Virus - probleme FW - c'est quoi ce bins ?

Résolu
-CCM- Messages postés 927 Date d'inscription   Statut Membre Dernière intervention   -  
 gen-hackman -
Bonjour,

j'ai un gros souci ...

Lorsque mon pc emmet un son (music, son système) il est au ralenti (comme si il etait haché)
je pensai a une infection avec debordement de memoire... aucun processus d'inquietant ...la rame est libre a 90% !


Etrange..

Un scan AVAST me remonte quelque viruses ((2 ou 3) pourtant je ne telecharge pas (enfin très peu)!!
ok

Mais la c'est assez etrange, j'ai un FW look'n stop activé par defaut avec ma propre regle .. tout a toujours fonctionné normalement...

Mais la, apres 15 minutes de surf environ, il bloc mes flux PC>>> internet. plus de connexion..

Je desactive mon FW, le réactive sa remarche pour 15 minutes, puis blocage .... ya un souci la ..
Mon Hijackthisne me remonte rien d'alarmant.
J'ai remarqué quelques alertes dans mes logs me faisant pensé a un spyware (flux pc>> internet bloqué quand mon FW ne déconne pas )

Pouvez vous m'indiquez si vous avez deja eu ce genre de problemes ?
Avez vous d'es hypotheses ?





A voir également:

174 réponses

Précédent
Réponse 21 / 174
-CCM- Messages postés 927 Date d'inscription   Statut Membre Dernière intervention   84
 
c'est super long un scan de 80 Go ..... :(
0
Réponse 22 / 174
-CCM- Messages postés 927 Date d'inscription   Statut Membre Dernière intervention   84
 
Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1741
Windows 5.1.2600 Service Pack 2

12/02/2009 00:55:38
mbam-log-2009-02-12 (00-55-38).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 92203
Temps écoulé: 1 hour(s), 28 minute(s), 37 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)






Si ce que tu dis n'est pas plus beau que le silence, alors tais toi !!
0
Réponse 23 / 174
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...


-> laisse faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum


( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
0
Réponse 24 / 174
-CCM- Messages postés 927 Date d'inscription   Statut Membre Dernière intervention   84
 
re loloetseb, je suis rentré tot cette fois ci .....

je reprends tout a zero !

j''allume mon pc, y galere comme un fou
pourtant jmes perdfs sont correcte :
UC a 15%
Raam 400Mo sur 12 Go

mon HDD a l'air de bosser pas mal...

au demarrage, le son lagggue - pc lent.

Mon FW m'indique une tentative de connexion - giv69-3-88-177-143-24.fbx.proxa Internet >> PC
je relane mlmab apres je passe a toolbar S&D puis RSIT..

a toute (1h environs )
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 174
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
Ok fais la procedure 2 3 4 du post 10 .Ne fait pas Rsit pour l'instant
0
Réponse 26 / 174
-CCM- Messages postés 927 Date d'inscription   Statut Membre Dernière intervention   84
 
l'horloge système a fauit un bond d'une demi heure.. je viens de remarqué !!


que pense tu de sa ? http://img502.imageshack.us/img502/2316/32298804yl2.jpg

la plage d'adresse '88.174.0.0 - 88.187.255.255' appartuient a free ... un bug de chez eu ou une suspicion d'attaque par un freenaute?

121.14.* c'est Australien !!
125.90.55.* australien aussi
24.187.247.* adresse bizzar ....
0
Réponse 27 / 174
-CCM- Messages postés 927 Date d'inscription   Statut Membre Dernière intervention   84
 
Poste 10 - Etape 1 rapport malware 

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1741
Windows 5.1.2600 Service Pack 2

12/02/2009 18:50:07
mbam-log-2009-02-12 (18-50-07).txt

Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 130365
Temps écoulé: 1 hour(s), 45 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


poste 10 - etape 2 - Rapport toolbar S&D recherche : 

   -----------\\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Multiprocessor Free : Processeur Intel Pentium III Xeon )
   BIOS : BIOS Date: 03/18/08 16:03:21 Ver: 08.00.12
   USER : Administrateur ( Administrator )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total:19 Go (Free:5 Go)
   E:\ (Local Disk) - NTFS - Total:54 Go (Free:27 Go)
   G:\ (CD or DVD)
   J:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [1] ( 12/02/2009|19:53 )

   -----------\\  Recherche de Fichiers / Dossiers ...

