Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Fenêtres d'erreurs à chaque demarrage des applications [resolu]

mic

Par mic
dans Analyses et éradication malwares

 Partager

Messages recommandés

mic Member

mic

Posté(e)
  • Auteur
Posté(e)

En effet thanos, les messages d'erreur n'apparaissent plus tout ! cool ! ^^

 

voicy le log de MBAM

 

Malwarebytes' Anti-Malware 1.39

Version de la base de données: 2479

Windows 5.1.2600 Service Pack 2

 

22/07/2009 20:34:27

mbam-log-2009-07-22 (20-33-54).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 162335

Temps écoulé: 1 hour(s), 55 minute(s), 11 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 6

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 1

Dossier(s) infecté(s): 1

Fichier(s) infecté(s): 253

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\TypeLib\{b6acb3f1-6a83-432c-b854-3e1056f87f4e} (Adware.EoRezo) -> No action taken.

HKEY_CLASSES_ROOT\Interface\{819db72d-1c28-4387-9778-e2ff3dc86f74} (Adware.EoRezo) -> No action taken.

HKEY_CLASSES_ROOT\CLSID\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Adware.EoRezo) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Adware.EoRezo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7b76b90-3455-4ae6-a752-eac4d19689e5} (Adware.EoRezo) -> No action taken.

HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> No action taken.

 

Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> No action taken.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> No action taken.

 

Elément(s) de données du Registre infecté(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

 

Dossier(s) infecté(s):

C:\WINDOWS\system32\pnVes01 (Trojan.Agent) -> No action taken.

 

Fichier(s) infecté(s):

c:\WINDOWS\system32\nnsngvvn.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\ptmsrwsp.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\tkhwffwn.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\wpdceruf.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\gylwarxa.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\welqweom.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\ogcywyvf.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\lsmdslkv.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\iccjjhno.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\jctfdang.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\gnxcvnka.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\xupccbkl.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\eklkwfyd.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\kpyumkne.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\cpriqhqt.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\kyqsheui.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\keiilbpe.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\eupubywj.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\ocoqibup.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\dowfsddk.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\okhcpkcn.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\dthgetpw.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\msdgtxwl.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\asftmfaa.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\prpuxewi.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\yrynqoqe.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\flhmpqmd.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\rnrpncqr.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\wmertcqa.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\odgdjrmm.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\ydnmnpan.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\budsmlas.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\ehqxyrcy.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\gaiodrwc.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\mghtjbuy.exe (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\bdmabocq.exe (Trojan.LowZones) -> No action taken.

c:\WINDOWS\system32\qqskdmmq.exe (Trojan.LowZones) -> No action taken.

c:\WINDOWS\system32\ifdcxlwi.exe (Trojan.LowZones) -> No action taken.

c:\WINDOWS\system32\ktdwlbfr.exe (Trojan.LowZones) -> No action taken.

c:\WINDOWS\system32\cdokoehm.exe (Trojan.LowZones) -> No action taken.

c:\WINDOWS\system32\smetsblp.exe (Trojan.LowZones) -> No action taken.

c:\WINDOWS\system32\gplswnjx.exe (Trojan.LowZones) -> No action taken.

c:\WINDOWS\system32\hxlukoux.exe (Trojan.LowZones) -> No action taken.

c:\WINDOWS\system32\ncmhsjiq.exe (Trojan.LowZones) -> No action taken.

c:\WINDOWS\system32\ahuchbrh.exe (Trojan.LowZones) -> No action taken.

c:\WINDOWS\system32\jtijxbee.exe (Trojan.LowZones) -> No action taken.

c:\WINDOWS\system32\hbuiwnkh.exe (Trojan.LowZones) -> No action taken.

c:\WINDOWS\system32\ftuwmnfy.exe (Trojan.LowZones) -> No action taken.

c:\WINDOWS\system32\nuwyauvn.exe (Trojan.LowZones) -> No action taken.

c:\WINDOWS\system32\qmrupsru.dll (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\MSINET.oca (Rogue.Trace) -> No action taken.

c:\documents and settings\ju vaness\Bureau\ASE_Setup_Free_fr.exe (Rogue.AntiSpywareSolutionPro) -> No action taken.

c:\documents and settings\ju vaness\application data\EoRezo\softwareupdate\SoftwareUpdate.exe (Adware.EoRezo) -> No action taken.

c:\documents and settings\ju vaness\application data\EoRezo\softwareupdate\SoftwareUpdateHP.exe (Adware.EoRezo) -> No action taken.

c:\program files\EoRezo\EoEngine.exe (Adware.EoRezo) -> No action taken.

c:\program files\EoRezo\EoAdv\EoAdv.dll (Adware.EoRezo) -> No action taken.

c:\program files\EoRezo\EoAdv\EoRezoBHO.dll (Adware.EoRezo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP284\A0155880.EXE (Rogue.AntiSpywareSolutionPro) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP295\A0158148.exe (Worm.Koobface) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP295\A0158149.exe (Worm.Koobface) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP295\A0158191.exe (Worm.Koobface) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP295\A0158208.exe (Worm.Koobface) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP295\A0158222.exe (Worm.KoobFace) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160527.DLL (Rootkit.Agent) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160528.sys (Rootkit.Agent) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160530.exe (Worm.KoobFace) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160534.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160536.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160537.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160544.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160547.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160549.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160552.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160556.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160561.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160563.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160567.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160572.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160575.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160585.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160588.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160589.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160591.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160592.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160595.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160596.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160598.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160599.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160600.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160601.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160604.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160605.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160606.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160608.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160611.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160615.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160616.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160622.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160628.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160629.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160630.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160637.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160640.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160648.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160649.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160650.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160651.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160652.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160654.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160659.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160660.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160664.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160670.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160671.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160673.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160675.dll (Trojan.Downloader) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160677.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160678.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160679.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160681.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160682.DLL (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160686.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160687.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160688.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160695.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160696.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160698.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160701.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160704.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160707.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160708.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160711.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160715.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160719.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160720.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160724.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160727.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160733.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160735.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160747.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160750.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160751.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160752.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160753.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160755.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160757.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160759.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160760.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160762.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160763.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160767.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160773.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160775.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160776.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160779.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160781.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160782.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160783.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160784.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160787.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160788.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160789.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160791.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160797.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160801.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160808.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160810.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160812.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160813.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160815.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160816.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160818.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160819.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160824.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160825.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160826.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160827.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160831.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160832.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160836.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160838.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160840.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160844.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160845.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160849.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160853.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160854.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160855.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160856.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160863.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160865.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160866.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160869.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160870.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160871.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160875.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160876.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160877.DLL (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160881.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160882.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160883.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160887.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160888.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160889.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160890.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160898.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160902.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160905.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160907.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160910.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160911.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160912.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160917.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160919.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160920.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160921.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160925.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160926.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160927.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160928.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160929.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160930.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160932.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160937.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160938.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160939.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160941.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160944.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160947.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160948.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160952.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160954.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160959.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160961.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160967.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160971.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160974.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160975.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160977.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160980.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160981.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160982.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160983.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160985.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160986.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0160988.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0161148.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0161149.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0161150.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0161151.dll (Trojan.Vundo) -> No action taken.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP298\A0161154.dll (Trojan.Vundo) -> No action taken.

c:\WINDOWS\system32\nnnnKAro.dll.vir (Trojan.Vundo) -> No action taken.

