Grosse galère, je n'arrive pas à supprimer le trojan win32/rbot.ge

[chrifleur]

re

En plus windows defender n'a pas l'air d'être l'antivirus ultime...

ôte moi d'un doute, ce n'est pas ton antivirus?

ce n'est pas un antivirus mais un antispyware!!

si tu n'as pas d'antivirus digne de ce nom, télécharge antivir et scanne ton Pc avec en mode sans échec

http://www.free-av.com/fr/index.html

1) Redémarre ton ordi

2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"

3) Tu verras un écran avec options de démarrage apparaître

4) Choisis la première option : Sans Échec, et valide avec "Entrée"

5) Choisis ton compte habituel, et non Administrateur

 

 

 

poste le rapport obtenu

Télécharge MalwareBytes

 

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

Installe-le, mets le à jour

 

Dans l'onglet Recherche, clique sur Exécuter un examen complet puis sur Rechercher.

 

Sélectionne ton (tes) disques durs.

 

Lancer l'examen, supprimer tout ce qu’il trouve !

 

Clique sur Enregistrer le rapport et choisis ton Bureau

Modifié le 23 novembre 2009 par chrifleur

[kintaro37]

Salut chrifleur,

 

Merci de ne pas lacher l'affaire, c'est vraiment très sympa. Quelle que soit l'issue de ces tentatives de désinfections, je te suis très reconaissant.

 

Voici les 2 logs de RSIT ci-dessous, et merci encore :

 

LOG.TXT

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by A at 2009-11-23 20:41:08

Microsoft® Windows Vista™ Home Premium

System drive C: has 31 GB (22%) free of 140 GB

Total RAM: 2046 MB (74% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:41:17, on 23/11/2009

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16916)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\sttray.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Users\A\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\conime.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\A\Desktop\RSIT.exe

C:\Program Files\trend micro\A.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ie/ig/dell?hl=en&cli...amp;ibd=1080312

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ie/ig/dell?hl=en&cli...amp;ibd=1080312

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing)

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (file missing)

O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (file missing)

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (file missing)

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"

O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Remote File] C:\Users\A\AppData\Local\Temp\rashost.exe

O4 - HKLM\..\Run: [EnableDCOM] N

O4 - HKLM\..\Run: [restrictanonymous]

O4 - HKLM\..\Run: [restrictanonymoussam]

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunServices: [Remote File] C:\Users\A\AppData\Local\Temp\rashost.exe

O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\A\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Remote File] C:\Users\A\AppData\Local\Temp\rashost.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O13 - Gopher Prefix:

O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/s...te/certdgi1.cab

O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...r/wlscctrl2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab

O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll

O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Dell Internal Network Card Power Management (nicconfigsvc) - Dell Inc. - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

 

--

End of file - 8310 bytes

 

======Scheduled tasks folder======

 

C:\Windows\tasks\Driver Robot.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2964503660-626179915-801367091-1000Core.job

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2964503660-626179915-801367091-1000UA.job

C:\Windows\tasks\ParetoLogic Registration.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]

Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll []

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]

CBrowserHelperObject Object - C:\Program Files\Dell\BAE\BAE.dll [2006-11-09 98304]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll []

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-03-12 1006264]

"ECenter"=C:\Dell\E-Center\EULALauncher.exe [2007-05-25 17920]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-20 815104]

"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2007-02-08 303104]

"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]

"dscactivate"=C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [2007-11-15 16384]

"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]

"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]

"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-01-30 13605408]

"NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2009-01-30 92704]

"NVHotkey"=C:\Windows\system32\nvHotkey.dll [2009-01-30 96800]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2009-10-03 39792]

"Remote File"=C:\Users\A\AppData\Local\Temp\rashost.exe [2008-10-29 1167360]

"EnableDCOM"=N []

"restrictanonymous"=1 []

"restrictanonymoussam"=1 []

"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"DellSupportCenter"=C:\Program Files\Dell Support Center\bin\sprtcmd.exe [2009-05-21 206064]

"AlcoholAutomount"=C:\Program Files\Alcohol 120\axcmd.exe [2007-12-22 222080]

"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

"Google Update"=C:\Users\A\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-06 133104]

"Remote File"=C:\Users\A\AppData\Local\Temp\rashost.exe [2008-10-29 1167360]

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

QuickSet.lnk - C:\Windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"FilterAdministratorToken"=1

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]

shell\AutoRun\command - H:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

shell\AutoRun\command - I:\SETUP.EXE

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1f50d0a-0216-11dd-92d3-001c232af8d8}]

shell\AutoRun\command - F:\LaunchU3.exe -a

 

 

======List of files/folders created in the last 1 months======

 

2011-03-07 09:31:52 ----D---- C:\Program Files\PowerISO

2009-11-23 20:41:09 ----D---- C:\Program Files\trend micro

2009-11-23 20:41:08 ----D---- C:\rsit

2009-11-22 19:40:45 ----D---- C:\_OTM

2009-11-22 18:45:51 ----A---- C:\TCleaner.txt

2009-11-22 14:38:56 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-11-22 14:00:13 ----D---- C:\Program Files\a-squared Free