   C:\Program Files\DAEMON Tools Toolbar
   C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml

   -----------\\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "Local Page"="C:\\WINDOWS\\system32\\blank.htm"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"


   --------------------\\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "C:\ToolBar SD\TB_1.txt" - 12/02/2009|19:54 - Option : [1]

   -----------\\  Fin du rapport a 19:54:05.74

eposte 10 - etape 3 - Rapport toolbar S&D suppression : 

   -----------\\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Multiprocessor Free : Processeur Intel Pentium III Xeon )
   BIOS : BIOS Date: 03/18/08 16:03:21 Ver: 08.00.12
   USER : Administrateur ( Administrator )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total:19 Go (Free:5 Go)
   E:\ (Local Disk) - NTFS - Total:54 Go (Free:27 Go)
   G:\ (CD or DVD)
   J:\ (CD or DVD)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [2] ( 12/02/2009|19:56 )

   -----------\\ SUPPRESSION

   Supprime! - C:\Program Files\DAEMON Tools Toolbar\_DTLite.xml
   Supprime! - C:\Program Files\DAEMON Tools Toolbar

   -----------\\  Recherche de Fichiers / Dossiers ...


   -----------\\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "Local Page"="C:\\WINDOWS\\system32\\blank.htm"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Start Page"="https://www.msn.com/fr-fr/"
   "Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm"


   --------------------\\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "C:\ToolBar SD\TB_1.txt" - 12/02/2009|19:54 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 12/02/2009|19:57 - Option : [2]

   -----------\\  Fin du rapport a 19:57:44.63

post 10 etape 3 - scan offline ad remover.. 
------- LOGFILE OF AD-REMOVER 1.1.1.1 | ONLY XP/VISTA -------

Updated by C_XX on 12/02/2009 at 19:00

Start at: 20:01:51 | Jeu 12/02/2009 | Boot mode: Normal Boot
Option: SCAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™  Service Pack 2 (version 5.1.2600)
Computer Name: GTX
User(s):
- Administrateur - Current User - Administrator
Drive(s): 
- C:\  (File System: NTFS)
- E:\  (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 40

+--------------------| Boonty/Boonty Games Elements Found:

.
.

+--------------------| Eorezo Elements Found:

.

+--------------------| Infected Poker Softwares Elements Found:

.

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Found:

.
.

+--------------------| It's TV Elements Found:

.

+--------------------| Sweetim Elements Found:

.

+--------------------| Added Scan:

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: wwpu5uf9.default
.
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.11 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.google.fr/

+-[HKEY_USERS\S-1-5-21-1645522239-299502267-839522115-500\..\Internet Explorer\Main]

Search bar: hxxp://www.google.com/ie
Search Page: hxxp://www.google.com
Start page: hxxp://www.google.fr/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=69157
Default_Search_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Search bar: hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
Search Page: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Start page: hxxp://www.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~2071 Bytes] - "C:\Ad-Report-Scan-12.02.2009.log"
-

End at: 20:03:55 | 12/02/2009
.
+--------------------| E.O.F - 56 Lines
.

0
Réponse 28 / 174
-CCM- Messages postés 927 Date d'inscription   Statut Membre Dernière intervention   84
 
Mouais je ne vois rien de méchant mais mon pc a l'air daller mieux !
Etrange j'ai louper un truc la :s
0
Réponse 29 / 174
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
Ok relances Ad remover,puis B,puis 4,puis S et postes moi le rapport
0
-CCM- Messages postés 927 Date d'inscription   Statut Membre Dernière intervention   84
 
je te poste sa ce soir vers 18h 18h30.

Le son déconne toujours un espece de hachage ... j'espere que ce n'est pas le HDD qui deconne :(
de plus diskeeper n'est plus dispo sur mon pc ! etrange !!

(diskeeper = defragmenteur de hdd)
0
Réponse 30 / 174
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
Relance Ad remover,puis B,puis 4,puis S et postes moi le rapport

Puis

Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

-> http://images.malwareremoval.com/random/RSIT.exe

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...


-> laisse faire le scan et ne touche pas au PC ...


Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum


( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
0
Réponse 31 / 174
-CCM- Messages postés 927 Date d'inscription   Statut Membre Dernière intervention   84
 
Suppression de FunWebProduct/MyWay/MyWebSearch 

------- LOGFILE OF AD-REMOVER 1.1.1.1 | ONLY XP/VISTA -------

Updated by C_XX on 12/02/2009 at 19:00

*** LIMITED TO ***

FunWebProduct/MyWay/MyWebSearch

******************

Start at: 19:02:16 | Ven 13/02/2009 | Boot mode: Normal Boot
Option: CLEAN | Executed from: C:\Program Files\Ad-remover\Ad-remover.bat
Operating System: Microsoft® Windows XP™  Service Pack 2 (version 5.1.2600)
Computer Name: GTX
User(s):
- Administrateur - Current User - Administrator
Drive(s): 
- C:\  (File System: NTFS)
- D:\  (File System: FAT32)
- E:\  (File System: NTFS)
- F:\  (File System: NTFS)
System Drive: C:\
Windows Directory: C:\WINDOWS\
System Directory: C:\WINDOWS\System32\

--- Running Processes: 49

(!) ---- IE start pages/Tabs reset

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements Deleted :

.
.

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.


+--------------------| Added Scan :

---- Mozilla FireFox Version 3.0.6 ----

ProfilePath: wwpu5uf9.default
.
.
.
.
.
.

---- Internet Explorer Version 7.0.5730.11 ----

+-[HKEY_CURRENT_USER\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_USERS\S-1-5-21-1645522239-299502267-839522115-500\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Search Page: hxxp://www.google.com
Start page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]

Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start page: hxxp://fr.msn.com/

+-[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]

Tabs: hxxp://ieframe.dll/tabswelcome.htm

+---------------------------------------------------------------------------+

[~2506 Bytes] - "C:\Ad-Report-Clean-13.02.2009.log"
[~2206 Bytes] - "C:\Ad-Report-Scan-12.02.2009.log"
-
C:\Program Files\Ad-remover\TOOLS\BACKUP\13.02.2009 - Prefs.js

End at: 19:04:20 | 13/02/2009
.
+--------------------| E.O.F - 57 Lines
.


RAS :S
0
Réponse 32 / 174
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
Tu peux m'envoyer les rapports Rsit
0
Réponse 33 / 174
-CCM- Messages postés 927 Date d'inscription   Statut Membre Dernière intervention   84
 
RSIT log.txt 

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-02-13 19:07:12
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 6 GB (30%) free of 20 GB
Total RAM: 2047 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07:20, on 13/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\UberIcon\UberIcon Manager.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Look 'n' Stop] "C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [LClock] C:\Program Files\LClock\lclock.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [RGSC] D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe"
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Tenable Nessus - Tenable Network Security - C:\Program Files\Tenable\Nessus\nessusd.exe

--
End of file - 9004 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1231946358.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-01-22 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-01-22 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-01-22 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
LinksFolderName
SaveLinksOrder
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Vistadrv"=C:\WINDOWS\system32\Vistadrive\vsdrv.exe [2006-07-30 121089]
"DiskeeperSystray"=C:\Program Files\Executive Software\Diskeeper\DkIcon.exe [2005-07-26 184408]
"Ai Nap"=C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe [2007-12-10 1412608]
"CPU Power Monitor"=C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe [2008-01-09 627200]
"Cpu Level Up help"=C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe [2007-11-30 881152]
"ASUS Energy Saving"=C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe [2008-01-24 1352192]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-06-16 13533184]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-06-16 86016]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-01-22 136600]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-11-26 81000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Look 'n' Stop"=C:\Program Files\Soft4Ever\looknstop\looknstop.exe [2008-11-25 557056]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-11-07 17421824]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe []
"00PCTFW"=C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe [2009-01-21 2652056]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2006-09-08 678912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips"=C:\Windows\System32\VisualTaskTips.exe [2006-07-05 36864]
"TweakRAM"=C:\Program Files\TweakRAM\TweakRAM.exe [2006-04-15 907264]
"LClock"=C:\Program Files\LClock\lclock.exe [2004-09-19 65536]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]
"RGSC"=D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-12-28 306088]
"UberIcon"=C:\Program Files\UberIcon\UberIcon Manager.exe [2005-08-12 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Diskeeper"=2

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
hp psc 1000 series.lnk - D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2008-10-16 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-27 3584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\jeux\Counter-Strike Source\hl2.exe"="C:\jeux\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\EA GAMES\MOHDA\MOHAA.exe"="C:\Program Files\EA GAMES\MOHDA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\Program Files\EA GAMES\Medal of Honor Batailles du Pacifique(tm)\mohpa.exe"="C:\Program Files\EA GAMES\Medal of Honor Batailles du Pacifique(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"D:\jeux\UT2003\System\UT2003.exe"="D:\jeux\UT2003\System\UT2003.exe:*:Enabled:UT2003"
"C:\Documents and Settings\Administrateur\Bureau\Unreal Tournament\System\UnrealTournament.exe"="C:\Documents and Settings\Administrateur\Bureau\Unreal Tournament\System\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="D:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\Program Files\Activision\Call of Duty-World at War\CoDWaW.exe"="D:\Program Files\Activision\Call of Duty-World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"D:\Program Files\Activision\Call of Duty-World at War\CoDWaWmp.exe"="D:\Program Files\Activision\Call of Duty-World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

