504 -c--a-w- c:\windows\system32\drivers\mbam.sys

2009-02-06 17:52 . 2009-02-06 17:52 49504 -c--a-w- c:\windows\system32\sirenacm.dll

2008-11-11 19:00 . 2008-11-11 19:00 218376 ----a-w- c:\windows\system32\klogon.dll

2008-11-11 18:58 . 2008-11-11 18:58 25601 ----a-w- c:\windows\system32\drivers\klopp.dat

2008-11-11 17:32 . 2008-11-11 17:32 148816 -c--a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\french\setup.exe

2008-10-16 13:13 . 2009-03-05 14:54 202776 -c--a-w- c:\windows\system32\wuweb.dll

2008-10-16 13:13 . 2009-03-05 14:54 1809944 ----a-w- c:\windows\system32\wuaueng.dll

2008-10-16 13:12 . 2009-03-05 14:54 323608 -c--a-w- c:\windows\system32\wucltui.dll

2008-10-16 13:12 . 2009-03-05 14:54 561688 ----a-w- c:\windows\system32\wuapi.dll

2008-10-16 13:09 . 2009-03-05 14:54 51224 ----a-w- c:\windows\system32\wuauclt.exe

2008-10-16 13:09 . 2008-10-16 13:09 43544 ----a-w- c:\windows\system32\wups2.dll

2008-10-16 13:09 . 2004-08-04 04:54 92696 -c--a-w- c:\windows\system32\cdm.dll

2008-10-16 13:08 . 2009-03-05 14:54 34328 ----a-w- c:\windows\system32\wups.dll

2008-07-21 16:34 . 2008-07-21 16:34 121872 ----a-w- c:\windows\system32\drivers\kl1.sys

2008-04-30 16:06 . 2008-04-30 16:06 24592 ----a-w- c:\windows\system32\drivers\klim5.sys

2008-03-13 17:02 . 2008-03-13 17:02 26640 ----a-w- c:\windows\system32\drivers\klfltdev.sys

2007-05-30 12:44 . 2002-05-15 14:55 588288 ----a-w- C:\VisualBoyAdvance1.7.2.fix.exe

2007-03-05 10:42 . 2009-04-11 16:30 15128 -c--a-w- c:\windows\system32\x3daudio1_1.dll

2006-12-08 10:02 . 2009-04-11 16:30 251672 -c--a-w- c:\windows\system32\xactengine2_5.dll

2006-11-29 11:06 . 2009-04-11 16:30 3426072 -c--a-w- c:\windows\system32\d3dx9_32.dll

2006-11-02 14:57 . 2009-04-11 16:30 36624 ----a-w- c:\windows\system32\drivers\pxhelp20.sys

2006-11-02 14:57 . 2009-04-11 16:30 118520 -c--a-w- c:\windows\system32\PxInsI64.exe

2006-10-30 23:10 . 2009-03-23 15:43 71840 -c--a-w- c:\windows\system32\EPPicMgr.dll

2006-10-30 23:10 . 2009-03-23 15:43 120992 -c--a-w- c:\windows\system32\EpPicPrt.dll

2006-10-19 23:10 . 2009-03-23 15:43 80024 -c--a-w- c:\windows\system32\PICSDK.dll

2006-10-19 23:10 . 2009-03-23 15:43 501912 -c--a-w- c:\windows\system32\PICSDK2.dll

2006-10-19 23:10 . 2009-03-23 15:43 108704 -c--a-w- c:\windows\system32\PICEntry.dll

2006-10-18 17:43 . 2009-04-11 16:30 115960 -c--a-w- c:\windows\system32\PxCpyI64.exe

2006-10-04 16:08 . 2004-08-04 04:54 1386496 ----a-w- c:\windows\system32\MSVBVM60.DLL

2006-10-04 16:08 . 2006-11-01 19:04 119568 ----a-w- c:\windows\system32\VB6FR.DLL

2006-09-28 14:05 . 2009-04-11 16:30 237848 -c--a-w- c:\windows\system32\xactengine2_4.dll

2006-09-28 14:05 . 2009-04-11 16:30 2414360 -c--a-w- c:\windows\system32\d3dx9_31.dll

2006-08-28 19:48 . 2009-04-11 16:30 2560 -c--a-w- c:\windows\system32\drivers\cdralw2k.sys

2006-08-28 19:48 . 2009-04-11 16:30 2432 -c--a-w- c:\windows\system32\drivers\cdr4_xp.sys

2006-07-28 07:30 . 2009-04-11 16:30 236824 -c--a-w- c:\windows\system32\xactengine2_3.dll

2006-07-28 07:30 . 2009-04-11 16:30 62744 -c--a-w- c:\windows\system32\xinput1_2.dll

2006-04-18 04:00 . 2009-03-23 15:43 172032 ----a-w- c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE

2006-01-26 06:31 . 2006-11-01 19:04 160256 -c--a-w- c:\windows\system32\fmod.dll

2005-09-08 15:16 . 2005-09-08 15:16 294912 -c--a-w- c:\windows\system32\DynamicTwainCtrl.dll

2005-05-31 23:20 . 2009-03-23 15:43 111932 -c--a-w- c:\windows\system32\EPPICPrinterDB.dat

2005-05-26 13:34 . 2009-04-11 16:30 2297552 -c--a-w- c:\windows\system32\d3dx9_26.dll

2005-05-04 13:45 . 2004-08-04 04:54 78848 ----a-w- c:\windows\system32\msiexec.exe

2005-05-04 13:45 . 2004-08-04 04:54 271360 -c--a-w- c:\windows\system32\msihnd.dll

2005-05-04 13:45 . 2004-08-04 04:54 15360 ----a-w- c:\windows\system32\msisip.dll

2005-05-04 13:45 . 2004-08-04 04:53 884736 -c--a-w- c:\windows\system32\msimsg.dll

2005-05-04 13:45 . 2004-08-04 04:54 2890240 ----a-w- c:\windows\system32\msi.dll

2005-01-04 09:43 . 2002-05-28 08:40 4682 -c--a-w- c:\windows\system32\npptNT2.sys

2004-08-05 12:00 . 2004-08-04 04:54 30749 -c--a-w- c:\windows\system32\vbajet32.dll

2004-08-05 12:00 . 2004-08-04 04:54 151552 -c--a-w- c:\windows\system32\scrrun.dll

2004-08-05 12:00 . 2004-08-04 04:54 83456 -c--a-w- c:\windows\system32\olepro32.dll

2004-08-05 12:00 . 2004-08-04 04:54 380957 -c--a-w- c:\windows\system32\expsrv.dll

2004-08-05 12:00 . 2004-08-04 04:54 619008 -c--a-w- c:\windows\system32\dx7vb.dll

2004-08-05 12:00 . 2004-08-04 04:54 65024 ----a-w- c:\windows\system32\asycfilt.dll

2004-08-05 12:00 . 2002-09-07 00:00 24626 -c--a-w- c:\windows\system32\scrrnfr.dll

2004-08-04 05:52 . 2002-03-05 15:37 1014836 -c--a-r- c:\windows\SET3.tmp

2004-08-04 05:45 . 2002-03-05 15:38 14043 -c--a-r- c:\windows\SET8.tmp

2004-08-04 05:43 . 2002-03-05 15:37 1086058 -c--a-r- c:\windows\SET4.tmp

2004-08-04 05:08 . 2004-08-04 05:08 1788 -c--a-w- c:\windows\system32\Dcache.bin

2004-08-04 04:57 . 2004-08-04 04:57 332800 -c--a-w- c:\windows\system32\netsetup.exe

2004-08-04 04:54 . 2009-03-16 11:23 124928 -c--a-w- c:\windows\system32\mplay32.exe

2004-08-04 04:53 . 2004-08-04 04:53 2986496 ----a-w- c:\windows\system32\xpsp2res.dll

2004-08-04 04:52 . 2004-08-04 04:52 4096 -c--a-w- c:\windows\system32\dsprpres.dll

2004-08-04 04:52 . 2004-08-04 04:52 3584 -c--a-w- c:\windows\system32\dpnlobby.dll

2004-08-04 04:52 . 2004-08-04 04:52 3584 -c--a-w- c:\windows\system32\dpnaddr.dll

2004-08-04 04:52 . 2004-08-04 04:52 24064 -c--a-w- c:\windows\system32\pidgen.dll

2004-08-04 04:52 . 2004-08-04 04:52 70144 ----a-w- c:\windows\system32\browselc.dll