2009-11-22 12:55:51 ----D---- C:\ProgramData\Spybot - Search & Destroy

2009-11-22 12:55:51 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-11-22 11:57:06 ----A---- C:\rollback.ini

2009-11-22 11:52:06 ----D---- C:\Program Files\Windows Live Safety Center

2009-11-22 11:45:10 ----D---- C:\Program Files\Common Files\ParetoLogic

2009-11-22 11:14:12 ----D---- C:\ProgramData\SUPERAntiSpyware.com

2009-11-22 11:13:55 ----D---- C:\Users\A\AppData\Roaming\SUPERAntiSpyware.com

2009-11-22 11:13:55 ----D---- C:\Program Files\SUPERAntiSpyware

2009-11-22 11:06:55 ----D---- C:\Users\A\AppData\Roaming\Malwarebytes

2009-11-22 11:06:51 ----D---- C:\ProgramData\Malwarebytes

2009-11-22 10:59:55 ----A---- C:\Windows\ntbtlog.txt

2009-11-21 13:31:40 ----A---- C:\Windows\system32\XAudio2_5.dll

2009-11-21 13:31:39 ----A---- C:\Windows\system32\xactengine3_5.dll

2009-11-21 13:31:39 ----A---- C:\Windows\system32\D3DCompiler_42.dll

2009-11-21 13:31:37 ----A---- C:\Windows\system32\d3dx11_42.dll

2009-11-21 13:31:37 ----A---- C:\Windows\system32\d3dx10_42.dll

2009-11-21 13:31:37 ----A---- C:\Windows\system32\d3dcsx_42.dll

2009-11-21 13:31:36 ----A---- C:\Windows\system32\D3DX9_42.dll

2009-11-21 13:31:33 ----A---- C:\Windows\system32\XAPOFX1_3.dll

2009-11-21 13:31:30 ----A---- C:\Windows\system32\xactengine3_2.dll

2009-11-21 13:29:27 ----D---- C:\Program Files\Indie Games

2009-11-21 12:23:30 ----D---- C:\Users\A\AppData\Roaming\Stardock

2009-11-21 12:23:03 ----D---- C:\ProgramData\Stardock

2009-11-21 12:23:02 ----D---- C:\Program Files\Impulse

2009-11-21 12:22:49 ----HDC---- C:\ProgramData\{CCF7B54F-09A1-41ED-BA1B-471D81BFFC09}