======List of files/folders created in the last 2 months======

2009-02-13 19:07:12 ----D---- C:\rsit
2009-02-12 20:23:10 ----D---- C:\Documents and Settings\Administrateur\Application Data\PCToolsFirewallPlus
2009-02-12 20:18:33 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-12 20:18:05 ----D---- C:\Program Files\Fichiers communs\PC Tools
2009-02-12 20:17:56 ----D---- C:\Program Files\PC Tools Firewall Plus
2009-02-12 20:01:17 ----D---- C:\Program Files\Ad-remover
2009-02-12 19:53:33 ----A---- C:\TB.txt
2009-02-12 00:43:56 ----D---- C:\ToolBar SD
2009-02-10 12:22:41 ----SHD---- C:\Config.Msi
2009-02-09 01:04:13 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2009-02-09 01:03:15 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-09 01:03:15 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-08 23:43:54 ----A---- C:\WINDOWS\system32\reboot.txt
2009-02-08 00:24:38 ----D---- C:\Program Files\Tenable
2009-02-07 22:47:53 ----D---- C:\Program Files\Trend Micro
2009-02-04 13:23:45 ----D---- C:\spoolerlogs
2009-01-28 19:00:03 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-01-28 19:00:03 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-01-28 19:00:03 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-01-28 19:00:03 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-01-28 19:00:02 ----D---- C:\Program Files\Real Alternative
2009-01-28 19:00:02 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-01-28 19:00:02 ----D---- C:\Documents and Settings\Administrateur\Application Data\Real
2009-01-27 22:09:58 ----A---- C:\WINDOWS\system32\libssl32.dll
2009-01-27 22:09:56 ----D---- C:\OpenSSL
2009-01-22 20:33:12 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-01-14 16:19:46 ----D---- C:\Documents and Settings\Administrateur\Application Data\Hewlett-Packard
2009-01-14 16:11:28 ----D---- C:\Program Files\Fichiers communs\Hewlett-Packard
2009-01-14 16:09:35 ----RA---- C:\WINDOWS\system32\HPZisn12.dll
2009-01-14 16:09:35 ----RA---- C:\WINDOWS\system32\HPZipt12.dll
2009-01-14 16:09:34 ----RA---- C:\WINDOWS\system32\HPZipr12.dll
2009-01-14 16:09:34 ----RA---- C:\WINDOWS\system32\HPZipm12.exe
2009-01-14 16:09:34 ----RA---- C:\WINDOWS\system32\HPZinw12.exe
2009-01-14 16:09:34 ----RA---- C:\WINDOWS\system32\HPZidr12.dll
2009-01-14 16:08:10 ----RA---- C:\WINDOWS\system32\HPZc3212.dll
2009-01-14 16:08:10 ----RA---- C:\WINDOWS\system32\hpovst08.dll
2009-01-14 16:08:09 ----RA---- C:\WINDOWS\system32\hpotscl.dll
2009-01-03 10:54:46 ----D---- C:\Update
2008-12-30 23:37:32 ----D---- C:\Documents and Settings\Administrateur\Application Data\U3
2008-12-28 20:05:52 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$
2008-12-28 20:04:07 ----D---- C:\Program Files\MSBuild
2008-12-28 20:02:05 ----D---- C:\WINDOWS\system32\XPSViewer
2008-12-28 20:02:03 ----D---- C:\WINDOWS\system32\en-us
2008-12-28 20:01:27 ----D---- C:\Program Files\Reference Assemblies
2008-12-28 20:01:04 ----N---- C:\WINDOWS\system32\spmsg2.dll
2008-12-28 20:00:51 ----N---- C:\WINDOWS\system32\spmsg.dll
2008-12-28 20:00:50 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2008-12-28 19:54:32 ----D---- C:\Documents and Settings\Administrateur\Application Data\Help
2008-12-18 00:20:15 ----D---- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-12-18 00:20:12 ----A---- C:\WINDOWS\system32\LMIport.dll
2008-12-18 00:20:11 ----A---- C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-12-18 00:20:01 ----A---- C:\WINDOWS\system32\LMIinit.dll

