SOS ! TR/PSW.Kates.cu.1 : je suis perdue !

[celinette]

Je me tourne vers vous car mon ordinateur a attrapé le TR/PSW.Kates.cu.1.

 

J'ai suivis tout les messages concernant l'élimination de trojan.

 

J'ai donc utiliser les logiciels suivants : Usbfix - RSIT - Malwarebytes' Anti-Malware - Spybot - CleanX II - ToolsCleaner en suivant à la lettre des méthodes, notement en mode sans echec pour certains.

 

 

C'est sans résultat.

 

A chaque démarage mon antivirus me dit : C:\Documents and Settings\vigny\Local Settings\Temp\omsni.tmp

[RESULTAT] Contient le cheval de Troie TR/PSW.Kates.cu.1. (avira antivir personnel)

 

Je suis vraiment désespérée

 

Je pense qu'il faut un sacré savoir pour se sortir d'un ennuis comme celui là !

 

Merci si quelqu'un pouvait me venir en aide !?

 

Céline

[pear]

Bonsoir,

 

Vous pouvez poster les rapports Mbam et Rsit, svp?

[celinette]

Bonsoir,

 

Vous pouvez poster les rapports Mbam et Rsit, svp?

 

 

merci de vous intérésser à mon cas !

 

voici mbam que je viens de faire :

 

Malwarebytes' Anti-Malware 1.42

Version de la base de données: 3328

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

09/12/2009 20:10:55

mbam-log-2009-12-09 (20-10-55).txt

 

Type de recherche: Examen complet (C:\|)

Eléments examinés: 199624

Temps écoulé: 1 hour(s), 2 minute(s), 10 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 0

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 0

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

 

Fichier(s) infecté(s):

(Aucun élément nuisible détecté)

 

 

C'est toujours cette réponse ...

 

je fais Rsit et je le poste aussi le plus vite possible

 

encore merci

[celinette]

ET voici RSIT

 

Bon courage pour décripter ce qui pour moi est du chinois

et merci !!!

 

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by vigny at 2009-12-09 20:14:42

Microsoft Windows XP Édition familiale Service Pack 3

System drive C: has 118 GB (75%) free of 157 GB

Total RAM: 1023 MB (58% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:14:46, on 09/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\IncrediMail\bin\IMApp.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\AskBarDis\bar\bin\AskService.exe

C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\IncrediMail\bin\ImNotfy.exe

C:\WINDOWS\System32\svchost.exe

c:\program files\avira\antivir desktop\avcenter.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\vigny\Bureau\RSIT.exe

C:\Program Files\trend micro\vigny.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\vigny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [tcactive] C:\Program Files\The Cleaner\tcap.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: DipisoftUpdate.lnk = C:\Program Files\Dipisoft\DUpdate.exe

O4 - Global Startup: Serveur de connexion PsiWin 2.3.lnk = C:\Program Files\Psion\PsiWin\Psconsv.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O20 - AppInit_DLLs: winmm.dll

O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

 

--

End of file - 7295 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1275210071-1177238915-1004Core.job

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1275210071-1177238915-1004UA.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{73889A2A-B71D-4927-87C0-D427FFAF9D7E}.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]

Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]

Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]

VMN Toolbar - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-09-24 1966080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]

Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-05 263280]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-05 764912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{A057A204-BACC-4D26-8287-79A187E26987} - VMN Toolbar - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-09-24 1966080]

{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192]

{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-12-05 263280]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

"Google Update"=C:\Documents and Settings\vigny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-09 133104]

"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2009-09-07 251336]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-12-05 39408]

"tcactive"=C:\Program Files\The Cleaner\tcap.exe [2009-11-22 2800640]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

DipisoftUpdate.lnk - C:\Program Files\Dipisoft\DUpdate.exe

Serveur de connexion PsiWin 2.3.lnk - C:\Program Files\Psion\PsiWin\Psconsv.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="winmm.dll"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 240128]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoDriveAutoRun"=145

"HonorAutoRunSetting"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

"NoDriveAutoRun"=

"NoDriveTypeAutoRun"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

"C:\Program Files\World of Warcraft\Launcher.exe"="C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"

"C:\Program Files\Curse\CurseClient.exe"="C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client"

"C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"="C:\Program Files\World of Warcraft\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe:*:Enabled:Blizzard Downloader"

"C:\Program Files\Avira\AntiVir Desktop\update.exe"="C:\Program Files\Avira\AntiVir Desktop\update.exe:*:Enabled:update"

"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"

"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"

"C:\Program Files\Magentic\bin\MgImp.exe"="C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic"

"C:\Program Files\Magentic\bin\Magentic.exe"="C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic"

"C:\Program Files\Magentic\bin\MgApp.exe"="C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic"