2009-11-20 23:18:18 ----D---- C:\Program Files\1C Company

2009-11-20 22:25:14 ----A---- C:\Windows\system32\d3dx10_41.dll

2009-11-20 22:25:14 ----A---- C:\Windows\system32\D3DCompiler_41.dll

2009-11-20 22:25:12 ----A---- C:\Windows\system32\D3DX9_41.dll

2009-11-20 22:25:11 ----A---- C:\Windows\system32\XAudio2_4.dll

2009-11-20 22:25:11 ----A---- C:\Windows\system32\xactengine3_4.dll

2009-11-20 22:25:11 ----A---- C:\Windows\system32\X3DAudio1_6.dll

2009-11-20 22:25:10 ----A---- C:\Windows\system32\d3dx10_40.dll

2009-11-20 22:25:10 ----A---- C:\Windows\system32\D3DCompiler_40.dll

2009-11-20 22:25:06 ----A---- C:\Windows\system32\D3DX9_40.dll

2009-11-20 22:24:44 ----A---- C:\Windows\system32\xactengine2_5.dll

2009-11-20 22:24:44 ----A---- C:\Windows\system32\d3dx10.dll

2009-11-20 22:24:43 ----A---- C:\Windows\system32\xactengine2_4.dll

2009-11-20 22:24:43 ----A---- C:\Windows\system32\d3dx9_32.dll

2009-11-20 22:24:42 ----A---- C:\Windows\system32\d3dx9_31.dll

2009-11-20 22:24:41 ----A---- C:\Windows\system32\xinput1_2.dll

2009-11-20 22:24:41 ----A---- C:\Windows\system32\xactengine2_3.dll

2009-11-20 22:24:41 ----A---- C:\Windows\system32\xactengine2_2.dll

2009-11-20 22:24:40 ----A---- C:\Windows\system32\xinput1_1.dll

2009-11-20 22:24:40 ----A---- C:\Windows\system32\xactengine2_1.dll

2009-11-20 22:24:15 ----A---- C:\Windows\system32\xactengine2_0.dll

2009-11-20 22:24:15 ----A---- C:\Windows\system32\x3daudio1_0.dll

2009-11-20 22:24:15 ----A---- C:\Windows\system32\d3dx9_30.dll

2009-11-20 22:24:13 ----A---- C:\Windows\system32\d3dx9_29.dll

2009-11-20 22:24:10 ----A---- C:\Windows\system32\d3dx9_28.dll

2009-11-20 22:24:07 ----A---- C:\Windows\system32\d3dx9_26.dll

2009-11-20 22:24:01 ----A---- C:\Windows\system32\d3dx9_25.dll

2009-11-20 22:23:56 ----A---- C:\Windows\system32\d3dx9_24.dll

2009-11-20 21:49:48 ----A---- C:\Windows\system32\FrogASPI.DLL

2009-11-20 21:49:46 ----A---- C:\Windows\system32\WNASPINT.DLL

2009-11-20 20:32:03 ----D---- C:\Program Files\DAEMON Tools Lite

2009-11-20 20:31:43 ----D---- C:\Users\A\AppData\Roaming\DAEMON Tools Lite

2009-11-20 20:31:41 ----D---- C:\ProgramData\DAEMON Tools Lite

2009-11-20 20:22:02 ----D---- C:\Temp

2009-11-20 20:19:38 ----D---- C:\Program Files\VirtualCloneDrive

2009-11-15 12:17:56 ----D---- C:\Program Files\mfcdlist

2009-11-11 09:46:38 ----A---- C:\Windows\system32\WSDApi.dll

2009-11-05 18:39:17 ----A---- C:\Windows\system32\mshtml.dll

2009-10-30 14:23:43 ----A---- C:\Windows\system32\wups2.dll

2009-10-30 14:23:43 ----A---- C:\Windows\system32\wucltux.dll

2009-10-30 14:23:43 ----A---- C:\Windows\system32\wuaueng.dll

2009-10-30 14:23:43 ----A---- C:\Windows\system32\wuauclt.exe

2009-10-30 14:22:48 ----A---- C:\Windows\system32\wups.dll

2009-10-30 14:22:48 ----A---- C:\Windows\system32\wudriver.dll

2009-10-30 14:22:48 ----A---- C:\Windows\system32\wuapi.dll

2009-10-30 14:22:34 ----A---- C:\Windows\system32\wuwebv.dll

2009-10-30 14:22:34 ----A---- C:\Windows\system32\wuapp.exe

2009-10-29 17:44:58 ----D---- C:\Users\A\AppData\Roaming\runic games

2009-10-29 17:38:56 ----D---- C:\Program Files\Torchlight

 

======List of files/folders modified in the last 1 months======

 

2009-11-23 20:41:11 ----D---- C:\Windows\Temp

2009-11-23 20:41:09 ----RD---- C:\Program Files

2009-11-23 18:48:39 ----AD---- C:\ProgramData\TEMP

2009-11-23 18:34:21 ----D---- C:\Windows\System32

2009-11-23 18:34:21 ----D---- C:\Windows\inf

2009-11-23 18:34:21 ----A---- C:\Windows\system32\PerfStringBackup.INI

2009-11-22 22:40:49 ----HD---- C:\ProgramData

2009-11-22 17:02:02 ----D---- C:\Users\A\AppData\Roaming\uTorrent

2009-11-22 16:23:35 ----D---- C:\Users\A\AppData\Roaming\FileZilla

2009-11-22 16:19:58 ----D---- C:\Program Files\WinRAR

2009-11-22 14:38:57 ----D---- C:\Windows\system32\drivers

2009-11-22 14:37:25 ----D---- C:\Program Files\Mozilla Firefox

2009-11-22 14:30:41 ----SHD---- C:\Config.Msi

2009-11-22 14:00:26 ----D---- C:\Windows\Prefetch

2009-11-22 13:39:04 ----SHD---- C:\Windows\Installer

2009-11-22 13:39:04 ----D---- C:\Program Files\Common Files\Wise Installation Wizard

2009-11-22 13:37:25 ----D---- C:\Windows\Tasks

2009-11-22 13:37:24 ----D---- C:\Windows\system32\catroot

2009-11-22 11:58:07 ----D---- C:\Windows\system32\Tasks

2009-11-22 11:52:06 ----SD---- C:\Windows\Downloaded Program Files

2009-11-22 11:45:10 ----D---- C:\Program Files\Common Files

2009-11-22 10:59:55 ----D---- C:\Windows

2009-11-22 10:58:49 ----D---- C:\Windows\system32\catroot2

2009-11-22 10:43:39 ----D---- C:\Windows\winsxs

2009-11-22 10:39:58 ----SHD---- C:\System Volume Information

2009-11-21 21:51:26 ----AD---- C:\Films

2009-11-21 18:19:16 ----SD---- C:\Users\A\AppData\Roaming\Microsoft

2009-11-21 13:31:09 ----RSD---- C:\Windows\assembly

2009-11-21 12:23:35 ----D---- C:\Windows\Microsoft.NET

2009-11-21 12:22:15 ----D---- C:\Program Files\Steam

2009-11-20 22:42:50 ----D---- C:\Program Files\InfraRecorder

2009-11-20 22:38:57 ----A---- C:\Windows\winamp.ini

2009-11-20 20:49:32 ----D---- C:\eMule

2009-11-17 22:36:37 ----D---- C:\Backup joueur1.com

2009-11-17 21:49:39 ----D---- C:\joueur1.com

2009-11-16 21:51:53 ----D---- C:\Users\A\AppData\Roaming\dvdcss

2009-11-15 15:06:31 ----AD---- C:\Nds romz

2009-11-10 14:54:26 ----D---- C:\ProgramData\Adobe

2009-11-09 20:00:28 ----D---- C:\Program Files\Common Files\Adobe

2009-11-07 23:52:12 ----D---- C:\Images

2009-11-05 17:36:21 ----A---- C:\Windows\system32\mrt.exe

2009-11-02 20:42:06 ----N---- C:\Windows\system32\MpSigStub.exe

2009-10-31 08:56:07 ----D---- C:\Windows\system32\en-US

2009-10-26 21:12:42 ----RAD---- C:\Photos

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2008-11-02 56572]