======List of files/folders modified in the last 2 months======

2009-02-13 19:04:32 ----D---- C:\Program Files\Mozilla Firefox
2009-02-13 19:02:23 ----D---- C:\WINDOWS\Temp
2009-02-13 19:02:23 ----D---- C:\WINDOWS
2009-02-13 19:01:53 ----D---- C:\WINDOWS\system32
2009-02-13 19:01:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-13 00:40:44 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-13 00:40:42 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-12 20:34:02 ----D---- C:\WINDOWS\system32\drivers
2009-02-12 20:18:19 ----HD---- C:\WINDOWS\inf
2009-02-12 20:18:17 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-12 20:18:05 ----D---- C:\Program Files\Fichiers communs
2009-02-12 20:17:56 ----D---- C:\Program Files
2009-02-10 12:23:26 ----SHD---- C:\WINDOWS\Installer
2009-02-08 00:33:01 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-08 00:29:53 ----D---- C:\WINDOWS\Internet Logs
2009-02-08 00:24:55 ----HD---- C:\Program Files\InstallShield Installation Information
2009-02-08 00:24:05 ----A---- C:\WINDOWS\MyDrivers.ini
2009-02-07 23:18:26 ----D---- C:\Documents and Settings\Administrateur\Application Data\DNA
2009-01-22 20:33:00 ----A---- C:\WINDOWS\system32\javaws.exe
2009-01-22 20:33:00 ----A---- C:\WINDOWS\system32\javaw.exe
2009-01-22 20:33:00 ----A---- C:\WINDOWS\system32\java.exe
2009-01-22 20:32:57 ----D---- C:\Program Files\Java
2009-01-14 16:20:13 ----D---- C:\WINDOWS\system32\FxsTmp
2009-01-14 16:19:57 ----SD---- C:\WINDOWS\Tasks
2009-01-14 16:19:37 ----A---- C:\WINDOWS\win.ini
2009-01-14 16:08:10 ----D---- C:\WINDOWS\twain_32
2009-01-11 15:07:51 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2009-01-06 03:18:12 ----D---- C:\Program Files\CCleaner
2008-12-31 12:25:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-28 22:28:21 ----RSD---- C:\WINDOWS\assembly
2008-12-28 22:28:03 ----D---- C:\WINDOWS\Microsoft.NET
2008-12-28 20:05:40 ----D---- C:\WINDOWS\system32\fr-fr
2008-12-28 20:02:01 ----RSD---- C:\WINDOWS\Fonts
2008-12-28 20:01:11 ----D---- C:\WINDOWS\system32\spool
2008-12-28 20:01:06 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-28 19:54:32 ----D---- C:\Program Files\WinRAR
2008-12-27 22:27:31 ----D---- C:\Program Files\Messenger Plus! Live
2008-12-18 00:25:25 ----A---- C:\WINDOWS\ModemLog_SAMSUNG Mobile Modem.txt
2008-12-14 19:43:08 ----D---- C:\Documents and Settings\Administrateur\Application Data\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2008-11-26 26944]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2007-12-17 12400]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2008-11-26 111184]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2008-11-26 50864]
R1 GhPciScan;GhostPciScanner; \??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys []
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-28 40320]
R1 lnsfw1;lnsfw1; C:\WINDOWS\system32\drivers\lnsfw1.sys [2008-11-25 79232]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 VBoxDrv;VirtualBox Service; C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys [2008-10-23 96016]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys [2008-10-23 41744]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2003-05-28 17005]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-11-26 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2008-11-26 94032]
R2 AWISp50;AWISp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\AWISp50.sys [2006-03-15 17664]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-10-24 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2008-11-26 23152]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2006-10-09 138752]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-11-11 4946944]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2006-10-09 5810]
R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-12-08 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-06-16 6002816]
R3 SFilter;PCTools Driver; C:\WINDOWS\system32\DRIVERS\pctfw.sys [2008-09-22 97408]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-04-19 30080]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-09-01 59264]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2008-05-20 288896]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 a41wmqyb;a41wmqyb; C:\WINDOWS\system32\drivers\a41wmqyb.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-09 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-09 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-09 21456]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2007-07-28 517632]
S3 RT73;Belkin Wireless G Plus MIMO USB Network Adapter Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2005-11-24 245248]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\sscdbus.sys [2007-07-03 80552]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys [2007-07-03 11944]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\WINDOWS\system32\DRIVERS\sscdmdm.sys [2007-07-03 106792]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 StreamSurge;StreamSurge Driver (miniport); C:\WINDOWS\system32\DRIVERS\ss.sys []
S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2005-06-17 31744]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2005-07-30 121856]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-28 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-11-26 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-11-26 155160]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-01-22 152984]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-06-16 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-11-24 66872]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-11-26 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-11-26 352920]
R3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-20 36864]
R3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 268800]
S2 Tenable Nessus;Tenable Nessus; C:\Program Files\Tenable\Nessus\nessusd.exe [2008-07-31 13312]
S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 GhostStartService;GhostStartService; C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe [2003-05-28 200704]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-11-17 195752]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-09 65795]
S3 usnjsvc;Service Messenger Sharing Folders USN Journal Reader; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-24 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 Diskeeper;Diskeeper; C:\Program Files\Executive Software\Diskeeper\DkService.exe [2005-07-26 606316]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------
0
Réponse 34 / 174
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
Je dois partir,je te donnerais la procedure a suivre dans la soirée
0
Réponse 35 / 174
-CCM- Messages postés 927 Date d'inscription   Statut Membre Dernière intervention   84
 