2004-08-04 04:52 . 2004-08-04 04:52 16896 ----a-w- c:\windows\system32\cfgmgr32.dll

2004-08-04 04:52 . 2004-08-04 04:52 8704 -c--a-w- c:\windows\system32\asferror.dll

2004-08-04 04:52 . 2004-08-04 04:52 285696 ----a-w- c:\windows\system32\atmfd.dll

2004-08-04 04:49 . 2009-03-05 14:54 73600 ----a-w- c:\windows\system32\drivers\sr.sys

2004-08-04 04:48 . 2004-08-04 04:48 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe

2004-08-04 04:46 . 2004-08-04 04:46 154496 ----a-w- c:\windows\system32\drivers\dmio.sys

2004-08-04 04:46 . 2004-08-04 04:46 800256 ----a-w- c:\windows\system32\drivers\dmboot.sys

2004-08-04 04:45 . 2004-08-04 04:45 1836032 ----a-w- c:\windows\system32\win32k.sys

2004-08-04 04:45 . 2004-08-04 04:45 25216 ----a-w- c:\windows\system32\drivers\kbdclass.sys

2004-08-04 04:44 . 2004-08-04 04:44 53376 -c--a-w- c:\windows\system32\drivers\volsnap.sys

2004-08-04 04:43 . 2004-08-04 04:43 40320 ----a-w- c:\windows\system32\drivers\intelppm.sys

2004-08-04 04:41 . 2004-08-04 04:41 66560 ----a-w- c:\windows\system32\drivers\serial.sys

2004-08-04 04:41 . 2004-08-04 04:41 54400 ----a-w- c:\windows\system32\drivers\i8042prt.sys

2004-08-04 04:37 . 2009-03-05 14:52 44544 -c--a-w- c:\windows\system32\tscupgrd.exe

2004-08-04 04:37 . 2009-03-05 14:53 411648 -c--a-w- c:\windows\system32\mstsc.exe

2004-08-04 04:37 . 2004-08-04 04:37 70688 -c--a-w- c:\windows\system32\mmsystem.dll

2004-08-04 04:37 . 2004-08-04 04:37 120320 -c--a-w- c:\windows\system32\drivers\pcmcia.sys

2004-08-04 04:37 . 2004-08-04 04:37 68608 ----a-w- c:\windows\system32\drivers\pci.sys

2004-08-04 04:36 . 2004-08-04 04:36 188672 ----a-w- c:\windows\system32\drivers\acpi.sys

.

 

((((((((((((((((((((((((((((( SnapShot@2009-05-11_19.53.47 )))))))))))))))))))))))))))))))))))))))))

.

+ 2006-12-01 21:56 . 2006-12-01 21:56 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll

+ 2002-06-18 12:40 . 2002-06-18 12:40 16384 c:\windows\temp\Perflib_Perfdata_15c.dat

+ 2002-09-07 00:00 . 2002-09-07 00:00 19200 c:\windows\system32\dllcache\tapi.dll

- 2002-03-05 15:38 . 2002-09-07 00:00 19200 c:\windows\system32\dllcache\tapi.dll

+ 2002-09-07 00:00 . 2002-09-07 00:00 24064 c:\windows\system32\dllcache\olesvr.dll

- 2002-03-05 15:38 . 2002-09-07 00:00 24064 c:\windows\system32\dllcache\olesvr.dll

+ 2002-09-07 00:00 . 2002-09-07 00:00 83456 c:\windows\system32\dllcache\olecli.dll

- 2002-03-05 15:38 . 2002-09-07 00:00 83456 c:\windows\system32\dllcache\olecli.dll

- 2004-08-04 04:55 . 2004-08-04 04:55 70656 c:\windows\system32\dllcache\notepad.exe

+ 2002-03-05 15:38 . 2004-08-04 04:55 70656 c:\windows\system32\dllcache\notepad.exe

+ 2002-09-07 00:00 . 2002-09-07 00:00 28160 c:\windows\system32\dllcache\mciwave.drv

- 2002-03-05 15:38 . 2002-09-07 00:00 28160 c:\windows\system32\dllcache\mciwave.drv

+ 2002-09-07 00:00 . 2002-09-07 00:00 25280 c:\windows\system32\dllcache\mciseq.drv

- 2002-03-05 15:38 . 2002-09-07 00:00 25280 c:\windows\system32\dllcache\mciseq.drv

- 2002-03-05 15:38 . 2002-09-07 00:00 73680 c:\windows\system32\dllcache\mciavi.drv

+ 2002-09-07 00:00 . 2002-09-07 00:00 73680 c:\windows\system32\dllcache\mciavi.drv

+ 2002-09-07 00:00 . 2002-09-07 00:00 33904 c:\windows\system32\dllcache\commdlg.dll

- 2002-03-05 15:38 . 2002-09-07 00:00 33904 c:\windows\system32\dllcache\commdlg.dll

- 2002-03-05 15:38 . 2002-09-07 00:00 70352 c:\windows\system32\dllcache\avicap.dll

+ 2002-09-07 00:00 . 2002-09-07 00:00 70352 c:\windows\system32\dllcache\avicap.dll

+ 2002-06-13 16:48 . 2002-06-13 16:48 3584 c:\windows\system32\drivers\klif.sys

- 2002-03-05 15:38 . 2002-09-07 00:00 9104 c:\windows\system32\dllcache\ver.dll

+ 2002-09-07 00:00 . 2002-09-07 00:00 9104 c:\windows\system32\dllcache\ver.dll

- 2002-03-05 15:38 . 2002-09-07 00:00 5120 c:\windows\system32\dllcache\shell.dll

+ 2002-09-07 00:00 . 2002-09-07 00:00 5120 c:\windows\system32\dllcache\shell.dll

- 2002-03-05 15:38 . 2002-09-07 00:00 9936 c:\windows\system32\dllcache\lzexpand.dll

+ 2002-09-07 00:00 . 2002-09-07 00:00 9936 c:\windows\system32\dllcache\lzexpand.dll

+ 2006-12-01 21:36 . 2006-12-01 21:36 796672 c:\windows\WinSxS\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_9d1c6ce0\msvcr80.dll

+ 2006-12-01 21:37 . 2006-12-01 21:37 516096 c:\windows\WinSxS\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_9d1c6ce0\msvcm80.dll

+ 2006-12-01 21:40 . 2006-12-01 21:40 113152 c:\windows\WinSxS\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_fdbc5a54\ATL80.dll

- 2004-08-04 04:55 . 2004-08-04 04:55 146944 c:\windows\system32\dllcache\winspool.drv

+ 2002-03-05 15:38 . 2004-08-04 04:55 146944 c:\windows\system32\dllcache\winspool.drv

+ 2002-09-07 00:00 . 2002-09-07 00:00 127168 c:\windows\system32\dllcache\msvideo.dll

- 2002-03-05 15:38 . 2002-09-07 00:00 127168 c:\windows\system32\dllcache\msvideo.dll

- 2002-03-05 15:38 . 2002-09-07 00:00 109568 c:\windows\system32\dllcache\avifile.dll

+ 2002-09-07 00:00 . 2002-09-07 00:00 109568 c:\windows\system32\dllcache\avifile.dll

+ 2009-06-11 15:02 . 2009-06-11 15:02 452496 c:\windows\Downloaded Program Files\wlscBase.dll

+ 2006-12-01 21:39 . 2006-12-01 21:39 1061376 c:\windows\WinSxS\amd64_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_9d1c6ce0\msvcp80.dll

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPSON Stylus C45 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE" [2004-01-14 173568]

 

c:\documents and settings\Sanamy\Menu D‚marrer\Programmes\D‚marrage\

Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-4-11 532480]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableTaskMgr"= 1 (0x1)

"DisableRegistryTools"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"FirewallOverride"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"UacDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I3T1.EXE"=

"c:\\Documents and Settings\\Sanamy\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=

"c:\\Documents and Settings\\Sanamy\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=

"c:\\WINDOWS\\system32\\taskmgr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

 

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 17:29 33808]

R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\iojhmh.sys --> c:\windows\system32\drivers\iojhmh.sys [?]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13/03/2008 18:02 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30/04/2008 17:06 24592]

.

Contenu du dossier 'Tâches planifiées'

 

2002-06-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-602609370-682003330-1003.job

- c:\documents and settings\Sanamy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-19 10:55]

.

.

------- Examen supplémentaire -------

.