"C:\Documents and Settings\vigny\Local Settings\Temp\ImInstaller\3d_magic_installer.exe"="C:\Documents and Settings\vigny\Local Settings\Temp\ImInstaller\3d_magic_installer.exe:*:Enabled:IncrediMail Installer"

"C:\Program Files\Codemasters\Le Seigneur des anneaux Online\lotroclient.exe"="C:\Program Files\Codemasters\Le Seigneur des anneaux Online\lotroclient.exe:*:Enabled:lotroclient"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

 

======List of files/folders created in the last 1 months======

 

2009-12-09 18:01:32 ----A---- C:\RootRepeal report 12-09-09 (18-01-32).txt

2009-12-09 17:41:37 ----D---- C:\Program Files\7-Zip

2009-12-09 16:23:09 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$

2009-12-09 16:23:05 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$

2009-12-09 16:22:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$

2009-12-09 16:22:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$

2009-12-09 16:22:19 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$

2009-12-09 16:22:16 ----A---- C:\WINDOWS\imsins.BAK

2009-12-09 16:22:12 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$

2009-12-09 11:25:49 ----D---- C:\Documents and Settings\vigny\Application Data\thecleaner

2009-12-09 11:25:33 ----D---- C:\Program Files\The Cleaner

2009-12-09 11:13:23 ----RASHD---- C:\autorun.inf

2009-12-09 11:07:45 ----A---- C:\UsbFix.txt

2009-12-09 11:03:17 ----D---- C:\Program Files\trend micro

2009-12-09 11:03:16 ----D---- C:\rsit

2009-12-09 10:55:34 ----A---- C:\TB.txt

2009-12-09 10:55:12 ----D---- C:\ToolBar SD

2009-12-08 22:15:42 ----A---- C:\TCleaner.txt

2009-12-08 21:18:53 ----D---- C:\UsbFix

2009-12-08 20:26:16 ----D---- C:\Documents and Settings\vigny\Application Data\Malwarebytes

2009-12-08 20:26:08 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-12-08 20:26:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-12-08 19:22:05 ----D---- C:\WINDOWS\system32\XPSViewer

2009-12-08 19:22:00 ----D---- C:\Program Files\MSBuild

2009-12-08 19:21:58 ----D---- C:\WINDOWS\system32\en-US

2009-12-08 19:21:50 ----D---- C:\Program Files\Reference Assemblies

2009-12-08 19:21:27 ----N---- C:\WINDOWS\system32\prntvpt.dll

2009-12-08 19:21:26 ----N---- C:\WINDOWS\system32\xpssvcs.dll

2009-12-08 19:21:26 ----N---- C:\WINDOWS\system32\xpsshhdr.dll

2009-12-08 19:21:26 ----D---- C:\8ec05fd40366d8d72fa7ee3cc97b2f

2009-12-08 19:19:39 ----SHD---- C:\Config.Msi

2009-12-08 12:37:22 ----D---- C:\Documents and Settings\vigny\Application Data\Turbine

2009-12-08 12:26:21 ----D---- C:\WINDOWS\SxsCaPendDel

2009-12-08 12:20:28 ----RSD---- C:\WINDOWS\assembly

2009-12-08 12:20:28 ----D---- C:\WINDOWS\Microsoft.NET

2009-12-08 12:20:26 ----D---- C:\WINDOWS\system32\URTTemp

2009-12-08 11:42:52 ----D---- C:\Program Files\Codemasters

2009-12-06 17:49:40 ----D---- C:\Program Files\Tracker Software

2009-12-05 19:50:24 ----A---- C:\WINDOWS\system32\javaws.exe

2009-12-05 19:50:24 ----A---- C:\WINDOWS\system32\javaw.exe

2009-12-05 19:50:24 ----A---- C:\WINDOWS\system32\java.exe

2009-12-05 15:48:15 ----D---- C:\Documents and Settings\vigny\Application Data\Google

2009-11-30 16:49:42 ----D---- C:\Program Files\JRE

2009-11-27 18:49:15 ----D---- C:\Documents and Settings\vigny\Application Data\Yahoo!

2009-11-27 18:49:13 ----D---- C:\Program Files\Yahoo!