RSIT info.txt 

info.txt logfile of random's system information tool 1.05 2009-02-13 19:07:21

======Uninstall list======

-->MsiExec /X{CD6E97C6-310B-487A-945E-18965FF0E20E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Ad-remover-->C:\Program Files\Ad-remover\Uninstal.exe
AI Suite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{310BC5E2-31AF-49BB-904D-E71EB93645DC}\setup.exe" -l0x40c 
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Call of Duty(R) - World at War(TM) 1.1 Patch-->C:\Program Files\InstallShield Installation Information\{AFAE2B15-89A0-4215-A030-F7B5B478886B}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) - World at War(TM)-->C:\Program Files\InstallShield Installation Information\{D80A6A73-E58A-4673-AFF5-F12D7110661F}\setup.exe -runfromtemp -l0x040c
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Diskeeper Professional Edition-->MsiExec.exe /X{DBCD6910-F929-4D46-B867-3EBEA4A1D409}
EasyPHP 2.0b1-->"C:\Program Files\EasyPHP 2.0b1\unins000.exe"
FileZilla Client 3.1.5-->C:\Program Files\FileZilla FTP Client\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
J2SE Runtime Environment 5.0 Update 12-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150120}
Jasc Paint Shop Pro 9-->MsiExec.exe /I{F843C6A3-224D-4615-94F8-3C461BD9AEA0}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 2.77 Standard-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LiveReg (Symantec Corporation)-->C:\Program Files\Fichiers communs\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 1.80 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Look 'n' Stop 2.06p3-->"C:\Program Files\Soft4Ever\looknstop\looknstop.exe" -uninst
Ma-Config.com-->MsiExec.exe /X{3A4EE7A4-356E-43B7-A4A3-9C55B22A05B3}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->C:\Program Files\Marvell\Miniport Driver\Uninst.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB886903)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M886903\M886903Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft .NET Framework 3.0 French Language Pack-->MsiExec.exe /X{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}
Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - FRA\install.exe
Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0-->C:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 French Language Pack\setup.exe
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB925672)-->MsiExec.exe /I{A9CF9052-F4A0-475D-A00F-A8388C62DD63}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 6.0 Parser (KB927977)-->MsiExec.exe /I{025B7033-5D4A-4B72-A1C2-84BE4BE2F72F}
Need for Speed™ Undercover-->MsiExec.exe /X{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}
Nero 7 Lite v7.5.7.0-->"C:\Program Files\Nero\unins000.exe"
Norton Ghost-->MsiExec.exe /I{BBAAACFA-B012-4367-ADDA-4DDCDFD48F96}
Notepad++-->C:\Program Files\Notepad++\uninstall.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.06.12-->MsiExec.exe /X{CD6E97C6-310B-487A-945E-18965FF0E20E}
OpenSSL 0.9.6m-->C:\OpenSSL\unins000.exe
PC Inspector File Recovery-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}\Setup.exe" -l0x40c 
PC Tools Firewall Plus 5.0-->C:\Program Files\PC Tools Firewall Plus\unins000.exe /LOG
Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Photo et imagerie HP 2.0 - hp psc 1200 series-->D:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
Pure-->C:\Program Files\InstallShield Installation Information\{FF3C203A-2F19-43A2-9C7C-EC1B5A0FC873}\setup.exe -runfromtemp -l0x0c0c Pure -removeonly
Qtracker-->C:\jeux\Qtracker\UNWISE.EXE C:\jeux\Qtracker\INSTALL.LOG
Real Alternative 1.9.0-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c  -removeonly
Rockstar Games Social Club-->"C:\Program Files\InstallShield Installation Information\{08B3869E-D282-424C-9AFC-870E04A4BA14}\setup.exe" -runfromtemp -l0x040c -removeonly
Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update pour Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Sun xVM VirtualBox-->MsiExec.exe /I{750952C0-2EB3-4C4F-AFA9-364E7EB06291}
Tenable Nessus-->"C:\Program Files\InstallShield Installation Information\{1E528EAB-EC8A-45C4-8EB2-5F9C57E17984}\setup.exe" -runfromtemp -l0x0409 -removeonly
Tenable Nessus-->MsiExec.exe /I{1E528EAB-EC8A-45C4-8EB2-5F9C57E17984}
Unreal Tournament 2003-->D:\jeux\UT2003\System\Setup.exe uninstall "UT2003"
VideoLAN VLC media player 0.8.6b-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (FRA)-->MsiExec.exe /X{6901DD22-527A-41EF-9059-E81FEDE9E494}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation FR Language Pack-->MsiExec.exe /I{B84C141C-9A13-44BE-9A69-301D7B11D836}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