R2 acedrv10;acedrv10; \??\C:\Windows\system32\drivers\acedrv10.sys [2007-10-28 583128]

R2 acehlp10;acehlp10; \??\C:\Windows\system32\drivers\acehlp10.sys [2007-10-26 250560]

R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-11-11 12672]

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-20 32256]

R2 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2006-11-20 43520]

R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-20 37376]

R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-11 8192]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]

R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-03-12 14208]

R3 guardian2;guardian2; C:\Windows\System32\Drivers\oz776.sys [2007-01-29 61312]

R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-11 986624]

R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-11 206848]

R3 NETw4v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]

R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-01-30 7544832]

R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-03-12 82432]

R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-02-08 647680]

R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-20 179256]

R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-11 659968]

R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-03-12 11264]

S3 aildw9nt;aildw9nt; C:\Windows\system32\drivers\aildw9nt.sys []

S3 ar4dblwa;ar4dblwa; C:\Windows\system32\drivers\ar4dblwa.sys []

S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2007-06-21 49904]

S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]

S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]

S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]

S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]

S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]

S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]

S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-10-30 1786880]

S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 2028032]

S3 s115bus;Sony Ericsson Device 115 driver (WDM); C:\Windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]

S3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-05-22 29696]

S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]

S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]

S3 xnacc;XBOX 360 Controller For Windows Driver Service; C:\Windows\system32\DRIVERS\xnacc.sys [2006-11-02 514560]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-10-01 1858144]

R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]

R2 nicconfigsvc;Dell Internal Network Card Power Management; C:\Program Files\Dell\QuickSet\NicConfigSvc.exe [2007-04-27 386592]

R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-01-30 203296]

R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter); C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2008-08-13 201968]

R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2007-02-08 90112]

R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-11 386560]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]

S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-04-27 322032]

S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe []

 

-----------------EOF-----------------

 

 

 

 

*********

*********

*********

*********

*********

*********

*********

*********

*********

*********

*********

*********

*********

*********

 

 

INFO.TXT

 

info.txt logfile of random's system information tool 1.06 2009-11-23 20:41:18

 

======Uninstall list======

 

-->MsiExec /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}

AC3Filter (remove only)-->C:\Program Files\AC3Filter\uninstall.exe

Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Reader 8.1.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}

Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe

a-squared Free 4.5-->"C:\Program Files\a-squared Free\unins000.exe"

AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"

Broadcom Management Programs-->MsiExec.exe /X{D6771E19-1BB6-43B1-811E-ECC5A4613579}

Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}

Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"

Canon Camera Window DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"

Canon Camera Window MC 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"

Canon G.726 WMP-Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"

CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"

Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"

Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"

Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"

Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"

Canon Utilities EOS Utility-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"

Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -IDellHDAz.inf

Cool Sitemapper-->MsiExec.exe /I{414D4230-7F91-4F72-A06A-0F92EE15402F}

Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}

Dell Support Center (Support Software)-->MsiExec.exe /X{E3BFEE55-39E2-4BE0-B966-89FE583822C1}

Diablo II-->C:\Windows\DIIUnin.exe C:\Windows\DIIUnin.dat

Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly

Dropbox-->"C:\Program Files\Dropbox\Uninstall.exe"

EasyPHP 2.0b1-->"C:\Program Files\EasyPHP 2.0b1\unins000.exe"

eMule-->"C:\Program Files\eMule\Uninstall.exe"

ExplorerView 1.0.3-->C:\Program Files\ExplorerView\uninst.exe

FastStone Image Viewer 3.5-->C:\Program Files\FastStone Image Viewer\uninst.exe

FastStone Photo Resizer 2.5-->C:\Program Files\FastStone Photo Resizer\uninst.exe

ffdshow [rev 2583] [2009-01-05]-->"C:\Program Files\K-Lite Codec Pack\ffdshow\unins000.exe"

FileZilla Client 3.1.2-->C:\Program Files\FileZilla FTP Client\uninstall.exe

Flickr Uploadr 3.0.5-->"C:\Program Files\Flickr Uploadr\uninstall.exe"

foobar2000 v0.9.5.5-->"C:\Program Files\foobar2000\uninstall.exe"

FreeMind-->"C:\Program Files\FreeMind\unins000.exe"

Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall

Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}

Haali Media Splitter-->"C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Impulse-->"C:\ProgramData\{CCF7B54F-09A1-41ED-BA1B-471D81BFFC09}\Impulse_setup.exe" REMOVE=TRUE MODIFY=FALSE

Impulse-->C:\ProgramData\{CCF7B54F-09A1-41ED-BA1B-471D81BFFC09}\Impulse_setup.exe

InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe

IZArc 3.81-->"C:\Program Files\IZArc\unins000.exe"

Java 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}

Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}

Java SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}

King's Bounty - Armored Princess-->"C:\Program Files\Indie Games\King's Bounty - Armored Princess\UninstHelper.exe" /autouninstall kbap

K-Lite Mega Codec Pack 3.8.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Media Player Classic-->C:\Program Files\Media Player Classic\uninstall.exe

MediaDirect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}\Setup.exe" -l0x9 -cluninstall

Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}

Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}

Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}

Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}

Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}

Mount&Blade-->C:\Program Files\Mount&Blade\uninstall.exe

Mozilla Firefox (3.0.15)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}

NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly

Notepad++-->C:\Program Files\Notepad++\uninstall.exe

NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI

NVIDIA PhysX-->MsiExec.exe /X{8AAB4176-A747-493A-A42C-B63CFADFD8E3}

OutlookAddinSetup-->MsiExec.exe /I{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}

Photo Story 3 for Windows-->MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}

PlugY, The Survival Kit-->"C:\Program Files\Diablo II\Mod PlugY\PlugY Uninstaller.exe"

PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"

ProtectDisc Helper Driver 10-->C:\Program Files\ProtectDisc Driver Installer\uninstall_v10.exe

QuickSet-->MsiExec.exe /I{7F0C4457-8E64-491B-8D7B-991504365D1E}

QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}

SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly

Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}

Sothink Movie DVD Maker-->"C:\Program Files\Movie DVD Maker\unins000.exe"

Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"

Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}

STREET FIGHTER IV-->MsiExec.exe /X{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe

Torchlight-->C:\Program Files\Torchlight\uninstall.exe

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"

VLC media player 0.9.9-->C:\Program Files\VLC\uninstall.exe

Winamp-->"C:\Program Files\Winamp5\UninstWA.exe"

Windows Live OneCare safety scanner-->%ProgramFiles%\Windows Live Safety Center\wlschost.exe -Uninstall

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

World of Goo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/22000

 

======Security center information======

 

FW: McAfee Personal Firewall

AS: Windows Defender

 

======System event log======

 

Computer Name: A-PC

Event Code: 1002

Message: The IP address lease 192.168.1.2 for the Network Card with network address 001CBFD50BE1 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

Record Number: 125501

Source Name: Microsoft-Windows-Dhcp-Client

Time Written: 20091123183116.000000-000

Event Type: Error

User:

 

Computer Name: A-PC

Event Code: 3004

Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.

For more information please see the following:

http://go.microsoft.com/fwlink/?linkid=370...;threatid=71945

Scan ID: {083D9804-7D84-48FA-B87B-EADFE037B2C7}

User: A-PC\A

Name: Backdoor:Win32/Rbot.gen

ID: 71945

Severity ID: 5

Category ID: 6

Path Found: process:pid:3704

Alert Type: Spyware or other potentially unwanted software

Detection Type: Heuristics

Record Number: 125511

Source Name: Microsoft-Windows-Windows Defender

Time Written: 20091123183129.000000-000

Event Type: Warning

User:

 

Computer Name: A-PC

Event Code: 4

Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Record Number: 125521

Source Name: Microsoft-Windows-SpoolerWin32SPL

Time Written: 20091123190950.000000-000

Event Type: Warning

User:

 

Computer Name: A-PC

Event Code: 4

Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Record Number: 125522

Source Name: Microsoft-Windows-SpoolerWin32SPL

Time Written: 20091123191300.000000-000

Event Type: Warning

User:

 

Computer Name: A-PC

Event Code: 4

Message: The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-18\Printers\Connections. The print spooler could not open the registry key. This can occur if the registry key is corrupt or missing, or if the registry recently became unavailable.

Record Number: 125523

Source Name: Microsoft-Windows-SpoolerWin32SPL

Time Written: 20091123191300.000000-000

Event Type: Warning

User:

 

=====Application event log=====

 

Computer Name: A-PC

Event Code: 10010

Message: Application 'C:\Program Files\Internet Explorer\iexplore.exe' (pid 2880) cannot be restarted - Application SID does not match Conductor SID..

Record Number: 22507

Source Name: Microsoft-Windows-RestartManager

Time Written: 20091122133743.210627-000

Event Type: Warning

User: A-PC\A

 

Computer Name: A-PC

Event Code: 10010

Message: Application 'C:\Windows\System32\msiexec.exe' (pid 664) cannot be restarted - Application SID does not match Conductor SID..

Record Number: 22508

Source Name: Microsoft-Windows-RestartManager

Time Written: 20091122133743.210627-000

Event Type: Warning

User: A-PC\A

 

Computer Name: A-PC

Event Code: 1002

Message: The program ToolsCleaner2.exe version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: ed8 Start Time: 01ca6b9e0bb0cc38 Termination Time: 3

Record Number: 22592

Source Name: Application Hang

Time Written: 20091122180404.000000-000

Event Type: Error

User:

 

Computer Name: A-PC

Event Code: 1002

Message: The program OTM.exe version 3.1.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: f4c Start Time: 01ca6bb5f519fb7e Termination Time: 16

Record Number: 22622

Source Name: Application Hang

Time Written: 20091122205901.000000-000

Event Type: Error

User:

 

Computer Name: A-PC

Event Code: 20

Message:

Record Number: 22666

Source Name: Google Update

Time Written: 20091123182940.000000-000

Event Type: Error

User: A-PC\A

 

=====Security event log=====

 

Computer Name: A-PC

Event Code: 4648

Message: A logon was attempted using explicit credentials.