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {F8E8EB8E-43E3-4D6D-BB7C-8CA044F33B6D} = 208.67.222.222 193.55.10.102

FF - ProfilePath -

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2002-06-18 15:38

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

Scan terminé avec succès

Fichiers cachés: 0

 

**************************************************************************

.

Heure de fin: 2002-06-18 15:48

ComboFix-quarantined-files.txt 2002-06-18 14:48

ComboFix2.txt 2002-06-14 17:48

ComboFix3.txt 2002-06-13 15:36

ComboFix4.txt 2002-06-07 20:52

ComboFix5.txt 2002-06-18 14:25

 

Avant-CF: 1 558 740 992 octets libres

Après-CF: 1 671 954 432 octets libres

 

383

 

Malwarebytes' Anti-Malware 1.38

Version de la base de données: 2297

Windows 5.1.2600 Service Pack 2

 

21/06/2002 12:50:26

mbam-log-2002-06-21 (12-50-26).txt

 

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|)

Eléments examinés: 202191

Temps écoulé: 51 minute(s), 16 second(s)

 

Processus mémoire infecté(s): 1

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 118

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 6

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 39

 

Processus mémoire infecté(s):

C:\WINDOWS\system32\iexplorer.exe (Trojan.Downloader) -> Unloaded process successfully.

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVwsc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\icesword.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTray.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRunKiller.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Frameworkservice.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASARP.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WOPTILITIES.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.exe (Security.Hijack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wuauclt.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\iExplorer (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

c:\program files\trend micro\hijackthis\backups\backup-20090510-195643-238.dll (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\program files\trend micro\hijackthis\backups\backup-20090510-195643-592.dll (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\program files\mozilla firefox\plugins\NPMyWebS.dll (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\program files\windows live\messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\program files\windows live\messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\fbak.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\w.com.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\F3HKSTUB.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\F3REGHK.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\F3RESTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\M3HIGHIN.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\M3HTML.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\M3IDLE.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\M3IMPIPE.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\M3MEDINT.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\M3MSG.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\M3OUTLCN.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\M3PLUGIN.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\M3SKIN.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\M3SKPLAY.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\M3SLSRCH.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\M3SRCHMN.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\MWSOEMON.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\MWSOEPLG.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\MWSOESTB.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\MWSSVC.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\program files\mywebsearch\bar\3.bin\NPMYWEBS.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\WINDOWS\system32\nmdfgds0.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\WINDOWS\system32\nmdfgds1.dll.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

c:\Qoobox\quarantine\C\WINDOWS\system32\olhrwef.exe.vir (Spyware.OnlineGames) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\wuauc1t.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\AUTORUN.INF (Worm.AutoRun) -> Quarantined and deleted successfully.

C:\explorer.exe (Worm.AutoRun) -> Quarantined and deleted successfully.

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

Je ne saurais te dire pour mmorpg, mais il est possible que les malwares présents soient en cause.

Kaspersky Internet Security semble ne plus fonctionner sur ton pc et il n'est du coup plus protégé. Me confirmes tu que l'antivirus ne fonctionne plus ? Il va falloir le réinstaller ou en remettre un autre après avoir désinstallé KIS.

 

J'ai besoin d'en vois un peu plus: on va retenter le scan avec DrWeb >>

 

Branche tous les supports amovibles que tu possèdes avant de faire ces scans (clé usb/disque dur externe etc)

 

Supprime le dossier suivant >> C:\Qoobox

 

1°) Fais un clic droit sur le lien suivant et choisis "Enregistrer la cible sous..." (sous FireFox >> "Enregistrer la cible du lien sous...") :

ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe

Lors de la sauvegarde du fichier, renomme le fichier en launch.com puis sauvegarde-le sur le Bureau

 

2°) Redémarre le PC, impérativement en mode sans échec.

  • Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement.
  • Tapote par alternance les touches [F8] et [F5] jusqu'à l'affichage du menu des options avancées de Windows.
  • Sélectionne "Mode sans échec" et appuie sur la touche [Entrée].
  • Clique sur le bouton Oui à l'apparition du message.
  • Choisis ton compte usuel, et non Administrateur.

3°) Utilisation de DrWeb >>

  • Double clique launch.com et ensuite clique sur Commencer le scan;
  • Clique Ok à l'invite de l'analyse rapide. Ce scan permet l'analyse des processus chargés en mémoire; s'il trouve des processus infectés, clique le bouton Oui à l'invite.
    **Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction"; vous pouvez quitter en cliquant le "X"
  • L'analyse rapide se fait en quelques minutes seulement (progression affichée au bas)
  • Lorsque l'analyse rapide sera terminée, coche/active le bouton "Analayse complète" (au haut à gauche) et clique sur le bouton avec flèche verte sur la droite et l'analyse complète débutera.
  • S'il y a détections, l'outil te proposera des choix d'actions : clique "Oui pour tout" selon l'action proposée (réparation, quarantaine ou suppression).
  • ** L'analyse complète est plutôt longue, donc il faut être patient. Il faut avoir la machine à l'oeil durant l'analyse, car l'outil stoppe sa progression lorsqu'il y a détection et attend votre choix d'action.
  • *** Si tu soupçonnes qu'une détection semble être fausse (un faux-positif), alors clique "Non pour tout" et avise le bénévole qui t'aide en lui soumettant le nom et emplacement du fichier détecté.
  • En fin d'analyse, il est possible que le bouton "Tout sélectionner" (au bas à gauche) soit disponible : ne pas cliquer dessus.
  • Va maintenant dans le menu "Fichier" (au haut à gauche) et choisis "Enregistrer le rapport"; sauvegarde-le sur le Bureau. Il sera au format .csv (accessible par Excel ou programme similaire, sinon le Bloc-notes peut être utilisé).
  • Copie/colle le contenu du rapport dans ta réponse. Ferme la fenêtre de l'outil en cliquant sur le "X". S'il y a invite "Souhaitez-vous vraiment fermer l'application ?"; clique "Oui".

4°) Redémarre ton pc normalement puis fais le scan suivant (c'est rapide!) >>

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit

Poste stp les 3 rapports. Mynasa: ne connecte pas le pc à internet tant qu'il n'est pas désinfecté/protégé.

C'est ennuyeux, mais important car le risque de surinfection est grand!

Ne le connecte que pour télécharger les outils nécéssaires. Une fois le pc protégé et propre, tu pourras réutiliser le Web normalement :P

Mynasa Junior Member

Mynasa

Posté(e)
  • Auteur
Posté(e)

Bon suis maudit...

 

Drweb, je n'arrive jamais à le télécharger:

 

Quand j'essaye avec des navigateurs, il bloque direct...

Quand j'essaye avec Gigaget, à 80% il bloque ( soit ressources, soit "you have too many connection", soit le fichier est devenu old than data Oo)

 

Enfin, j'ai essayé d'installer Antivir, téléchargement pas de problème, mais quand j'essaye de lancer l'installation il ne se passe plus rien...

 

Bon des idées ? Car la je ne sais plus quoi faire.

 

Merci

Mark Godlike Member

Mark

Posté(e)
Posté(e)

Coucou vous deux :P

 

J'ai trébuché sur votre discussion et j'ai peut-être une 'tite piste, pour faire avancer. Je te vois au bas, Mynasa, alors je poste ceci rapidement :

 

La date de ton système affiche 18/06/2002 en ce moment : ceci est évidemment faux et provoquera des erreurs ou non fonctionnement de certains outils.

 

Remets la bonne date et heure via l'horloge Windows (au bas à droite), ensuite retente pour Dr.Web CureIt. Sait-on jamais...

 

@+

Mynasa Junior Member

Mynasa

Posté(e)
  • Auteur
Posté(e)

Merci,

 

J'essaye de télécharger drweb avec la bonne année, sinon l'exécuteur d'Antivir ne se lance toujours pas.

 

Et le mode sans échec, il rencontre un échec quand je le lance ( Oo ), écran bleu tout ça....

 

Edit : " 2009/06/21 19:18:54 Connecting ftp.drweb.com:21...

2009/06/21 19:18:54 Connecting to ftp.drweb.com:21 successfully

2009/06/21 19:18:54 Waiting for welcome information...

2009/06/21 19:18:55 421 There are too many connections from your internet address.

2009/06/21 19:18:55 Error occurred, retry after 20 seconds

2009/06/21 19:19:08 Task Terminated"

 

Try again ?