C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> No action taken.

Thanos Devil Member !

Thanos

Posté(e)
Posté(e) (modifié)

salut :P

 

De nouveau fichiers infectés ont été créés manifestement, mais MBAM les as détecté :P

Le problème... c'est que tu n'as pas demandé à MBAM de les supprimer et du coup, il sont toujours sur le disque dur!!

Je te rappelle la manip à effectuer pour éliminer les nuisibles (voir speech plus haut) >>

 

Si des malwares ont été détectés, clique sur Afficher les résultats.

Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

 

Désinstalle le programme suivant si tu trouves >> EoRezo

 

Malheureusement il va falloir refaire le scan (scan complet avec les supports amovibles branchés).

Je te conseille de désactiver le bouclier d'Antivir le temps du scan: Fais un clic droit sur l'icône d'Antivir dans la barre des tâches et décoche Antivir Guard enable (ou Activer Antivir Guard dans la version française). Le parapluie rouge doit être plié après ca.

Une fois le scan achevé et les nuisibles supprimés (le pc sera peut être redémarré pour cela), poste le rapport stp.

 

Avec ceci je vais te demander un autre scan mais rapide celui ci (1 mn) >>

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

  • Double-clique sur RSIT.exe afin de lancer RSIT.
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  • Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit

Modifié par Thanos
mic Member

mic

Posté(e)
  • Auteur
Posté(e) (modifié)

ok je vais relancer un scan dès ce soir

j'ai du quand même effacer les fichiers infectés mais apres avoir enregistré le rapport ! enfin je crois mais par précaution je vais recommencer ...

merci thanos je te tiend au courant de la suite des evènements !

voila le log de

Logfile of random's system information tool 1.06 (written by random/random)

Run by Ju Vaness at 2009-07-23 19:18:03

Microsoft Windows XP Édition familiale Service Pack 2

System drive C: has 33 GB (36%) free of 92 GB

Total RAM: 2047 MB (62% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:18:08, on 23/07/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATK Hotkey\Hcontrol.exe

C:\Program Files\ATKOSD2\ATKOSD2.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\ASScrPro.exe

C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\Program Files\PowerForPhone\PowerForPhone.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\Atheros\ACU.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Orange\Systray\SystrayApp.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\ASUSTPE.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\spoolsv.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Orange\Launcher\Launcher.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Orange\connectivity\connectivitymanager.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\StkCSrv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\Program Files\ATK Hotkey\KBFiltr.exe

C:\Program Files\ATK Hotkey\WDC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Orange\browser\browser.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Ju Vaness\Bureau\RSIT(2).exe

C:\Program Files\Trend Micro\HijackThis\Ju Vaness.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"

O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe

O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe

O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"

O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe

O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LogMeInRemoteUser')

O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe (User 'LogMeInRemoteUser')

O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [] (User 'LogMeInRemoteUser')

O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'LogMeInRemoteUser')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-21-3291974836-1474112473-3386457449-1007 Startup: CCC.lnk = ? (User 'LogMeInRemoteUser')

O4 - S-1-5-21-3291974836-1474112473-3386457449-1007 User Startup: CCC.lnk = ? (User 'LogMeInRemoteUser')

O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')

O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')

O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')

O4 - Startup: CCC.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O15 - Trusted Zone: http://www.orange.fr

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208022129250

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

 

--

End of file - 12162 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GlaryInitialize.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-04-04 2436160]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ATKHOTKEY"=C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-06-29 225280]

"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-07-03 7708672]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]

"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]

"ASUS Live Update"=C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-07-19 49520]

"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]

"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]

"ASUS Camera ScreenSaver"=C:\WINDOWS\ASScrProlog.exe [2007-10-08 37232]

"ASUS Screen Saver Protector"=C:\WINDOWS\ASScrPro.exe [2007-10-08 33136]

"ABLKSR"=C:\WINDOWS\ABLKSR\ABLKSR.exe [2006-01-02 61440]

"RemoteControl"=C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [2005-01-12 32768]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]

"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112]

"PowerForPhone"=C:\Program Files\PowerForPhone\PowerForPhone.exe [2007-01-15 778240]

"ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2007-07-10 851968]

"ACU"=C:\Program Files\Atheros\ACU.exe [2007-05-03 376921]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-09-25 229952]

"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-02-20 741376]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

"SystrayORAHSS"=C:\Program Files\Orange\Systray\SystrayApp.exe [2007-09-25 94208]

"ORAHSSSessionManager"=C:\Program Files\Orange\SessionManager\SessionManager.exe [2007-09-25 102400]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2007-08-31 249896]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-24 282624]

"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]

"ASUSTPE"=C:\WINDOWS\system32\ASUSTPE.exe [2006-10-14 69632]

"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-10 68856]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM97347755]

C:\WINDOWS\system32\idfqfnqs.dll,s []

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

 

C:\Documents and Settings\Ju Vaness\Menu Démarrer\Programmes\Démarrage

CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2007-03-06 110592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]

C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoActiveDesktop"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"

"C:\Program Files\Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS"

"C:\Program Files\Orange\Browser\Browser.exe"="C:\Program Files\Orange\Browser\Browser.exe:*:Enabled:browser"

"C:\Program Files\ASUS\ATK Media\DMedia.exe"="C:\Program Files\ASUS\ATK Media\DMedia.exe:*:Enabled:DMEDIA"

"C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe"="C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe:*:Enabled:AlertModule"

"C:\Program Files\Java\jre1.6.0_05\BIN\jucheck.exe"="C:\Program Files\Java\jre1.6.0_05\BIN\jucheck.exe:*:Enabled:jucheck"