 

Subject:

Security ID: S-1-5-21-2964503660-626179915-801367091-1000

Account Name: A

Account Domain: A-PC

Logon ID: 0x21949

Logon GUID: {00000000-0000-0000-0000-000000000000}

 

Account Whose Credentials Were Used:

Account Name: sdcentral

Account Domain:

Logon GUID: {00000000-0000-0000-0000-000000000000}

 

Target Server:

Target Server Name: ash03.mi.stardock.com

Additional Information: ash03.mi.stardock.com

 

Process Information:

Process ID: 0x698

Process Name: C:\Program Files\Impulse\Impulse.exe

 

Network Information:

Network Address: -

Port: -

 

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

Record Number: 32908

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091123184755.376534-000

Event Type: Audit Success

User:

 

Computer Name: A-PC

Event Code: 4648

Message: A logon was attempted using explicit credentials.

 

Subject:

Security ID: S-1-5-21-2964503660-626179915-801367091-1000

Account Name: A

Account Domain: A-PC

Logon ID: 0x21949

Logon GUID: {00000000-0000-0000-0000-000000000000}

 

Account Whose Credentials Were Used:

Account Name: sdcentral

Account Domain:

Logon GUID: {00000000-0000-0000-0000-000000000000}

 

Target Server:

Target Server Name: ash03.mi.stardock.com

Additional Information: ash03.mi.stardock.com

 

Process Information:

Process ID: 0x698

Process Name: C:\Program Files\Impulse\Impulse.exe

 

Network Information:

Network Address: -

Port: -

 

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

Record Number: 32909

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091123184759.479334-000

Event Type: Audit Success

User:

 

Computer Name: A-PC

Event Code: 4648

Message: A logon was attempted using explicit credentials.

 

Subject:

Security ID: S-1-5-18

Account Name: A-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

 

Account Whose Credentials Were Used:

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon GUID: {00000000-0000-0000-0000-000000000000}

 

Target Server:

Target Server Name: localhost

Additional Information: localhost

 

Process Information:

Process ID: 0x274

Process Name: C:\Windows\System32\services.exe

 

Network Information:

Network Address: -

Port: -

 

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.

Record Number: 32910

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091123191301.477934-000

Event Type: Audit Success

User:

 

Computer Name: A-PC

Event Code: 4624

Message: An account was successfully logged on.

 

Subject:

Security ID: S-1-5-18

Account Name: A-PC$

Account Domain: WORKGROUP

Logon ID: 0x3e7

 

Logon Type: 5

 

New Logon:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

Logon GUID: {00000000-0000-0000-0000-000000000000}

 

Process Information:

Process ID: 0x274

Process Name: C:\Windows\System32\services.exe

 

Network Information:

Workstation Name:

Source Network Address: -

Source Port: -

 

Detailed Authentication Information:

Logon Process: Advapi

Authentication Package: Negotiate

Transited Services: -

Package Name (NTLM only): -

Key Length: 0

 

This event is generated when a logon session is created. It is generated on the computer that was accessed.

 

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

 

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

 

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

 

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

 

The authentication information fields provide detailed information about this specific logon request.

- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.

- Transited services indicate which intermediate services have participated in this logon request.

- Package name indicates which sub-protocol was used among the NTLM protocols.

- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

Record Number: 32911

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091123191301.477934-000

Event Type: Audit Success

User:

 

Computer Name: A-PC

Event Code: 4672

Message: Special privileges assigned to new logon.

 

Subject:

Security ID: S-1-5-18

Account Name: SYSTEM

Account Domain: NT AUTHORITY

Logon ID: 0x3e7

 

Privileges: SeAssignPrimaryTokenPrivilege

SeTcbPrivilege

SeSecurityPrivilege

SeTakeOwnershipPrivilege

SeLoadDriverPrivilege

SeBackupPrivilege

SeRestorePrivilege

SeDebugPrivilege

SeAuditPrivilege

SeSystemEnvironmentPrivilege

SeImpersonatePrivilege

Record Number: 32912

Source Name: Microsoft-Windows-Security-Auditing

Time Written: 20091123191301.477934-000

Event Type: Audit Success

User:

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\IsoBuster

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC

"PROCESSOR_ARCHITECTURE"=x86

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"USERNAME"=SYSTEM

"windir"=%SystemRoot%

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel

"PROCESSOR_REVISION"=0f06

"NUMBER_OF_PROCESSORS"=2

"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip

"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

 

-----------------EOF-----------------

 

 

 

 

il est possible que windows defender te donne un faux positif

on va chercher plus loin

• Télécharge Random's System Information Tool (RSIT) de Random / Random et sauvegarde-le sur ton Bureau,
  

http://images.malwareremoval.com/random/RSIT.exe

 

• Double-clique sur RSIT.exe pour lancer le programme,
  
• Clique sur continuer sur l'écran Disclaimer,
  
• Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  

[kintaro37]

Désolé pour ma méprise sur windows defender.