2009-11-27 18:49:10 ----D---- C:\Program Files\CCleaner

2009-11-27 18:47:09 ----D---- C:\WINDOWS\pss

2009-11-25 11:57:26 ----HDC---- C:\WINDOWS\$NtUninstallKB976098-v2$

2009-11-25 11:57:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$

2009-11-19 20:33:18 ----D---- C:\Documents and Settings\All Users\Application Data\PhotoMail

2009-11-19 20:33:16 ----D---- C:\Program Files\PhotoMail Maker

2009-11-11 18:56:35 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$

 

======List of files/folders modified in the last 1 months======

 

2009-12-09 18:52:46 ----D---- C:\WINDOWS\Prefetch

2009-12-09 18:49:50 ----D---- C:\WINDOWS\Temp

2009-12-09 18:49:39 ----D---- C:\WINDOWS\system32\CatRoot2

2009-12-09 18:27:26 ----A---- C:\WINDOWS\SchedLgU.Txt

2009-12-09 17:48:23 ----D---- C:\WINDOWS\system32\drivers

2009-12-09 17:41:37 ----RD---- C:\Program Files

2009-12-09 17:10:09 ----D---- C:\WINDOWS\system32

2009-12-09 17:10:09 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2009-12-09 17:09:02 ----D---- C:\WINDOWS

2009-12-09 16:26:20 ----SHD---- C:\WINDOWS\Installer

2009-12-09 16:25:31 ----D---- C:\WINDOWS\WinSxS

2009-12-09 16:23:12 ----RSHDC---- C:\WINDOWS\system32\dllcache

2009-12-09 16:23:12 ----HD---- C:\WINDOWS\inf

2009-12-09 16:23:02 ----D---- C:\WINDOWS\system32\CatRoot

2009-12-09 16:22:44 ----D---- C:\Program Files\Internet Explorer

2009-12-09 16:22:30 ----HD---- C:\WINDOWS\$hf_mig$

2009-12-09 16:19:19 ----D---- C:\WINDOWS\Debug

2009-12-09 14:50:24 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2009-12-09 13:52:50 ----D---- C:\Program Files\Spybot - Search & Destroy

2009-12-09 13:48:08 ----SH---- C:\boot.ini

2009-12-09 13:48:08 ----A---- C:\WINDOWS\win.ini

2009-12-09 13:48:08 ----A---- C:\WINDOWS\system.ini

2009-12-09 12:11:50 ----A---- C:\WINDOWS\BRWMARK.INI

2009-12-09 12:11:50 ----A---- C:\WINDOWS\BRPP2KA.INI

2009-12-09 11:48:44 ----D---- C:\Program Files\Socooc3D

2009-12-09 11:12:27 ----SHD---- C:\RECYCLER

2009-12-09 08:36:06 ----D---- C:\WINDOWS\Network Diagnostic

2009-12-08 22:31:57 ----SHD---- C:\System Volume Information

2009-12-08 22:31:57 ----D---- C:\WINDOWS\system32\Restore

2009-12-08 19:21:56 ----RSD---- C:\WINDOWS\Fonts

2009-12-08 19:21:35 ----D---- C:\WINDOWS\system32\spool

2009-12-08 12:36:36 ----SD---- C:\Documents and Settings\vigny\Application Data\Microsoft

2009-12-08 12:26:09 ----D---- C:\WINDOWS\system32\DirectX

2009-12-08 12:22:21 ----D---- C:\WINDOWS\Registration

2009-12-06 22:27:32 ----D---- C:\Python26

2009-12-06 12:50:43 ----D---- C:\Documents and Settings\All Users\Application Data\Barbie Fashion Show

2009-12-05 19:50:23 ----D---- C:\Program Files\Java

2009-12-05 14:44:22 ----D---- C:\Program Files\Google

2009-12-05 14:44:03 ----D---- C:\Documents and Settings\All Users\Application Data\Google

2009-12-05 14:43:44 ----D---- C:\Program Files\Zylom Games

2009-12-05 14:43:44 ----D---- C:\Documents and Settings\vigny\Application Data\Zylom

2009-12-05 14:43:44 ----D---- C:\Documents and Settings\vigny\Application Data\Identities

2009-12-05 10:41:10 ----D---- C:\Program Files\Fichiers communs

2009-12-01 21:06:19 ----A---- C:\WINDOWS\system32\MRT.exe

2009-11-30 16:49:41 ----D---- C:\Program Files\OpenOffice.org 3

2009-11-30 09:49:14 ----D---- C:\ikea

2009-11-29 14:23:20 ----D---- C:\Documents and Settings\vigny\Application Data\VSO

2009-11-26 18:16:51 ----D---- C:\Program Files\Mozilla Firefox

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 41856]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-10-14 28520]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-10-14 55656]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]

R3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2009-01-17 754560]

R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-07-14 14448]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 RTL8023xp;NETGEAR FA311v2 PCI Adapter; C:\WINDOWS\system32\DRIVERS\FA311XP.SYS [2006-01-24 78720]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]

S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2003-11-11 41984]

S3 gkmixern;gkmixern; \??\C:\DOCUME~1\vigny\LOCALS~1\Temp\gkmixern.sys []

S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []

S3 rtl8139;Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C); C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]

S3 Ser2pl;Prolific Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2003-07-16 43264]

S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-10-14 108289]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-10-14 185089]

R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]

R2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-05 182768]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2005-02-24 73728]

S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------