 

Merci

Mynasa Junior Member

Mynasa

Posté(e)
  • Auteur
Posté(e)

Rien :

 

2009/06/21 21:14:53 Connecting to s3.amazonaws.com:80 successfully

2009/06/21 21:14:53 GET /senduit/873285?AWSAccessKeyId=0RYTHV9YYQ4W5Q3HQMG2&Expires=1245618737&Signature=7wIOuy6tWC0moXJAZaqh4xjc5%2Fk%3D HTTP/1.1

2009/06/21 21:14:53 Host: s3.amazonaws.com

2009/06/21 21:14:53 Accept: */*

2009/06/21 21:14:53 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

2009/06/21 21:14:53 Referer: http://s3.amazonaws.com/senduit

2009/06/21 21:14:53 Range: bytes=4827741-

2009/06/21 21:14:53 Pragma: no-cache

2009/06/21 21:14:53 Cache-Control: no-cache

2009/06/21 21:14:53 Connection: close

2009/06/21 21:14:54 HTTP/1.1 403 Forbidden

2009/06/21 21:14:54 x-amz-request-id: 800130A2E48BEEAC

2009/06/21 21:14:54 x-amz-id-2: 3FbaAxfBQdfb2qzdvje42SGn+jDpsjh77V2rWiZe7GexlH+5PCHhN+SMvTBy8aOE

2009/06/21 21:14:54 Content-Type: application/xml

2009/06/21 21:14:54 Transfer-Encoding: chunked

2009/06/21 21:14:54 Date: Sun, 21 Jun 2009 21:14:53 GMT

2009/06/21 21:14:54 Server: AmazonS3

2009/06/21 21:14:54 Connection: close

2009/06/21 21:14:54 Error occurred, retry after 5 seconds

2009/06/21 21:14:59 Connecting s3.amazonaws.com:80...

2009/06/21 21:14:59 Connecting to s3.amazonaws.com:80 successfully

2009/06/21 21:14:59 GET /senduit/873285?AWSAccessKeyId=0RYTHV9YYQ4W5Q3HQMG2&Expires=1245618737&Signature=7wIOuy6tWC0moXJAZaqh4xjc5%2Fk%3D HTTP/1.1

2009/06/21 21:14:59 Host: s3.amazonaws.com

2009/06/21 21:14:59 Accept: */*

2009/06/21 21:14:59 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

2009/06/21 21:14:59 Referer: http://s3.amazonaws.com/senduit

2009/06/21 21:14:59 Range: bytes=4827741-

2009/06/21 21:14:59 Pragma: no-cache

2009/06/21 21:14:59 Cache-Control: no-cache

2009/06/21 21:14:59 Connection: close

2009/06/21 21:15:02 HTTP/1.1 403 Forbidden

2009/06/21 21:15:02 x-amz-request-id: 0297CC22236D8402

2009/06/21 21:15:02 x-amz-id-2: R2jdluFLMqAdzjNQtCoVD/hUhqeOLw7qcy/HP4zlKlsckpx0VU7BgynTQ28DGMIN

2009/06/21 21:15:02 Content-Type: application/xml

2009/06/21 21:15:02 Transfer-Encoding: chunked

2009/06/21 21:15:02 Date: Sun, 21 Jun 2009 21:14:58 GMT

2009/06/21 21:15:02 Server: AmazonS3

2009/06/21 21:15:02 Connection: close

2009/06/21 21:15:02 Error occurred, retry after 5 seconds

2009/06/21 21:15:07 Connecting s3.amazonaws.com:80...

2009/06/21 21:15:07 Connecting to s3.amazonaws.com:80 successfully

2009/06/21 21:15:07 GET /senduit/873285?AWSAccessKeyId=0RYTHV9YYQ4W5Q3HQMG2&Expires=1245618737&Signature=7wIOuy6tWC0moXJAZaqh4xjc5%2Fk%3D HTTP/1.1

2009/06/21 21:15:07 Host: s3.amazonaws.com

2009/06/21 21:15:07 Accept: */*

2009/06/21 21:15:07 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

2009/06/21 21:15:07 Referer: http://s3.amazonaws.com/senduit

2009/06/21 21:15:07 Range: bytes=4827741-

2009/06/21 21:15:07 Pragma: no-cache

2009/06/21 21:15:07 Cache-Control: no-cache

2009/06/21 21:15:07 Connection: close

2009/06/21 21:15:08 HTTP/1.1 403 Forbidden

2009/06/21 21:15:08 x-amz-request-id: 373B9EED3F336974

2009/06/21 21:15:08 x-amz-id-2: Li2iZ1Fp+fb7hcxyy+m5fbvBnQSACLhOtQt+ty+X9RkFjXfDRofTGjPq6KS/OGn1

2009/06/21 21:15:08 Content-Type: application/xml

2009/06/21 21:15:08 Transfer-Encoding: chunked

2009/06/21 21:15:08 Date: Sun, 21 Jun 2009 21:15:07 GMT

2009/06/21 21:15:08 Server: AmazonS3

2009/06/21 21:15:08 Connection: close

2009/06/21 21:15:08 Error occurred, retry after 5 seconds

2009/06/21 21:15:13 Connecting s3.amazonaws.com:80...

2009/06/21 21:15:13 Connecting to s3.amazonaws.com:80 successfully

2009/06/21 21:15:13 GET /senduit/873285?AWSAccessKeyId=0RYTHV9YYQ4W5Q3HQMG2&Expires=1245618737&Signature=7wIOuy6tWC0moXJAZaqh4xjc5%2Fk%3D HTTP/1.1

2009/06/21 21:15:13 Host: s3.amazonaws.com

2009/06/21 21:15:13 Accept: */*

2009/06/21 21:15:13 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

2009/06/21 21:15:13 Referer: http://s3.amazonaws.com/senduit

2009/06/21 21:15:13 Range: bytes=4827741-

2009/06/21 21:15:13 Pragma: no-cache

2009/06/21 21:15:13 Cache-Control: no-cache

2009/06/21 21:15:13 Connection: close

2009/06/21 21:15:13 HTTP/1.1 403 Forbidden

2009/06/21 21:15:13 x-amz-request-id: 7D1CF32A1FC1000A

2009/06/21 21:15:13 x-amz-id-2: hrLe0mPWHMhyhbzN50Vuj5R1DYy8mvAtu6dIiYMBzZ3YP6K8j9Gu4N6qlStKVHVE

2009/06/21 21:15:13 Content-Type: application/xml

2009/06/21 21:15:13 Transfer-Encoding: chunked

2009/06/21 21:15:13 Date: Sun, 21 Jun 2009 21:15:12 GMT

2009/06/21 21:15:13 Server: AmazonS3

2009/06/21 21:15:13 Connection: close

2009/06/21 21:15:13 Error occurred, retry after 5 seconds

2009/06/21 21:15:18 Connecting s3.amazonaws.com:80...

2009/06/21 21:15:18 Connecting to s3.amazonaws.com:80 successfully

2009/06/21 21:15:18 GET /senduit/873285?AWSAccessKeyId=0RYTHV9YYQ4W5Q3HQMG2&Expires=1245618737&Signature=7wIOuy6tWC0moXJAZaqh4xjc5%2Fk%3D HTTP/1.1

2009/06/21 21:15:18 Host: s3.amazonaws.com

2009/06/21 21:15:18 Accept: */*

2009/06/21 21:15:18 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

2009/06/21 21:15:18 Referer: http://s3.amazonaws.com/senduit

2009/06/21 21:15:18 Range: bytes=4827741-

2009/06/21 21:15:18 Pragma: no-cache

2009/06/21 21:15:18 Cache-Control: no-cache

2009/06/21 21:15:18 Connection: close

2009/06/21 21:15:18 HTTP/1.1 403 Forbidden

2009/06/21 21:15:18 x-amz-request-id: C27C90766F03B009

2009/06/21 21:15:18 x-amz-id-2: lrY8JkuGcFwZZ6/UbHB4QYUrqn0BY6QBCAfawK5NLgkI2Y2XtGQ4JiJrJeiKky+a

2009/06/21 21:15:18 Content-Type: application/xml

2009/06/21 21:15:18 Transfer-Encoding: chunked

2009/06/21 21:15:18 Date: Sun, 21 Jun 2009 21:15:17 GMT

2009/06/21 21:15:18 Server: AmazonS3

2009/06/21 21:15:18 Connection: close

2009/06/21 21:15:18 Error occurred, retry after 5 seconds

2009/06/21 21:15:23 Connecting s3.amazonaws.com:80...