Je n'ai pas d'antivirus. J'ai eu Mc Afee lors de mon achat de mon pc mais je n'ai pas renouvelé la license. Ca faisait au moins un an, aucun problème car je fais attention en général.

Et puis en installant un crack (je sais, c'est risqué, j'en ai vu les conséquences) depuis à chaque reboot windows defender me donne cette alerte "sévère" backdoor:win32/rbot.gen

 

Je vais installer antivir et je posterai le rapport.

En revanche, j'a idéjà fait 2 fois le scan de mon disque avec malwarebytes, il n'a jamais rien trouvé. a moins que tu me dises que c'est vraiment important de le refaire une troisème fois, je peut peut-être sauter cette étape.

 

Merci encore, je poste le log de antivir après reboot + scan mode sans echec.

 

re

 

ôte moi d'un doute, ce n'est pas ton antivirus?

ce n'est pas un antivirus mais un antispyware!!

si tu n'as pas d'antivirus digne de ce nom, télécharge antivir et scanne ton Pc avec en mode sans échec

http://www.free-av.com/fr/index.html

1) Redémarre ton ordi

2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"

3) Tu verras un écran avec options de démarrage apparaître

4) Choisis la première option : Sans Échec, et valide avec "Entrée"

5) Choisis ton compte habituel, et non Administrateur

 

 

 

poste le rapport obtenu

Télécharge MalwareBytes

 

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

Installe-le, mets le à jour

 

Dans l'onglet Recherche, clique sur Exécuter un examen complet puis sur Rechercher.

 

Sélectionne ton (tes) disques durs.

 

Lancer l'examen, supprimer tout ce qu’il trouve !

 

Clique sur Enregistrer le rapport et choisis ton Bureau

[kintaro37]

Re-

 

Résultats du scan : aucun problème, et donc ça renforce mon impression que windows defender détecte un problème fantôme...

ci-dessous le log:

 

 

 

Avira AntiVir Personal

Report file date: 23 November 2009 21:02

 

Scanning for 1389289 virus strains and unwanted programs.

 

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows Vista

Windows version : (plain) [6.0.6000]

Boot mode : Save mode

Username : A

Computer name : A-PC

 

Version information:

BUILD.DAT : 9.0.0.407 17961 Bytes 29/07/2009 10:34:00

AVSCAN.EXE : 9.0.3.7 466689 Bytes 21/07/2009 14:36:14

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 11:58:24

LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 12:35:49

LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 11:58:52

VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 20:58:16

VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 20:58:19

VBASE002.VDF : 7.10.1.1 2048 Bytes 19/11/2009 20:58:19

VBASE003.VDF : 7.10.1.2 2048 Bytes 19/11/2009 20:58:19

VBASE004.VDF : 7.10.1.3 2048 Bytes 19/11/2009 20:58:19

VBASE005.VDF : 7.10.1.4 2048 Bytes 19/11/2009 20:58:19

VBASE006.VDF : 7.10.1.5 2048 Bytes 19/11/2009 20:58:19

VBASE007.VDF : 7.10.1.6 2048 Bytes 19/11/2009 20:58:19

VBASE008.VDF : 7.10.1.7 2048 Bytes 19/11/2009 20:58:19

VBASE009.VDF : 7.10.1.8 2048 Bytes 19/11/2009 20:58:19

VBASE010.VDF : 7.10.1.9 2048 Bytes 19/11/2009 20:58:19

VBASE011.VDF : 7.10.1.10 2048 Bytes 19/11/2009 20:58:19

VBASE012.VDF : 7.10.1.11 2048 Bytes 19/11/2009 20:58:19

VBASE013.VDF : 7.10.1.12 2048 Bytes 19/11/2009 20:58:19

VBASE014.VDF : 7.10.1.13 2048 Bytes 19/11/2009 20:58:19

VBASE015.VDF : 7.10.1.14 2048 Bytes 19/11/2009 20:58:19

VBASE016.VDF : 7.10.1.15 2048 Bytes 19/11/2009 20:58:20

VBASE017.VDF : 7.10.1.16 2048 Bytes 19/11/2009 20:58:20

VBASE018.VDF : 7.10.1.17 2048 Bytes 19/11/2009 20:58:20

VBASE019.VDF : 7.10.1.18 2048 Bytes 19/11/2009 20:58:20

VBASE020.VDF : 7.10.1.19 2048 Bytes 19/11/2009 20:58:20

VBASE021.VDF : 7.10.1.20 2048 Bytes 19/11/2009 20:58:20

VBASE022.VDF : 7.10.1.21 2048 Bytes 19/11/2009 20:58:20

VBASE023.VDF : 7.10.1.22 2048 Bytes 19/11/2009 20:58:20

VBASE024.VDF : 7.10.1.23 2048 Bytes 19/11/2009 20:58:20

VBASE025.VDF : 7.10.1.24 2048 Bytes 19/11/2009 20:58:20

VBASE026.VDF : 7.10.1.25 2048 Bytes 19/11/2009 20:58:20

VBASE027.VDF : 7.10.1.26 2048 Bytes 19/11/2009 20:58:20

VBASE028.VDF : 7.10.1.27 2048 Bytes 19/11/2009 20:58:20

VBASE029.VDF : 7.10.1.28 2048 Bytes 19/11/2009 20:58:20

VBASE030.VDF : 7.10.1.29 2048 Bytes 19/11/2009 20:58:20

VBASE031.VDF : 7.10.1.59 157184 Bytes 23/11/2009 20:58:20

Engineversion : 8.2.1.72

AEVDF.DLL : 8.1.1.2 106867 Bytes 23/11/2009 20:58:26

AESCRIPT.DLL : 8.1.2.45 586108 Bytes 23/11/2009 20:58:26

AESCN.DLL : 8.1.2.5 127346 Bytes 23/11/2009 20:58:25

AESBX.DLL : 8.1.1.1 246132 Bytes 23/11/2009 20:58:25

AERDL.DLL : 8.1.3.2 479604 Bytes 23/11/2009 20:58:25

AEPACK.DLL : 8.2.0.3 422261 Bytes 23/11/2009 20:58:24

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23/07/2009 10:59:39

AEHEUR.DLL : 8.1.0.180 2093432 Bytes 23/11/2009 20:58:23

AEHELP.DLL : 8.1.7.4 237943 Bytes 23/11/2009 20:58:21

AEGEN.DLL : 8.1.1.75 364918 Bytes 23/11/2009 20:58:21

AEEMU.DLL : 8.1.1.0 393587 Bytes 23/11/2009 20:58:21

AECORE.DLL : 8.1.8.2 184694 Bytes 23/11/2009 20:58:21

AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 15:32:40

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 09:47:59

AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 11:32:15

AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 15:34:28

AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 11:32:09

AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 16:05:41

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 11:37:08

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 16:03:49

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 09:21:33

NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 11:32:10

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 16:39:58

RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 11:19:48

 

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

 

Start of the scan: 23 November 2009 21:02

 

Starting search for hidden objects.

The driver could not be initialized.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsm.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'wininit.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

17 processes with 17 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan executable files (registry).

The registry was scanned ( '47' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <OS>

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

Begin scan in 'D:\' <RECOVERY>

 

 

End of the scan: 23 November 2009 21:54

Used time: 51:53 Minute(s)

 

The scan has been done completely.

 

21893 Scanned directories

401983 Files were scanned

0 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

0 Files were moved to quarantine

0 Files were renamed

1 Files cannot be scanned

401982 Files not concerned

2126 Archives were scanned

1 Warnings

1 Notes

 

 

 

 

re

 

ôte moi d'un doute, ce n'est pas ton antivirus?

ce n'est pas un antivirus mais un antispyware!!

si tu n'as pas d'antivirus digne de ce nom, télécharge antivir et scanne ton Pc avec en mode sans échec

http://www.free-av.com/fr/index.html

1) Redémarre ton ordi

2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"

3) Tu verras un écran avec options de démarrage apparaître

4) Choisis la première option : Sans Échec, et valide avec "Entrée"

5) Choisis ton compte habituel, et non Administrateur

 

 

 

poste le rapport obtenu

Télécharge MalwareBytes

 

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

 

Installe-le, mets le à jour

 

Dans l'onglet Recherche, clique sur Exécuter un examen complet puis sur Rechercher.

 

Sélectionne ton (tes) disques durs.

 

Lancer l'examen, supprimer tout ce qu’il trouve !

 

Clique sur Enregistrer le rapport et choisis ton Bureau

[chrifleur]

• Télécharge UsbFix par Chiquitine29

 

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe

 

 

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir

 

• Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisis "exécuter en tant qu'administrateur" .

 

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

 

• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

 

• Laisse travailler l outil.

 

• Ensuite poste le rapport UsbFix.txt qui apparaitra.

 

• Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\UsbFix.txt )

 

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

 

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.

Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

 

 

• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

[kintaro37]

Salut chrifleur,

 

Lasse par ces alertes repetitives de windows defender alors qu'aucun autre outil ne trouve ce qu'il trouve, je me suis resolu a laisser tomber et desactiver windows defender. J'ai installe antivir qui devrait constituer une bonne base de protection.

 

Je te tiens a te remercier sincerement pour toute ton aide, ca m' a vraiment ete tres utile.

 

Bonne continuation !

 

• Télécharge UsbFix par Chiquitine29

 

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe

 

 

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d'avoir été infectées sans les ouvrir

 

• Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisis "exécuter en tant qu'administrateur" .

 

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

 

• Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

 

• Laisse travailler l outil.

 

• Ensuite poste le rapport UsbFix.txt qui apparaitra.

 

• Note : Le rapport UsbFix.txt est sauvegardé à la racine du disque. ( C:\UsbFix.txt )

 

( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

 

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.

Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.

Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

 

 

• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html