"C:\Program Files\Motorola\SMSERIAL\SM56HLPR.EXE"="C:\Program Files\Motorola\SMSERIAL\SM56HLPR.EXE:*:Enabled:sm56hlpr"

"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe:*:Enabled:sched"

"C:\Program Files\ATKOSD2\ATKOSD2.EXE"="C:\Program Files\ATKOSD2\ATKOSD2.EXE:*:Enabled:ATKOSD2"

"C:\Program Files\PowerForPhone\PowerForPhone.exe"="C:\Program Files\PowerForPhone\PowerForPhone.exe:*:Enabled:PowerForPhone"

"C:\Program Files\ASUS\ASUS Live Update\ALU.EXE"="C:\Program Files\ASUS\ASUS Live Update\ALU.EXE:*:Enabled:ALU"

"C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe:*:Enabled:PDVDServ"

"C:\Program Files\iTunes\iTunesHelper.exe"="C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:iTunesHelper"

"C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe:*:Enabled:WLLoginProxy"

"C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE:*:Enabled:GUARDGUI"

"C:\WINDOWS\ASScrPro.exe"="C:\WINDOWS\ASScrPro.exe:*:Enabled:ASScrPro"

"C:\Program Files\Mozilla Firefox\FIREFOX.EXE"="C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

======List of files/folders created in the last 1 months======

 

2009-07-23 19:18:03 ----D---- C:\rsit

2009-07-22 18:37:21 ----D---- C:\Documents and Settings\Ju Vaness\Application Data\Malwarebytes

2009-07-22 18:37:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-07-22 18:37:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-07-22 18:36:14 ----SHD---- C:\Recycled

2009-07-21 18:45:21 ----D---- C:\WINDOWS\temp

2009-07-21 18:45:20 ----A---- C:\ComboFix.txt

2009-07-20 19:51:34 ----A---- C:\WINDOWS\zip.exe

2009-07-20 19:51:34 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-07-20 19:51:34 ----A---- C:\WINDOWS\SWSC.exe

2009-07-20 19:51:34 ----A---- C:\WINDOWS\SWREG.exe

2009-07-20 19:51:34 ----A---- C:\WINDOWS\sed.exe

2009-07-20 19:51:34 ----A---- C:\WINDOWS\PEV.exe

2009-07-20 19:51:34 ----A---- C:\WINDOWS\NIRCMD.exe

2009-07-20 19:51:34 ----A---- C:\WINDOWS\grep.exe

2009-07-20 19:06:40 ----D---- C:\WINDOWS\ERDNT

2009-06-26 22:54:17 ----AD---- C:\Program Files\Furnish Pro

 

======List of files/folders modified in the last 1 months======

 

2009-07-23 17:55:54 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt

2009-07-23 16:28:56 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-07-23 16:17:50 ----A---- C:\WINDOWS\NeroDigital.ini

2009-07-21 18:42:24 ----A---- C:\WINDOWS\system.ini

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2007-09-07 62016]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 40320]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys []

R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []

R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []

R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976]

R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS []

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-03-06 1972736]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]

R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-07-14 14448]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-14 4225920]

R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]

R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]

R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]

R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]

R3 RTSTOR;USB Mass Stroage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-01-15 34816]

R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]

R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\WINDOWS\System32\Drivers\StkCMini.sys [2007-06-05 1260672]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-04-19 17152]

R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 57024]

S3 catchme;catchme; \??\C:\DOCUME~1\JUVANE~1\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []

S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]

S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]

S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]

S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]

S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]

S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]

S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 26496]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-05-02 607576]

R2 ACS;Service de configuration Atheros; C:\WINDOWS\system32\acs.exe [2007-05-03 364629]

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2007-08-28 63016]

R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2007-09-11 214056]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-03-06 446464]

R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-09-25 65536]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-04-24 73728]

R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-16 116032]

R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]

R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\WINDOWS\System32\StkCSrv.exe [2007-04-18 24576]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-25 451136]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-04 138168]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

 

-----------------EOF-----------------

 

et le fichier info :

info.txt logfile of random's system information tool 1.06 2009-07-23 19:18:10

 

======Uninstall list======

 

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

-->MsiExec.exe /I{977FBE6C-AE9A-4429-B249-814F0B3A4CB1}

-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}

Adobe Shockwave Player-->C:\WINDOWS\system32\ADOBE\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\ADOBE\SHOCKW~1\INSTALL.LOG

Apple Software Update-->MsiExec.exe /I{5B433733-BB31-4B40-BCBA-DDED37626641}

Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

ASUS InstantFun-->MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757}

ASUS Live Update-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9

ASUS Splendid Video Enhancement Technology-->C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe -runfromtemp -l0x040c -removeonly

ASUS Touch Pad Extra-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB891739-2EB3-45A8-9CBD-941C255CECD4}\SETUP.EXE" -l0x9

Asus_Camera_ScreenSaver-->"C:\WINDOWS\ASUS Camera ScreenSaver Uninstaller.exe"

ASUSDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

Atheros Client Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\SETUP.exe -runfromtemp -l0x040c -removeonly

ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x5c00

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}

ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x040c -removeonly

ATK Media-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9

ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly

Avira AntiVir PersonalEdition Classic-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\setup.exe /REMOVE

ccc-Branding-->MsiExec.exe /I{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Correctif pour Windows XP (KB918005)-->"C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe"

Didapages 1.1-->C:\Program Files\Didapages\uninst.exe

eMule-->"C:\Program Files\eMule\Uninstall.exe"

EoDesk3d 2.0-->"C:\Program Files\EoRezo\EoDesk3d\unins000.exe"

eoEngine 9.1-->"C:\Program Files\EoRezo\unins000.exe"

Furnish Pro-->C:\WINDOWS\unvise32.exe C:\Program Files\Furnish Pro\Furnish Pro uninstal.log

Galerie de photos Windows Live-->MsiExec.exe /X{9D442283-88AD-4F49-8568-18CE6EAA15AF}

Glary Utilities 2.11.0.638-->"C:\Program Files\Glary Utilities\unins000.exe"

Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

iTunes-->MsiExec.exe /I{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}

Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

L'Album de Bébé-->MsiExec.exe /I{FF1A5077-C7E9-442A-B57A-37C23606AEE4}

Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

LifeFrame2-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}

LogMeIn-->MsiExec.exe /I{7F831576-6246-42C7-B523-55B3F96509CC}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Office XP Professional-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0050048383C9}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB911164)-->"C:\WINDOWS\$NtUninstallKB911164$\spuninst\spuninst.exe"

Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller

Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

Navigateur Orange-->C:\Program Files\Orange\Uninstall\Browser\Shell.exe MainUninstall.shl

NB Probe-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9

Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Orange - Logiciels Internet-->C:\Program Files\Orange\installation\core\Installgui.exe -u

PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"

Pixie 1.4.1-->D:\Pixie\unins000.exe

Poker Academy Pro 2-->"C:\Program Files\PokerAcademyPro2\désinstaller.exe"

Power4 Gear-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\setup.exe" -l0x9

PowerForPhone-->C:\Program Files\InstallShield Installation Information\{FC3D290D-79BE-44B7-ABF9-FDD110925930}\setup.exe -runfromtemp -l0x0009 -removeonly

QuickTime-->MsiExec.exe /I{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}

REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\SETUP.exe" -l0x40c -removeonly

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x40c -removeonly

Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\SETUP.exe" -l0x9 -removeonly

Room Arranger (remove only)-->"C:\Program Files\Room Arranger\uninstall.exe"

SoftwareUpdate 1.0-->"C:\Documents and Settings\Ju Vaness\Application Data\eoRezo\SoftwareUpdate\unins000.exe"

Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}

Sony Ericsson Drivers-->MsiExec.exe /I{EEFE551E-A6C7-4A2A-8C92-C805523B3B0C}

Sony Ericsson PC Suite-->C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall

Sony Ericsson PC Suite-->MsiExec.exe /I{05675D95-1567-4E00-A818-DB08064EA088}

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

USB2.0 1.3M WebCam-->C:\WINDOWS\StkUnist.exe

VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}

Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

WinFlash-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x040c -removeonly

Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\YAHOO!\Common\YINSTH~1.DLL

Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\YAHOO!\COMMON\unyt.exe

 

======Security center information======

 

AV: Avira AntiVir PersonalEdition (outdated)

 

======System event log======

 

Computer Name: JUVANESS

Event Code: 26

Message: Application popup : CLIStart.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\nopayopa.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.

 

Record Number: 162586

Source Name: Application Popup

Time Written: 20090719181642.000000+120

Event Type: Informations

User:

 

Computer Name: JUVANESS

Event Code: 26

Message: Application popup : ASUSTPE.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\nopayopa.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.

 

Record Number: 162585

Source Name: Application Popup

Time Written: 20090719181642.000000+120

Event Type: Informations

User:

 

Computer Name: JUVANESS

Event Code: 26

Message: Application popup : ctfmon.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\nopayopa.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.

 

Record Number: 162584

Source Name: Application Popup

Time Written: 20090719181641.000000+120

Event Type: Informations

User:

 

Computer Name: JUVANESS

Event Code: 26

Message: Application popup : ASScrProlog.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\gagujani.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.

 

Record Number: 162583

Source Name: Application Popup

Time Written: 20090719181641.000000+120

Event Type: Informations

User:

 

Computer Name: JUVANESS

Event Code: 26

Message: Application popup : Rundll32.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\nopayopa.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.

 

Record Number: 162582

Source Name: Application Popup

Time Written: 20090719181641.000000+120

Event Type: Informations

User:

 

=====Application event log=====

 

Computer Name: JUVANESS

Event Code: 4113

Message: AntiVir has detected 'HEUR/Crypted'

in the file

C:\WINDOWS\system32\byXOefeB.dll

 

Record Number: 23189

Source Name: H+BEDV AntiVir

Time Written: 20090131142657.000000+060

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: JUVANESS

Event Code: 4113

Message: AntiVir has detected 'HEUR/Crypted'

in the file

C:\WINDOWS\system32\byXOefeB.dll

 

Record Number: 23188

Source Name: H+BEDV AntiVir

Time Written: 20090131142647.000000+060

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: JUVANESS

Event Code: 4

Message: The LightScribe Service started successfully.

 

Record Number: 23187

Source Name: LightScribeService

Time Written: 20090131142631.000000+060

Event Type: Informations

User:

 

Computer Name: JUVANESS

Event Code: 4096

Message: The AntiVir service has been started successfully!

 

Record Number: 23186

Source Name: H+BEDV AntiVir

Time Written: 20090131142628.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

Computer Name: JUVANESS

Event Code: 4113

Message: AntiVir has detected 'HEUR/Crypted'

in the file

C:\WINDOWS\system32\byXOefeB.dll

 

Record Number: 23185

Source Name: H+BEDV AntiVir

Time Written: 20090131095629.000000+060

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Teleca Shared;%PIXIEHOME%\bin

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel

"PROCESSOR_REVISION"=0f0d

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip

"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

"PIXIEHOME"=D:\Pixie

"SHADERS"=%PIXIEHOME%\shaders

 

-----------------EOF-----------------

Modifié par mic
mic Member

mic

Posté(e)
  • Auteur
Posté(e)

voila le log de

Logfile of random's system information tool 1.06 (written by random/random)

Run by Ju Vaness at 2009-07-23 19:18:03

Microsoft Windows XP Édition familiale Service Pack 2

System drive C: has 33 GB (36%) free of 92 GB

Total RAM: 2047 MB (62% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 19:18:08, on 23/07/2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\ATK Hotkey\Hcontrol.exe

C:\Program Files\ATKOSD2\ATKOSD2.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\ASUS\ASUS Live Update\ALU.exe

C:\Program Files\Wireless Console 2\wcourier.exe

C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\ASScrPro.exe

C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe

C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe

C:\Program Files\PowerForPhone\PowerForPhone.exe

C:\Program Files\ASUS\Splendid\ACMON.exe

C:\Program Files\Atheros\ACU.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Orange\Systray\SystrayApp.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\ASUSTPE.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\WINDOWS\system32\spoolsv.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE

C:\Program Files\Orange\Launcher\Launcher.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe

C:\WINDOWS\system32\ACEngSvr.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Orange\connectivity\connectivitymanager.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

C:\Program Files\LogMeIn\x86\RaMaint.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\StkCSrv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\ATK Hotkey\ATKOSD.exe

C:\Program Files\ATK Hotkey\KBFiltr.exe

C:\Program Files\ATK Hotkey\WDC.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe

C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe

C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe

C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

C:\Program Files\Orange\browser\browser.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\LogMeIn\x86\LogMeIn.exe

C:\Program Files\LogMeIn\x86\LMIGuardian.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Ju Vaness\Bureau\RSIT(2).exe

C:\Program Files\Trend Micro\HijackThis\Ju Vaness.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"

O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe

O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\WINDOWS\ASScrProlog.exe

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\WINDOWS\ASScrPro.exe

O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1

O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe

O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"