2009/06/21 21:15:24 Connecting to s3.amazonaws.com:80 successfully

2009/06/21 21:15:24 GET /senduit/873285?AWSAccessKeyId=0RYTHV9YYQ4W5Q3HQMG2&Expires=1245618737&Signature=7wIOuy6tWC0moXJAZaqh4xjc5%2Fk%3D HTTP/1.1

2009/06/21 21:15:24 Host: s3.amazonaws.com

2009/06/21 21:15:24 Accept: */*

2009/06/21 21:15:24 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

2009/06/21 21:15:24 Referer: http://s3.amazonaws.com/senduit

2009/06/21 21:15:24 Range: bytes=4827741-

2009/06/21 21:15:24 Pragma: no-cache

2009/06/21 21:15:24 Cache-Control: no-cache

2009/06/21 21:15:24 Connection: close

2009/06/21 21:15:27 HTTP/1.1 403 Forbidden

2009/06/21 21:15:27 x-amz-request-id: 447C57366501DFF6

2009/06/21 21:15:27 x-amz-id-2: yMnlo0qBsabf1pDKlfOE5J4hjc7ScxfTo3yOYQ05fAJ2ca+rUftaBConsLMlDkUu

2009/06/21 21:15:27 Content-Type: application/xml

2009/06/21 21:15:27 Transfer-Encoding: chunked

2009/06/21 21:15:27 Date: Sun, 21 Jun 2009 21:15:22 GMT

2009/06/21 21:15:27 Server: AmazonS3

2009/06/21 21:15:27 Connection: close

2009/06/21 21:15:27 Error occurred, retry after 5 seconds

2009/06/21 21:15:32 Connecting s3.amazonaws.com:80...

2009/06/21 21:15:32 Connecting to s3.amazonaws.com:80 successfully

2009/06/21 21:15:32 GET /senduit/873285?AWSAccessKeyId=0RYTHV9YYQ4W5Q3HQMG2&Expires=1245618737&Signature=7wIOuy6tWC0moXJAZaqh4xjc5%2Fk%3D HTTP/1.1

2009/06/21 21:15:32 Host: s3.amazonaws.com

2009/06/21 21:15:32 Accept: */*

2009/06/21 21:15:32 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

2009/06/21 21:15:32 Referer: http://s3.amazonaws.com/senduit

2009/06/21 21:15:32 Range: bytes=4827741-

2009/06/21 21:15:32 Pragma: no-cache

2009/06/21 21:15:32 Cache-Control: no-cache

2009/06/21 21:15:32 Connection: close

2009/06/21 21:15:32 HTTP/1.1 403 Forbidden

2009/06/21 21:15:32 x-amz-request-id: C7E8EEB74093B3FC

2009/06/21 21:15:32 x-amz-id-2: 1nbBWCcONCXlnGP/o0d523m/NPR5mDeh2yae22jivlibz46BLAhIuriZU1zrtJb3

2009/06/21 21:15:32 Content-Type: application/xml

2009/06/21 21:15:32 Transfer-Encoding: chunked

2009/06/21 21:15:32 Date: Sun, 21 Jun 2009 21:15:31 GMT

2009/06/21 21:15:32 Server: AmazonS3

2009/06/21 21:15:32 Connection: close

2009/06/21 21:15:32 Error occurred, retry after 5 seconds

2009/06/21 21:15:37 Connecting s3.amazonaws.com:80...

2009/06/21 21:15:37 Connecting to s3.amazonaws.com:80 successfully

2009/06/21 21:15:37 GET /senduit/873285?AWSAccessKeyId=0RYTHV9YYQ4W5Q3HQMG2&Expires=1245618737&Signature=7wIOuy6tWC0moXJAZaqh4xjc5%2Fk%3D HTTP/1.1

2009/06/21 21:15:37 Host: s3.amazonaws.com

2009/06/21 21:15:37 Accept: */*

2009/06/21 21:15:37 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

2009/06/21 21:15:37 Referer: http://s3.amazonaws.com/senduit

2009/06/21 21:15:37 Range: bytes=4827741-

2009/06/21 21:15:37 Pragma: no-cache

2009/06/21 21:15:37 Cache-Control: no-cache

2009/06/21 21:15:37 Connection: close

2009/06/21 21:15:37 HTTP/1.1 403 Forbidden

2009/06/21 21:15:37 x-amz-request-id: 456740A76E1C1251

2009/06/21 21:15:37 x-amz-id-2: Bq3dlF67/IZKmUV571bNY2CDQzkzDUG9dbRSGuWvERcyvJO2tp5QmaqCgBzcBSth

2009/06/21 21:15:37 Content-Type: application/xml

2009/06/21 21:15:37 Transfer-Encoding: chunked

2009/06/21 21:15:37 Date: Sun, 21 Jun 2009 21:15:36 GMT

2009/06/21 21:15:37 Server: AmazonS3

2009/06/21 21:15:37 Connection: close

2009/06/21 21:15:37 Error occurred, retry after 5 seconds

2009/06/21 21:15:42 Connecting s3.amazonaws.com:80...

2009/06/21 21:15:43 Connecting to s3.amazonaws.com:80 successfully

2009/06/21 21:15:43 GET /senduit/873285?AWSAccessKeyId=0RYTHV9YYQ4W5Q3HQMG2&Expires=1245618737&Signature=7wIOuy6tWC0moXJAZaqh4xjc5%2Fk%3D HTTP/1.1

2009/06/21 21:15:43 Host: s3.amazonaws.com

2009/06/21 21:15:43 Accept: */*

2009/06/21 21:15:43 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

2009/06/21 21:15:43 Referer: http://s3.amazonaws.com/senduit

2009/06/21 21:15:43 Range: bytes=4827741-

2009/06/21 21:15:43 Pragma: no-cache

2009/06/21 21:15:43 Cache-Control: no-cache

2009/06/21 21:15:43 Connection: close

2009/06/21 21:15:43 HTTP/1.1 403 Forbidden

2009/06/21 21:15:43 x-amz-request-id: E2981831453D7194

2009/06/21 21:15:43 x-amz-id-2: Nkm+ng0ySAUX128whfiHd6p+L2zMFBY9/7XELccJgz66zqAJfsFgA7jh6rOr8KOD

2009/06/21 21:15:43 Content-Type: application/xml

2009/06/21 21:15:43 Transfer-Encoding: chunked

2009/06/21 21:15:43 Date: Sun, 21 Jun 2009 21:15:42 GMT

2009/06/21 21:15:43 Server: AmazonS3

2009/06/21 21:15:43 Connection: close

2009/06/21 21:15:43 Error occurred, retry after 5 seconds

2009/06/21 21:15:48 Connecting s3.amazonaws.com:80...

2009/06/21 21:15:48 Connecting to s3.amazonaws.com:80 successfully

2009/06/21 21:15:48 GET /senduit/873285?AWSAccessKeyId=0RYTHV9YYQ4W5Q3HQMG2&Expires=1245618737&Signature=7wIOuy6tWC0moXJAZaqh4xjc5%2Fk%3D HTTP/1.1

2009/06/21 21:15:48 Host: s3.amazonaws.com

2009/06/21 21:15:48 Accept: */*

2009/06/21 21:15:48 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)

2009/06/21 21:15:48 Referer: http://s3.amazonaws.com/senduit

2009/06/21 21:15:48 Range: bytes=4827741-

2009/06/21 21:15:48 Pragma: no-cache

2009/06/21 21:15:48 Cache-Control: no-cache

2009/06/21 21:15:48 Connection: close

2009/06/21 21:15:48 HTTP/1.1 403 Forbidden

2009/06/21 21:15:48 x-amz-request-id: 1086A36E011B660C

2009/06/21 21:15:48 x-amz-id-2: cezN64nlPBQEcBRbXz16qwuTg9ydGf8ws4NA4QBAsbyz9nY1oZ57e0wPWW4esQMi

2009/06/21 21:15:48 Content-Type: application/xml

2009/06/21 21:15:48 Transfer-Encoding: chunked

2009/06/21 21:15:48 Date: Sun, 21 Jun 2009 21:15:46 GMT

2009/06/21 21:15:48 Server: AmazonS3

2009/06/21 21:15:48 Connection: close

2009/06/21 21:15:48 Max number of tries reached, task exits

 

Je me demande pourquoi seulement ce fichier que je n'arrive pas à télécharger (?_?)

Il n'existe pas d'autre alternative à Drweb ?