Securitycenter WMI appears to be broken

System event log

Computer Name: GTX
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Pml Driver HPZ12.

Record Number: 11049
Source Name: Service Control Manager
Time Written: 20090115122336.000000+060
Event Type: Informations
User: GTX\Administrateur

Computer Name: GTX
Event Code: 7036
Message: Le service Pml Driver HPZ12 est entré dans l'état : en cours d'exécution.

Record Number: 11048
Source Name: Service Control Manager
Time Written: 20090115122336.000000+060
Event Type: Informations
User: 

Computer Name: GTX
Event Code: 7036
Message: Le service Fax est entré dans l'état : arrêté.

Record Number: 11047
Source Name: Service Control Manager
Time Written: 20090115122336.000000+060
Event Type: Informations
User: 

Computer Name: GTX
Event Code: 7036
Message: Le service Compatibilité avec le Changement rapide d'utilisateur est entré dans l'état : en cours d'exécution.

Record Number: 11046
Source Name: Service Control Manager
Time Written: 20090115122336.000000+060
Event Type: Informations
User: 

Computer Name: GTX
Event Code: 7036
Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

Record Number: 11045
Source Name: Service Control Manager
Time Written: 20090115122336.000000+060
Event Type: Informations
User: 

Application event log

Computer Name: GTX
Event Code: 32026
Message: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI).
Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé.

Record Number: 3922
Source Name: Microsoft Fax
Time Written: 20081119204916.000000+060
Event Type: Avertissement
User: 

Computer Name: GTX
Event Code: 2
Message: Le centre de contrôle de Diskeeper a étEactivE
Service Diskeeper démarré

Record Number: 3921
Source Name: Diskeeper
Time Written: 20081119204909.000000+060
Event Type: Informations
User: 

Computer Name: GTX
Event Code: 32068
Message: La règle de routage de trafic sortant n'est pas valide car elle ne peut pas trouver de périphérique valide. Les télécopies sortantes qui utilisent cette règle ne peuvent pas être acheminées. Vérifiez que le ou les périphériques concernés (en cas de routage vers un groupe de périphériques) sont connectés et installés correctement et allumés. En cas de routage vers un groupe, vérifiez que le groupe est configuré correctement.
Code de pays/région : '*'
Indicatif régional : '*'

Record Number: 3920
Source Name: Microsoft Fax
Time Written: 20081119204002.000000+060
Event Type: Avertissement
User: 

Computer Name: GTX
Event Code: 32026
Message: Le service de télécopie n'a pas pu initialiser de périphériques de télécopies attribués (virtuel ou TAPI).
Aucune télécopie ne peut être envoyée ou reçue tant qu'un périphérique de télécopies n'a pas été installé.