O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [systrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"

O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe

O4 - HKCU\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'LogMeInRemoteUser')

O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [ASUSTPE] C:\WINDOWS\system32\ASUSTPE.exe (User 'LogMeInRemoteUser')

O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [] (User 'LogMeInRemoteUser')

O4 - HKUS\S-1-5-21-3291974836-1474112473-3386457449-1007\..\Run: [startCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (User 'LogMeInRemoteUser')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - S-1-5-21-3291974836-1474112473-3386457449-1007 Startup: CCC.lnk = ? (User 'LogMeInRemoteUser')

O4 - S-1-5-21-3291974836-1474112473-3386457449-1007 User Startup: CCC.lnk = ? (User 'LogMeInRemoteUser')

O4 - S-1-5-18 Startup: CCC.lnk = ? (User 'SYSTEM')

O4 - .DEFAULT Startup: CCC.lnk = ? (User 'Default user')

O4 - .DEFAULT User Startup: CCC.lnk = ? (User 'Default user')

O4 - Startup: CCC.lnk = ?

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com

O15 - Trusted Zone: http://www.orange.fr

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1208022129250

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Service de configuration Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

O23 - Service: Syntek AVStream USB2.0 WebCam Service (StkSSrv) - Syntek America Inc. - C:\WINDOWS\System32\StkCSrv.exe

 

--

End of file - 12162 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GlaryInitialize.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-04-04 2436160]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar avec bloqueur de fenêtres pop-up - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-10-26 440384]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"ATKHOTKEY"=C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-06-29 225280]

"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-07-03 7708672]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-14 16270848]

"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]

"ASUS Live Update"=C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-07-19 49520]

"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]

"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-05-25 786521]

"ASUS Camera ScreenSaver"=C:\WINDOWS\ASScrProlog.exe [2007-10-08 37232]

"ASUS Screen Saver Protector"=C:\WINDOWS\ASScrPro.exe [2007-10-08 33136]

"ABLKSR"=C:\WINDOWS\ABLKSR\ABLKSR.exe [2006-01-02 61440]

"RemoteControl"=C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe [2005-01-12 32768]

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]

"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112]

"PowerForPhone"=C:\Program Files\PowerForPhone\PowerForPhone.exe [2007-01-15 778240]

"ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2007-07-10 851968]

"ACU"=C:\Program Files\Atheros\ACU.exe [2007-05-03 376921]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2006-09-25 229952]

"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-02-20 741376]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [2008-02-22 144784]

"SystrayORAHSS"=C:\Program Files\Orange\Systray\SystrayApp.exe [2007-09-25 94208]

"ORAHSSSessionManager"=C:\Program Files\Orange\SessionManager\SessionManager.exe [2007-09-25 102400]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2007-08-31 249896]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-24 282624]

"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]

"ASUSTPE"=C:\WINDOWS\system32\ASUSTPE.exe [2006-10-14 69632]

"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-04-10 68856]

"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2007-10-18 5724184]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM97347755]

C:\WINDOWS\system32\idfqfnqs.dll,s []

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

 

C:\Documents and Settings\Ju Vaness\Menu Démarrer\Programmes\Démarrage

CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2007-03-06 110592]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]

C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=323

"NoDriveAutoRun"=67108863

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoActiveDesktop"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

"C:\Program Files\Messenger\MSMSGS.EXE"="C:\Program Files\Messenger\MSMSGS.EXE:*:Enabled:Windows Messenger"

"C:\Program Files\Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS"

"C:\Program Files\Orange\Browser\Browser.exe"="C:\Program Files\Orange\Browser\Browser.exe:*:Enabled:browser"

"C:\Program Files\ASUS\ATK Media\DMedia.exe"="C:\Program Files\ASUS\ATK Media\DMedia.exe:*:Enabled:DMEDIA"

"C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe"="C:\Program Files\Fichiers communs\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe:*:Enabled:AlertModule"

"C:\Program Files\Java\jre1.6.0_05\BIN\jucheck.exe"="C:\Program Files\Java\jre1.6.0_05\BIN\jucheck.exe:*:Enabled:jucheck"

"C:\Program Files\Motorola\SMSERIAL\SM56HLPR.EXE"="C:\Program Files\Motorola\SMSERIAL\SM56HLPR.EXE:*:Enabled:sm56hlpr"

"C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe:*:Enabled:sched"

"C:\Program Files\ATKOSD2\ATKOSD2.EXE"="C:\Program Files\ATKOSD2\ATKOSD2.EXE:*:Enabled:ATKOSD2"

"C:\Program Files\PowerForPhone\PowerForPhone.exe"="C:\Program Files\PowerForPhone\PowerForPhone.exe:*:Enabled:PowerForPhone"

"C:\Program Files\ASUS\ASUS Live Update\ALU.EXE"="C:\Program Files\ASUS\ASUS Live Update\ALU.EXE:*:Enabled:ALU"

"C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"="C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe:*:Enabled:PDVDServ"

"C:\Program Files\iTunes\iTunesHelper.exe"="C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:iTunesHelper"

"C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe"="C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe:*:Enabled:WLLoginProxy"

"C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE:*:Enabled:GUARDGUI"

"C:\WINDOWS\ASScrPro.exe"="C:\WINDOWS\ASScrPro.exe:*:Enabled:ASScrPro"

"C:\Program Files\Mozilla Firefox\FIREFOX.EXE"="C:\Program Files\Mozilla Firefox\FIREFOX.EXE:*:Enabled:Firefox"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

 

======List of files/folders created in the last 1 months======

 

2009-07-23 19:18:03 ----D---- C:\rsit

2009-07-22 18:37:21 ----D---- C:\Documents and Settings\Ju Vaness\Application Data\Malwarebytes

2009-07-22 18:37:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-07-22 18:37:14 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-07-22 18:36:14 ----SHD---- C:\Recycled

2009-07-21 18:45:21 ----D---- C:\WINDOWS\temp

2009-07-21 18:45:20 ----A---- C:\ComboFix.txt

2009-07-20 19:51:34 ----A---- C:\WINDOWS\zip.exe

2009-07-20 19:51:34 ----A---- C:\WINDOWS\SWXCACLS.exe

2009-07-20 19:51:34 ----A---- C:\WINDOWS\SWSC.exe

2009-07-20 19:51:34 ----A---- C:\WINDOWS\SWREG.exe

2009-07-20 19:51:34 ----A---- C:\WINDOWS\sed.exe

2009-07-20 19:51:34 ----A---- C:\WINDOWS\PEV.exe

2009-07-20 19:51:34 ----A---- C:\WINDOWS\NIRCMD.exe

2009-07-20 19:51:34 ----A---- C:\WINDOWS\grep.exe

2009-07-20 19:06:40 ----D---- C:\WINDOWS\ERDNT

2009-06-26 22:54:17 ----AD---- C:\Program Files\Furnish Pro

 