 

Merci

Mynasa Junior Member

Mynasa

Posté(e)
  • Auteur
Posté(e)

Voici le rapport RTT au cas :

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by Sanamy at 2009-06-21 22:10:12

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 14 MB (0%) free of 10 GB

Total RAM: 255 MB (11% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:10:57, on 21/06/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE

C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Giganology\Gigaget\Gigaget.exe

C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winflettq.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Sanamy\Mes documents\Téléchargements\RSIT.exe

C:\Program Files\trend micro\Sanamy.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll

O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (file missing)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"

O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{F8E8EB8E-43E3-4D6D-BB7C-8CA044F33B6D}: NameServer = 208.67.222.222 193.55.10.102

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

 

--

End of file - 4043 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-602609370-682003330-1003.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{111CAA23-6F4F-42AC-8555-B48C1D87BBAB}]

GigagetIEHelper Class - C:\WINDOWS\system32\gigagetbho_v10.dll [2006-01-09 86016]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]

IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]

EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"EPSON Stylus C45 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE [2004-01-14 173568]

 

C:\Documents and Settings\Sanamy\Menu Démarrer\Programmes\Démarrage

Outil de détection de support Picture Motion Browser.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"DisableRegistryTools"=1

"DisableTaskMgr"=1

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"EnableLUA"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:ipsec"

"C:\Program Files\Giganology\Gigaget\Gigaget.exe"="C:\Program Files\Giganology\Gigaget\Gigaget.exe:*:Enabled:ipsec"

"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"

"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:ipsec"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE:*:Enabled:ipsec"

"C:\Documents and Settings\Sanamy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe"="C:\Documents and Settings\Sanamy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec"

"C:\Documents and Settings\Sanamy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Sanamy\Local Settings\Application Data\Google\Chrome\Application\chrome.exe:*:Enabled:ipsec"

"C:\Program Files\Java\jre6\bin\jusched.exe"="C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:ipsec"

"C:\WINDOWS\system32\taskmgr.exe"="C:\WINDOWS\system32\taskmgr.exe:*:Enabled:ipsec"

"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winwioo.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winwioo.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winidmj.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winidmj.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\cwldr.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\cwldr.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winyabv.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winyabv.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winoswght.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winoswght.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\rwjmt.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\rwjmt.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\xxje.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\xxje.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winxyuj.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winxyuj.exe:*:Enabled:ipsec"

"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:ipsec"

"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\jblj.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\jblj.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\windsne.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\windsne.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\bjnnjb.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\bjnnjb.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winohwqwx.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winohwqwx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\wintxmiqy.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\wintxmiqy.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winptngod.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winptngod.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\mopwav.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\mopwav.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winbfsvr.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winbfsvr.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\vdkl.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\vdkl.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\bsrd.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\bsrd.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\wingxbu.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\wingxbu.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\wdxonf.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\wdxonf.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winbibfp.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winbibfp.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\vhpvwr.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\vhpvwr.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winnfgy.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winnfgy.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winaniuu.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winaniuu.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winompa.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winompa.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\uvqgk.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\uvqgk.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winevinbf.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winevinbf.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\ctvuw.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\ctvuw.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\windkung.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\windkung.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\dhmk.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\dhmk.exe:*:Enabled:ipsec"

"J:\Rappelz\SFrame.exe"="J:\Rappelz\SFrame.exe:*:Enabled:SFrame"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\wincwmy.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\wincwmy.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winygws.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winygws.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\ocdw.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\ocdw.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\tjhv.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\tjhv.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\aqcay.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\aqcay.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winjukkqb.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winjukkqb.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\qhndtg.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\qhndtg.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winktix.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winktix.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winmyjn.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winmyjn.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\lqqtcm.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\lqqtcm.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\wincvls.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\wincvls.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winpenvsr.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winpenvsr.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\windwer.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\windwer.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\irvwvg.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\irvwvg.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\shbdn.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\shbdn.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\dsgljx.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\dsgljx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\etjn.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\etjn.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winhdkikk.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winhdkikk.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\qokqu.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\qokqu.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\qvlv.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\qvlv.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\jiiw.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\jiiw.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\gemmw.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\gemmw.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\ooye.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\ooye.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winflfung.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winflfung.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\jsvhep.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\jsvhep.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\gxxu.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\gxxu.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winruleuu.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winruleuu.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\hfiyd.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\hfiyd.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winhlbrqc.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winhlbrqc.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\wingqycow.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\wingqycow.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\plgty.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\plgty.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winjpycj.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winjpycj.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winhgvdl.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winhgvdl.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\pgot.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\pgot.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\wintjqql.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\wintjqql.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winshau.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winshau.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winhbtski.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winhbtski.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\galhe.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\galhe.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\lasji.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\lasji.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winlscec.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winlscec.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\dtlx.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\dtlx.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\aoeuc.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\aoeuc.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winfugm.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winfugm.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\yvoe.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\yvoe.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\jxdy.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\jxdy.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\tjjmri.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\tjjmri.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winavkk.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winavkk.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\myaq.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\myaq.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\wintmfko.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\wintmfko.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winvoggbt.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winvoggbt.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winyexf.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winyexf.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\slfl.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\slfl.exe:*:Enabled:ipsec"

"C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winflettq.exe"="C:\DOCUME~1\Sanamy\LOCALS~1\Temp\winflettq.exe:*:Enabled:ipsec"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

 

======List of files/folders created in the last 1 months======

 

2009-06-21 22:10:12 ----D---- C:\rsit

2009-06-21 21:07:42 ----D---- C:\WINDOWS\LastGood

2009-06-19 20:00:41 ----D---- C:\Documents and Settings\Sanamy\Application Data\Thinstall

2009-06-11 22:30:24 ----D---- C:\Documents and Settings\Sanamy\Application Data\gtk-2.0

2009-06-11 22:25:12 ----D---- C:\Program Files\GIMP-2.0

2009-06-08 13:42:34 ----A---- C:\WINDOWS\system32\muweb.dll

2009-06-08 13:42:34 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2009-06-08 13:42:34 ----A---- C:\WINDOWS\system32\mucltui.dll

2009-05-26 21:27:34 ----AC---- C:\WINDOWS\system32\TubeFinder.exe

2009-05-26 21:27:30 ----AC---- C:\WINDOWS\system32\PCCLPFR.DLL

2009-05-26 21:27:29 ----D---- C:\Program Files\Free FLV Converter

2009-05-26 21:27:29 ----AC---- C:\WINDOWS\system32\MSCMCFR.DLL

2009-05-26 21:27:29 ----AC---- C:\WINDOWS\system32\CMDLGFR.DLL

 

======List of files/folders modified in the last 1 months======

 

2009-06-21 22:10:56 ----D---- C:\Program Files\Trend Micro

2009-06-21 22:10:04 ----D---- C:\WINDOWS\Prefetch

2009-06-21 22:07:13 ----D---- C:\Program Files\Mozilla Firefox

2009-06-21 22:06:23 ----HD---- C:\WINDOWS\inf

2009-06-21 21:42:00 ----D---- C:\TDdownload

2009-06-21 21:36:25 ----HD---- C:\WINDOWS\$hf_mig$

2009-06-21 21:36:24 ----D---- C:\WINDOWS

2009-06-21 21:28:29 ----D---- C:\WINDOWS\system32\CatRoot2

2009-06-21 20:50:57 ----D---- C:\WINDOWS\temp

2009-06-21 20:50:53 ----D---- C:\WINDOWS\system32\drivers

2009-06-21 20:49:26 ----D---- C:\WINDOWS\system32

2009-06-19 13:16:32 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-06-13 23:28:28 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-06-09 19:01:40 ----D---- C:\Documents and Settings

2009-06-08 08:10:10 ----AC---- C:\WINDOWS\PEV.exe

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 40320]

R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]

R2 irda;Protocole IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]

R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\iojhmh.sys []

R3 ac97intc;Service d'installation du pilote audio Intel® 82801 (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]

R3 irsir;Pilote série infrarouge Microsoft; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]

R3 KLFLTDEV;Kaspersky Lab KLFltDev; C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]

R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]

R3 Rasirda;Miniport réseau étendu (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]

R3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]

S3 catchme;catchme; \??\C:\DOCUME~1\Sanamy\LOCALS~1\Temp\catchme.sys []

S3 dump_wmimmc;dump_wmimmc; \??\H:\Rappelz\GameGuard\dump_wmimmc.sys []