======List of files/folders modified in the last 1 months======

 

2009-07-23 17:55:54 ----A---- C:\WINDOWS\ModemLog_Motorola SM56 Speakerphone Modem.txt

2009-07-23 16:28:56 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-07-23 16:17:50 ----A---- C:\WINDOWS\NeroDigital.ini

2009-07-21 18:42:24 ----A---- C:\WINDOWS\system.ini

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2007-09-07 62016]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 40320]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys []

R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []

R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []

R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-05-02 546976]

R3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\PROGRA~1\ATKHOT~1\ASNDIS5.SYS []

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-03-06 1972736]

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 CmBatt;Pilote d'adaptateur secteur Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]

R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-07-14 14448]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-14 4225920]

R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]

R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]

R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]

R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]

R3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []

R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-06-16 83968]

R3 RTSTOR;USB Mass Stroage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2007-01-15 34816]

R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]

R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam; C:\WINDOWS\System32\Drivers\StkCMini.sys [2007-06-05 1260672]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-05-25 193088]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]

R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-04-19 17152]

R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-03-28 57024]

S3 catchme;catchme; \??\C:\DOCUME~1\JUVANE~1\LOCALS~1\Temp\catchme.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]

S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []

S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]

S3 s616bus;Sony Ericsson Device 616 driver (WDM); C:\WINDOWS\system32\DRIVERS\s616bus.sys [2007-04-03 83208]

S3 s616mdfl;Sony Ericsson Device 616 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s616mdfl.sys [2007-04-03 15112]

S3 s616mdm;Sony Ericsson Device 616 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s616mdm.sys [2007-04-03 108680]

S3 s616mgmt;Sony Ericsson Device 616 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s616mgmt.sys [2007-04-03 100360]

S3 s616nd5;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (NDIS); C:\WINDOWS\system32\DRIVERS\s616nd5.sys [2007-04-03 23176]

S3 s616obex;Sony Ericsson Device 616 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s616obex.sys [2007-04-03 98568]

S3 s616unic;Sony Ericsson Device 616 USB Ethernet Emulation SEMC616 (WDM); C:\WINDOWS\system32\DRIVERS\s616unic.sys [2007-04-03 99080]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]

S3 SONYPVU1;Pilote de filtrage Sony USB (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]

S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]

S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2006-03-02 26496]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2004-08-10 18944]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-05-02 607576]

R2 ACS;Service de configuration Atheros; C:\WINDOWS\system32\acs.exe [2007-05-03 364629]

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2007-08-28 63016]

R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2007-09-11 214056]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-03-06 446464]

R2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-09-25 65536]

R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [2006-04-24 73728]

R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2008-10-16 116032]

R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-07-24 63040]

R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]

R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service; C:\WINDOWS\System32\StkCSrv.exe [2007-04-18 24576]

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]

R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2006-09-25 451136]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-04 138168]

S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

 

-----------------EOF-----------------

 

et le fichier info :

info.txt logfile of random's system information tool 1.06 2009-07-23 19:18:10

 

======Uninstall list======

 

-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu

-->MsiExec.exe /I{977FBE6C-AE9A-4429-B249-814F0B3A4CB1}

-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete

Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A80000000002}

Adobe Shockwave Player-->C:\WINDOWS\system32\ADOBE\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\ADOBE\SHOCKW~1\INSTALL.LOG

Apple Software Update-->MsiExec.exe /I{5B433733-BB31-4B40-BCBA-DDED37626641}

Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}

ASUS InstantFun-->MsiExec.exe /I{57B15AD4-8C9D-4164-82BB-E33D8644E757}

ASUS Live Update-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\setup.exe" -l0x9

ASUS Splendid Video Enhancement Technology-->C:\Program Files\InstallShield Installation Information\{C0FC1C14-4824-4A73-87A6-9E888C9C3102}\SETUP.exe -runfromtemp -l0x040c -removeonly

ASUS Touch Pad Extra-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DB891739-2EB3-45A8-9CBD-941C255CECD4}\SETUP.EXE" -l0x9

Asus_Camera_ScreenSaver-->"C:\WINDOWS\ASUS Camera ScreenSaver Uninstaller.exe"

ASUSDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall

Atheros Client Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\SETUP.exe -runfromtemp -l0x040c -removeonly

ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe

ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x5c00

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}

ATK Hotkey-->C:\Program Files\InstallShield Installation Information\{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}\SETUP.exe -runfromtemp -l0x040c -removeonly

ATK Media-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\SETUP.EXE" -l0x9

ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\SETUP.exe -runfromtemp -l0x0009 -removeonly

Avira AntiVir PersonalEdition Classic-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\setup.exe /REMOVE

ccc-Branding-->MsiExec.exe /I{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

Correctif pour Windows XP (KB918005)-->"C:\WINDOWS\$NtUninstallKB918005$\spuninst\spuninst.exe"

Didapages 1.1-->C:\Program Files\Didapages\uninst.exe

eMule-->"C:\Program Files\eMule\Uninstall.exe"

EoDesk3d 2.0-->"C:\Program Files\EoRezo\EoDesk3d\unins000.exe"

eoEngine 9.1-->"C:\Program Files\EoRezo\unins000.exe"

Furnish Pro-->C:\WINDOWS\unvise32.exe C:\Program Files\Furnish Pro\Furnish Pro uninstal.log

Galerie de photos Windows Live-->MsiExec.exe /X{9D442283-88AD-4F49-8568-18CE6EAA15AF}

Glary Utilities 2.11.0.638-->"C:\Program Files\Glary Utilities\unins000.exe"

Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}

Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"

HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall

iTunes-->MsiExec.exe /I{5878FF02-3B8F-4309-B4E5-0D3DB6F2E8E6}

Java 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

L'Album de Bébé-->MsiExec.exe /I{FF1A5077-C7E9-442A-B57A-37C23606AEE4}

Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

LifeFrame2-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}

LogMeIn-->MsiExec.exe /I{7F831576-6246-42C7-B523-55B3F96509CC}

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe

Microsoft Office XP Professional-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0050048383C9}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB911164)-->"C:\WINDOWS\$NtUninstallKB911164$\spuninst\spuninst.exe"

Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller

Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP

Navigateur Orange-->C:\Program Files\Orange\Uninstall\Browser\Shell.exe MainUninstall.shl

NB Probe-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\setup.exe" -l0x9

Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL

Orange - Logiciels Internet-->C:\Program Files\Orange\installation\core\Installgui.exe -u

PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"

Pixie 1.4.1-->D:\Pixie\unins000.exe

Poker Academy Pro 2-->"C:\Program Files\PokerAcademyPro2\désinstaller.exe"

Power4 Gear-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4462AD13-F2AA-4CBD-9F95-293C38EED870}\setup.exe" -l0x9

PowerForPhone-->C:\Program Files\InstallShield Installation Information\{FC3D290D-79BE-44B7-ABF9-FDD110925930}\setup.exe -runfromtemp -l0x0009 -removeonly

QuickTime-->MsiExec.exe /I{55BF0E5F-EA8E-4C13-A8B4-9E4857F5A2DE}

REALTEK GbE & FE Ethernet PCI NIC Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\SETUP.exe" -l0x40c -removeonly

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\SETUP.exe" -l0x40c -removeonly

Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\SETUP.exe" -l0x9 -removeonly

Room Arranger (remove only)-->"C:\Program Files\Room Arranger\uninstall.exe"

SoftwareUpdate 1.0-->"C:\Documents and Settings\Ju Vaness\Application Data\eoRezo\SoftwareUpdate\unins000.exe"

Sony Ericsson Device Data-->MsiExec.exe /I{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}

Sony Ericsson Drivers-->MsiExec.exe /I{EEFE551E-A6C7-4A2A-8C92-C805523B3B0C}

Sony Ericsson PC Suite-->C:\WINDOWS\Installer\{D6BF6477-8369-489F-8DE6-3731F4B88560}\setup.exe /uninstall

Sony Ericsson PC Suite-->MsiExec.exe /I{05675D95-1567-4E00-A818-DB08064EA088}

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

USB2.0 1.3M WebCam-->C:\WINDOWS\StkUnist.exe

VideoLAN VLC media player 0.8.6c-->C:\Program Files\VideoLAN\VLC\uninstall.exe

Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"

Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"

Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}

Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}

Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

WinFlash-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\setup.exe" -l0x9

WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\SETUP.exe -runfromtemp -l0x040c -removeonly

Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\YAHOO!\Common\YINSTH~1.DLL

Yahoo! Toolbar avec bloqueur de fenêtres pop-up-->C:\PROGRA~1\YAHOO!\COMMON\unyt.exe

 

======Security center information======

 

AV: Avira AntiVir PersonalEdition (outdated)

 

======System event log======

 

Computer Name: JUVANESS

Event Code: 26

Message: Application popup : CLIStart.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\nopayopa.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.

 

Record Number: 162586

Source Name: Application Popup

Time Written: 20090719181642.000000+120

Event Type: Informations

User:

 

Computer Name: JUVANESS

Event Code: 26

Message: Application popup : ASUSTPE.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\nopayopa.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.

 

Record Number: 162585

Source Name: Application Popup

Time Written: 20090719181642.000000+120

Event Type: Informations

User:

 

Computer Name: JUVANESS

Event Code: 26

Message: Application popup : ctfmon.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\nopayopa.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.

 

Record Number: 162584

Source Name: Application Popup

Time Written: 20090719181641.000000+120

Event Type: Informations

User:

 

Computer Name: JUVANESS

Event Code: 26

Message: Application popup : ASScrProlog.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\gagujani.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.

 

Record Number: 162583

Source Name: Application Popup

Time Written: 20090719181641.000000+120

Event Type: Informations

User:

 

Computer Name: JUVANESS

Event Code: 26

Message: Application popup : Rundll32.exe - Image incorrecte : L'application ou la DLL C:\WINDOWS\system32\nopayopa.dll n'est pas une image Windows valide. Vérifiez à l'aide de votre disquette d'installation.

 

Record Number: 162582

Source Name: Application Popup

Time Written: 20090719181641.000000+120

Event Type: Informations

User:

 

=====Application event log=====

 

Computer Name: JUVANESS

Event Code: 4113

Message: AntiVir has detected 'HEUR/Crypted'

in the file

C:\WINDOWS\system32\byXOefeB.dll

 

Record Number: 23189

Source Name: H+BEDV AntiVir

Time Written: 20090131142657.000000+060

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: JUVANESS

Event Code: 4113

Message: AntiVir has detected 'HEUR/Crypted'

in the file

C:\WINDOWS\system32\byXOefeB.dll

 

Record Number: 23188

Source Name: H+BEDV AntiVir

Time Written: 20090131142647.000000+060

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

Computer Name: JUVANESS

Event Code: 4

Message: The LightScribe Service started successfully.

 

Record Number: 23187

Source Name: LightScribeService

Time Written: 20090131142631.000000+060

Event Type: Informations

User:

 

Computer Name: JUVANESS

Event Code: 4096

Message: The AntiVir service has been started successfully!

 

Record Number: 23186

Source Name: H+BEDV AntiVir

Time Written: 20090131142628.000000+060

Event Type: Informations

User: AUTORITE NT\SYSTEM

 

Computer Name: JUVANESS

Event Code: 4113

Message: AntiVir has detected 'HEUR/Crypted'

in the file

C:\WINDOWS\system32\byXOefeB.dll

 

Record Number: 23185

Source Name: H+BEDV AntiVir

Time Written: 20090131095629.000000+060

Event Type: Avertissement

User: AUTORITE NT\SYSTEM

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Teleca Shared;%PIXIEHOME%\bin

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel

"PROCESSOR_REVISION"=0f0d

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip

"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

"PIXIEHOME"=D:\Pixie

"SHADERS"=%PIXIEHOME%\shaders

 

-----------------EOF-----------------

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

je viens de parcourir ton rapport: tu as posté deux fois le même :P J'aurais aimé que tu refasses le scan MBAM et que tu postes le rapport. Pourquoi ? tu dis avoir supprimé les fichiers infectés, mais il y a aussi des clés de registre à éliminer :P

Le dernier rapport ne montre pas de nouveau fichier infecté en tout cas.

Est ce toi qui a choisis la page de démarrage lo.st ?

Est ce que tu as encore des fenêtres d'erreur qui s'ouvrent au démarrage du pc ?

mic Member

mic

Posté(e)
  • Auteur
Posté(e)

voici donc le dernier rapport de mam :

 

Malwarebytes' Anti-Malware 1.39

Version de la base de données: 2479

Windows 5.1.2600 Service Pack 2

 

24/07/2009 12:31:56

mbam-log-2009-07-24 (12-31-55).txt

 

Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 163138

Temps écoulé: 1 hour(s), 50 minute(s), 7 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 50

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161353.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161354.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161355.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161356.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161357.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161358.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161359.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161360.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161361.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161362.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161363.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161364.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161365.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161366.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161367.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161368.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161369.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161370.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161371.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161372.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161373.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161374.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161375.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161376.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161377.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161378.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161379.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161380.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161381.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161382.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161383.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161384.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161385.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161386.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161387.exe (Trojan.Vundo) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161388.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161389.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161390.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161391.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161392.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161393.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161394.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161395.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161396.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161397.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161398.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161399.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161400.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161401.exe (Trojan.LowZones) -> Quarantined and deleted successfully.

c:\system volume information\_restore{9a944bb7-d1ab-41c8-a69e-b19c5c49a0d8}\RP299\A0161402.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

 

 

sinon ce n'est pas moi qui ai choisi la page de démarrage de firefox, je viens d'en mettre un e autre et le demarrage se fait tres bien plus du tout de messages d'erreur au demarrage de chaque appli ! le pieds !! lol

Thanos Devil Member !

Thanos

Posté(e)
Posté(e)

salut :P

 

Ok je vois que tu avais bien fait le ménage manuellement comme il faut car MBAM n'a rien trouvé :P

Les fichiers supprimés ici se trouvaient dans la Restauration Système (des points de restauration infectés).

 

- Il faut faire certaines mises à jour car c'est important pour la sécurité du pc >>

 

* La console Java de Sun:

 

-Télécharge JavaRa.zip de Paul McLain et Fred de Vries.

  • Décompresse le fichier sur ton bureau (clic droit > Extraire tout)
  • Double-clique sur le répertoire JavaRa obtenu
  • Puis double-clique sur le fichier JavaRa.exe (le exe peut ne pas s'afficher)
  • Une boite va s'ouvrir te demandant de sélectionner le langage, fais ton choix puis clique sur Selectionner.
  • Clique sur Recherche de mises à jour
  • Sélectionne Metre à jour via jucheck.exe puis clique sur Rechercher
  • Autorise le processus à se connecter s'il te le demande, clique sur Installer et suis les instructions d'installation. Cela prendra quelques minutes.
  • Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Effacer les anciennes versions
  • Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
  • Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
    Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log (c:\JavaRa.log)
  • Ferme l'application

Note: Tu pourras conserver ce petit programme car il permet d'automatiser la mise à jour de la Console Java ainsi que la désinstallation des anciennes versions.

Si JavaRa te dit que tu possèdes la dernière version de Java, télécharge la dernière version depuis leur site >> http://www.java.com/fr/download/

Tu peux utiliser Javara pour nettoyer les anciennes versions (utilise le bouton Remove Older Versions) puis installe la dernière.

 

* Adobe Reader:

 

Désinstalle la version 8 et installe la dernière >> http://get.adobe.com/fr/reader/

********

 

Passe par le Menu Démarrer > Exécuter ( pour cela utilise la combinaison de touches [Touche Windows]+[R]) > et tape ceci > ComboFix /u (il ya un espace entre x et / )

Une fenêtre va s'ouvrir et ComboFix sera désinstallé de ton pc.

 

On purge la restauration système car il y a peut être des points de restauration infectés non détectés par MBAM (ca évitera de réinstaller l'infection au cas où tu es amené à l'utiliser) => aide visuelle

Clique sur Démarrer.

Clique avec le bouton droit sur l'icône Poste de travail, puis cliquez sur Propriétés.

Clique sur l'onglet «Restauration du système».

Sélectionne «Désactiver la Restauration du système» ou «Désactiver la Restauration du système sur tous les lecteurs»

Clique sur "Appliquer".

Comme le dit le message, ceci supprimera tous les points de restauration existants. Pour faire cela, clique sur Oui.

Clique sur OK.Redémarre ton PC. Fais l'opération inverse, et réactive la restauration:un nouveau point sera automatiquement créé.

 

Tu peux conserver MBAM: Il ne protègera pas ton pc car pour bénéficier de sa fonction de protection résidente et ses mises à jour automatiques, il faudra acheter la licence. Ceci dit, il est toujours efficace pour nettoyer ton pc! il suffit juste de le mettre à jour manuellement avant tout scan (en mode sans échec de préférence).

 

Le pare-feu intégré à Windows n'est pas efficace! il est important d'en installer un vrai pour protéger ton pc >>

 

Voila quelques liens pour des pare-feux gratuits

 

Zone Alarm (2 versions )

Lien de téléchargement de la version FREE : http://dl2.zonelabs.com/bin/free/3301_fr/z..._737_000_fr.exe

Lien de téléchargement de la version PRO : http://www.zonelabs.com/store/content/cata...lid=dbtopnav_za

La version pro est payante après une période d'essai.

Tuto de Tesgaz pour la version pro : http://speedweb1.free.fr/frames2.php?page=tuto1

Tuto de Odsen pour la version free : http://benoit.aun.free.fr/securite-facile-php/zonealarm.php

 

Kerio

Lien de téléchargement : http://www.sunbelt-software.com/evaluation/440/kerio.exe

Tuto de Malekal_morte : http://www.malekal.com/kerio_firewall.html

 

Jetico

Lien de téléchargement éditeur : http://www.jetico.com/

Lien de téléchargement sur Zebulon (en fr) : http://telechargement.zebulon.fr/license-1-225.html

Tuto de Odsen : http://benoit.aun.free.fr/securite-facile-php/jetico.php

 

Outpost firewall free

Lien de téléchargement éditeur : http://www.agnitum.com/products/outpostfree/download.php

Tuto de Odsen (lien site) : http://securite-facile.ovh.org/outpost.php

 

La liste n'est pas exhaustive, il en existe d'autres gratuits, et d'autres avec plus de fonctions payants. Télécharge l'exécutable d'installation du pare-feu que tu auras choisi. Lance l'installation de ton pare-feu et suis les instructions supplémentaires s'il y en a. Aide toi des tutos.

 

Je te conseille Zone Alarme ou Kério en version gratuite pour commencer, tu pourras en changer par la suite pour un pare-feu plus élaboré quand tu auras le temps de t'y plonger. Un pare-feu bien configuré, est garant de la sécurité du pc et de ta tranquilité .

 

@ + :P

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...