S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []

S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]

S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]

S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Irmon;Moniteur infrarouge; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-20 152984]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 139264]

S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-06-03 2862428]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 158768]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]

S4 GameConsoleService;GameConsoleService; C:\Program Files\WildGames\Game Console - WildGames\GameConsoleService.exe [2009-02-24 312056]

 

-----------------EOF-----------------

 

info.txt logfile of random's system information tool 1.06 2009-06-21 22:11:06

 

======Uninstall list======

 

-->"C:\Program Files\WildGames\Game Console - WildGames\Uninstall.exe"

-->"C:\Program Files\WildGames\SpongeBob Diner Dash 2 - Two Times the Trouble\Uninstall.exe"

-->"C:\Program Files\WildGames\SpongeBob SquarePants 3D Obstacle Odyssey\Uninstall.exe"

-->"C:\Program Files\WildGames\SpongeBob SquarePants Krabby Quest\Uninstall.exe"

-->C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe -runfromtemp -l0x040c -removeonly

-->C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe -runfromtemp -l0x040c/cont -removeonly

-->C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe -runfromtemp -l0x040c -removeonly

-->C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe -runfromtemp -l0x040c -removeonly

-->C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe -runfromtemp -l0x040c -removeonly

-->C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe -runfromtemp -l0x040c -removeonly

-->C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe -runfromtemp -l0x040c -removeonly

-->C:\Program Files\InstallShield Installation Information\{E078134D-A344-41B6-A0F8-147AB235396E}\setup.exe -runfromtemp -l0x040c -removeonly

-->C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe -runfromtemp -l0x040c -removeonly

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}\SETUP.EXE" -l0x9 UNINST

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

DBZ Online V7.00-->C:\Program Files\DBZ Online\Uninstal.exe

EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG

EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}\SETUP.EXE" -l0x9 UNINST

EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST

EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R

EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x40c -u

EPSON Stylus C90_91_D92 Manual-->C:\Program Files\EPSON\TPMANUAL\ESC90 91 D92\ENG\USE_G\DOCUNINS.EXE

EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything

FileZilla Client 3.2.4.1-->h:\Program Files\FileZilla FTP Client\uninstall.exe

FindyKill-->C:\Program Files\FindyKill\Uninstal.exe

Free FLV Converter V 5.0-->"C:\Program Files\Free FLV Converter\unins000.exe"

Gigaget-->"C:\Program Files\Giganology\Gigaget\unins000.exe"

GIMP 2.6.6-->"C:\Program Files\GIMP-2.0\setup\unins000.exe"

GPL Ghostscript 8.63-->C:\Program Files\gs\uninstgs.exe "C:\Program Files\gs\gs8.63\uninstal.txt"

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}

Java 2 Runtime Environment, SE v1.4.1_07-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CA532E73-1BB7-11D8-9D6A-00010240CE95}\setup.exe" Anytext

Java Web Start-->"C:\Program Files\Java Web Start\uninst-javaws.exe"

Java 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}

Jeux WildTangent-->"C:\Program Files\WildGames\Uninstall.exe"

Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}

Kaspersky Internet Security 2009-->MsiExec.exe /I{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}

KidNet -->C:\Program Files\KidNet\KidNet-uninst.exe

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Mozilla Firefox (3.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Package de pilotes Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpacm_18A9B92ED8DEDC602E49E767FA4BE98A30525207\shpacm.inf

Package de pilotes Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\shpusb_558D416BCEB984F35885804D3E1A9C3773F1B17C\shpusb.inf

Pcsx2 0.9.6-->MsiExec.exe /I{0E2B767B-EA6A-489B-BF83-8083FE1DB661}

PDFill PDF Editor with FREE PDF Writer and Tools-->MsiExec.exe /I{262C7F33-8251-432E-88C1-E9F42A53F8F0}

PDF-to-Word 2.5 Demo-->C:\PROGRA~1\BLUESQ~1\demos\UNWISE.EXE /U C:\PROGRA~1\BLUESQ~1\demos\pdf2word.log

Rappelz-->"H:\Rappelz\unins000.exe"

SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe

SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe

Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe

SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe

SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

Samsung PC Studio 3 USB Driver Installer-->"C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly

Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly

Samsung Samples Installer-->"C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -runfromtemp -l0x040c -removeonly

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Sims Language-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\Sims Language\ST5UNST.LOG"

Skype 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}

Sony Picture Utility-->C:\Program Files\InstallShield Installation Information\{D5068583-D569-468B-9755-5FBF5848F46F}\setup.exe -runfromtemp -l0x040c /removeonly uninstall -removeonly

VLC media player 0.9.8a-->H:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}

Yu-Gi-Oh Virtual Battle 5.19-->h:\Program Files\Yu-Gi-Oh Virtual Battle 5\Uninstal.exe

Yugioh Virtual Desktop-->C:\WINDOWS\unvise32.exe C:\Program Files\YuGiOh Virtual Desktop\uninstal.log

 

======Hosts File======

 

127.0.0.1 localhost

 

======Security center information======

 

AV: Kaspersky Internet Security (disabled) (outdated)

FW: Kaspersky Internet Security (disabled)

 

======System event log======

 

Computer Name: SHELLA

Event Code: 29

Message: Le fournisseur de temps NtpClient est configuré pour acquérir le temps à partir d'une

ou plusieurs sources de temps, cependant aucune source n'est actuellement accessible.

Aucune tentative pour en contacter une ne sera effectuée d'ici 14 minutes.

NtpClient n'a pas de source de temps précis.

 

Record Number: 5

Source Name: W32Time

Time Written: 20090619095616.000000+060

Event Type: erreur

User:

 

Computer Name: SHELLA

Event Code: 17

Message: Fournisseur de temps NtpClient : une erreur s'est produite lors de la recherche DNS de

l'homologue manuellement configuré 'time.windows.com,0x1'. NtpClient va essayer à nouveau

la recherche DNS dans 15 minutes.

L'erreur était : Une opération a été tentée sur un hôte impossible à atteindre. (0x80072751)

 

Record Number: 4

Source Name: W32Time

Time Written: 20090619095616.000000+060

Event Type: erreur

User:

 

Computer Name: SHELLA

Event Code: 1007

Message: Votre ordinateur a automatiquement configuré l'adresse IP pour la

carte avec l'adresse réseau 00138FFF1165. L'adresse IP utilisée est 169.254.88.98.

 

Record Number: 3

Source Name: Dhcp

Time Written: 20090619095607.000000+060

Event Type: Avertissement

User:

 

Computer Name: SHELLA

Event Code: 6005

Message: Le service d'Enregistrement d'événement a démarré.

 

Record Number: 2

Source Name: EventLog

Time Written: 20090619095504.000000+060

Event Type: Informations

User:

 

Computer Name: SHELLA

Event Code: 6009

Message: Microsoft ® Windows ® 5.01. 2600 Service Pack 2 Multiprocessor Free.

 

Record Number: 1

Source Name: EventLog

Time Written: 20090619095504.000000+060

Event Type: Informations

User:

 

=====Application event log=====

 

Computer Name: SHELLA

Event Code: 1000

Message: Application défaillante chrome.exe, version 0.0.0.0, module défaillant chrome.dll, version 1.0.154.53, adresse de défaillance 0x0055355d.

 

Record Number: 252

Source Name: Application Error

Time Written: 20090405162307.000000+060

Event Type: erreur

User:

 

Computer Name: SHELLA

Event Code: 1800

Message: Le service Centre de sécurité Windows a démarré.

 

Record Number: 251

Source Name: SecurityCenter

Time Written: 20090405144649.000000+060

Event Type: Informations

User:

 

Computer Name: SHELLA

Event Code: 1000

Message: Application défaillante chrome.exe, version 0.0.0.0, module défaillant chrome.dll, version 1.0.154.53, adresse de défaillance 0x005535b0.

 

Record Number: 250

Source Name: Application Error

Time Written: 20090405120911.000000+060

Event Type: erreur

User:

 

Computer Name: SHELLA

Event Code: 1800

Message: Le service Centre de sécurité Windows a démarré.

 

Record Number: 249

Source Name: SecurityCenter

Time Written: 20090405112230.000000+060

Event Type: Informations

User:

 

Computer Name: SHELLA

Event Code: 1001

Message: Vérification du système de fichiers sur C:

Le type du système de fichiers est NTFS.

 

 

L'intégrité de l'un de vos disques doit être vérifiée.

Vous pouvez annuler cette vérification, mais son exécution est

fortement recommandée.

Windows va maintenant vérifier le disque.

L'enregistrement d'attribut de type 0x80 et de balise d'instance 0x4 a un lien croisé

qui commence à 0x1fafc pour 0x1 clusters éventuels.

L'enregistrement d'attribut de type 0x80 et de balise d'instance 0x4 a un lien croisé

qui commence à 0x1fafc pour 0x1 clusters éventuels.

Certains clusters occupés par l'attribut de type 0x80 et de balise d'instance 0x4

dans le fichier 0x8b14 sont déjà utilisés.

Suppression de l'enregistrement d'attribut endommagé (128, "")

du segment d'enregistrement de fichier 35604.

Les deux entrées d'index de longueur 0x70 et 0x70 sont identiques

ou apparaissent dans le mauvais ordre.

eb 8e 00 00 00 00 36 00 70 00 5a 00 00 00 00 00 ......6.p.Z.....

b0 27 00 00 00 00 0c 00 a4 de ab 56 2c b5 c9 01 .'.........V,...

a4 de ab 56 2c b5 c9 01 a4 de ab 56 2c b5 c9 01 ...V,......V,...

a4 de ab 56 2c b5 c9 01 00 20 00 00 00 00 00 00 ...V,.... ......

00 20 00 00 00 00 00 00 20 01 00 00 00 00 00 00 . ...... .......

0c 02 43 00 43 00 48 00 7e 00 31 00 34 00 7e 00 ..C.C.H.~.1.4.~.

33 00 2e 00 48 00 56 00 50 00 64 00 32 00 37 00 3...H.V.P.d.2.7.

34 00 2e 00 68 00 74 00 70 00 5a 00 00 00 00 00 4...h.t.p.Z.....

----------------------------------------------------------------------

e4 8e 00 00 00 00 12 00 70 00 5a 00 00 00 00 00 ........p.Z.....

b0 27 00 00 00 00 0c 00 96 b7 a4 56 2c b5 c9 01 .'.........V,...

96 b7 a4 56 2c b5 c9 01 96 b7 a4 56 2c b5 c9 01 ...V,......V,...

96 b7 a4 56 2c b5 c9 01 00 20 00 00 00 00 00 00 ...V,.... ......

00 20 00 00 00 00 00 00 20 01 00 00 00 00 00 00 . ...... .......

0c 02 43 00 43 00 48 00 7e 00 31 00 34 00 7e 00 ..C.C.H.~.1.4.~.

33 00 2e 00 48 00 56 00 50 00 64 00 32 00 37 00 3...H.V.P.d.2.7.

e5 8e 00 00 00 00 0e 00 70 00 5a 00 00 00 00 00 ........p.Z.....

Tri de l'index $I30 du fichier 10160.

Impossible de trouver l'attribut nom de fichier d'entrée d'index CCH~14~3.HVP

de l'index $I30 avec pour parent 0x27b0 dans le fichier 0x8eeb.

Suppression de l'entrée d'index CCH~14~3.HVP dans l'index $I30 du fichier 10160.

Impossible de trouver l'attribut nom de fichier d'entrée d'index CCH~14~4.HVP

de l'index $I30 avec pour parent 0x27b0 dans le fichier 0x8f0a.

Suppression de l'entrée d'index CCH~14~4.HVP dans l'index $I30 du fichier 10160.

Nettoyage en cours de petites incohérences sur le lecteur.

CHKDSK récupère les fichiers perdus.

Récupération du fichier orphelin CCH~14~4.HTP (27624) dans le fichier de répertoire 10160.

Récupération du fichier orphelin CCH~14~3.HTP (36577) dans le fichier de répertoire 10160.

Il n'y a pas d'attribut nom de fichier DOS dans le fichier 0x8ee2.

Correction d'erreurs mineures de nom de fichier pour le fichier 36578.

Il n'y a pas d'attribut nom de fichier DOS dans le fichier 0x8ee3.

Correction d'erreurs mineures de nom de fichier pour le fichier 36579.

Il n'y a pas d'attribut nom de fichier DOS dans le fichier 0x8ee4.

Correction d'erreurs mineures de nom de fichier pour le fichier 36580.

Il n'y a pas d'attribut nom de fichier DOS dans le fichier 0x8ee5.

Correction d'erreurs mineures de nom de fichier pour le fichier 36581.

Il n'y a pas d'attribut nom de fichier DOS dans le fichier 0x8eeb.

Correction d'erreurs mineures de nom de fichier pour le fichier 36587.

Il n'y a pas d'attribut nom de fichier DOS dans le fichier 0x8f09.

Correction d'erreurs mineures de nom de fichier pour le fichier 36617.

Il n'y a pas d'attribut nom de fichier DOS dans le fichier 0x8f0a.

Correction d'erreurs mineures de nom de fichier pour le fichier 36618.

Nettoyage en cours de 9 entrées d'index inutilisées à partir de l'index $SII du fichier 0x9.

Nettoyage en cours de 9 entrées d'index inutilisées à partir de l'index $SDH du fichier 0x9.

Nettoyage en cours de 9 descripteurs de sécurité non utilisés.

Insertion d'un attribut de données dans le fichier 35604.

Correction des erreurs dans le carte du volume.

Windows a effectué des corrections sur le système de fichiers.

 

10506478 Ko d'espace disque au total.

8339488 Ko dans 34589 fichiers.

10248 Ko dans 2229 index.

0 Ko dans des secteurs défectueux.

92234 Ko utilisés par le système.

54592 Ko occupés par le fichier journal.

2064508 Ko disponibles sur le disque.

 

4096 octets dans chaque unité d'allocation.

2626619 unités d'allocation au total sur le disque.

516127 unités d'allocation disponibles sur le disque.

 

Informations internes :

80 90 00 00 dd 8f 00 00 ad b1 00 00 00 00 00 00 ................

0e 01 00 00 00 00 00 00 13 01 00 00 00 00 00 00 ................

02 91 ba 02 00 00 00 00 78 00 fb 22 00 00 00 00 ........x.."....

70 bf cc 03 00 00 00 00 00 00 00 00 00 00 00 00 p...............

00 00 00 00 00 00 00 00 b8 67 95 31 00 00 00 00 .........g.1....

10 a3 cb b2 00 00 00 00 c0 3f 07 00 1d 87 00 00 .........?......

00 00 00 00 00 80 00 fd 01 00 00 00 b5 08 00 00 ................

 

Windows a terminé la vérification de votre disque.

Veuillez patienter pendant le redémarrage de votre ordinateur.

 

 

Record Number: 248

Source Name: Winlogon

Time Written: 20090405112117.000000+060

Event Type: Informations

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Samsung\Samsung PC Studio 3

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=15

"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel

"PROCESSOR_REVISION"=0409

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

Mark Godlike Member

Mark

Posté(e)
Posté(e)

Salut Mynasa ;

 

Je regarde ton rapport RSIT à l'instant et peux te confirmer le doute initial de Thanos : tu as bien chopé une variante du virus Sality, qui est un infecteur de fichiers exécutables. Non seulement ce dernier infecte tous les fichiers exécutables présents sur la machine (à la longue), mais il installe aussi une porte dérobée ; c'est elle qui te bouffe ta bande passante et limite tes connexions. Cette dernière est également protégée par un rootkit pas commode... qui permet, entre autre, de protéger et regénérer l'infection. Si jamais tu réussi à télécharger CureIt, il faudra le renommer avec extension .com sinon Sality l'injectera dès qu'il touche au PC.

 

Le nettoyage est parfois possible, mais rarement. Le faire proprement, sans séquelles sur le système, est chose encore plus rare.

 

Si tu avais accès à un autre PC pour télécharger des trucs, ça aiderait sûrement, mais rien ne peut garantir un nettoyage complet. Tu me vois venir ? Je laisse Thanos poursuivre dès son retour ; il a vu plus de Sality que moi :P

 

Petite note additionnelle : j'ai testé chez moi avec date système modifiée et CureIt peut être téléchargé et ensuite lancé brièvement, mais il renvoie une erreur sur la date, effectivement, et se referme ; cela ne correspond pas aux problèmes que tu rencontres avec CureIt. Pour AntiVir : j'ai réussi à le télécharger, l'installer, le mettre à jour et lancer une analyse complète sans problèmes, avec date modifiée à Juin 2002. C'est Sality qui te bloque tout, finalement.

 

Bonne continuation à vous deux :P

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...