Record Number: 3919
Source Name: Microsoft Fax
Time Written: 20081119204002.000000+060
Event Type: Avertissement
User: 

Computer Name: GTX
Event Code: 2
Message: Le centre de contrôle de Diskeeper a étEactivE
Service Diskeeper démarré

Record Number: 3918
Source Name: Diskeeper
Time Written: 20081119203924.000000+060
Event Type: Informations
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Executive Software\Diskeeper\;"C:\Program Files\Symantec\Norton Ghost 2003\";C:\Program Files\Samsung\Samsung PC Studio 3\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"RGSCLauncher"=D:\Program Files\Rockstar Games\Rockstar Games Social Club
"RGSC"=D:\Program Files\Rockstar Games\Rockstar Games Social Club\1_0_0_0
"OPENSSL_CONF"=C:\OpenSSL\bin\openssl.cnf

-----------------EOF-----------------
0
Réponse 36 / 174
-CCM- Messages postés 927 Date d'inscription   Statut Membre Dernière intervention   84
 
Je dois partir,je te donnerais la procedure a suivre dans la soirée
--> Merci a toi c'est sympa .... a+

bon tu onnais a peu pres toute ma vie ..... jeux en reseau+jeux en reseau+jeux en reseau ! lol
0
Réponse 37 / 174
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
A/Relance hijack this,fais "do a scan only",puis coches cette ligne et cleques sur fix

R3 - Default URLSearchHook is missing

B/ Télécharge SDFix d' AndyManchesta

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe sur ton Bureau.

Tutorial ici
1)
https://www.malekal.com/slenfbot-still-an-other-irc-bot/

Double clique sur SDFix.exe et choisis Install. L'outil sera extrait à la racine du lecteur système (généralement le C:\)
N y touche pas pour l instant.

2) Redémarre en mode sans échec

3) SDFix
* Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
· Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
0
Réponse 38 / 174
-CCM- Messages postés 927 Date d'inscription   Statut Membre Dernière intervention   84
 
--Report.txt 

[b]SDFix: Version 1.240 [/b]
Run by Administrateur on 14/02/2009 at 16:42

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File
Restoring Missing Security Center Service 

Rebooting


[b]Checking Files [/b]: 

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:
 


                                 [b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 17:25:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:bd,16,36,58,9b,ee,c7,aa,e9,49,a1,c4,f4,c3,1d,07,59,d6,40,1c,c9,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ec,7f,cc,4f,1c,8b,59,7b,84,48,8e,e0,b0,a9,c0,ca,22,..
"khjeh"=hex:43,91,ab,b0,b2,a1,ed,3d,43,6b,73,81,73,ef,32,ab,a2,04,35,32,a8,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e1,c6,7f,e5,3d,7d,4f,f6,9a,bb,51,8a,4b,d6,14,e7,e5,6b,b9,de,3f,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools Lite\"
"h0"=dword:00000000
"khjeh"=hex:bd,16,36,58,9b,ee,c7,aa,e9,49,a1,c4,f4,c3,1d,07,59,d6,40,1c,c9,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,ec,7f,cc,4f,1c,8b,59,7b,84,48,8e,e0,b0,a9,c0,ca,22,..
"khjeh"=hex:43,91,ab,b0,b2,a1,ed,3d,43,6b,73,81,73,ef,32,ab,a2,04,35,32,a8,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:e1,c6,7f,e5,3d,7d,4f,f6,9a,bb,51,8a,4b,d6,14,e7,e5,6b,b9,de,3f,..

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\jeux\\Counter-Strike Source\\hl2.exe"="C:\\jeux\\Counter-Strike Source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"="C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)"
"C:\\Program Files\\EA GAMES\\Medal of Honor Batailles du Pacifique(tm)\\mohpa.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Batailles du Pacifique(tm)\\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"D:\\jeux\\UT2003\\System\\UT2003.exe"="D:\\jeux\\UT2003\\System\\UT2003.exe:*:Enabled:UT2003"
"C:\\Documents and Settings\\Administrateur\\Bureau\\Unreal Tournament\\System\\UnrealTournament.exe"="C:\\Documents and Settings\\Administrateur\\Bureau\\Unreal Tournament\\System\\UnrealTournament.exe:*:Enabled:UnrealTournament"
"C:\\Program Files\\ma-config.com\\maconfservice.exe"="C:\\Program Files\\ma-config.com\\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"D:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"="D:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\\Program Files\\Activision\\Call of Duty-World at War\\CoDWaW.exe"="D:\\Program Files\\Activision\\Call of Duty-World at War\\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"D:\\Program Files\\Activision\\Call of Duty-World at War\\CoDWaWmp.exe"="D:\\Program Files\\Activision\\Call of Duty-World at War\\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM) "
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Sun  3 Aug 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri  2 May 2008     3,493,888 A..H. --- "C:\Documents and Settings\Administrateur\Application Data\U3\temp\Launchpad Removal.exe"
Wed 28 May 2003        65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Wed 28 May 2003        12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 28 May 2003        26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Wed 28 May 2003        28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 28 May 2003        10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 28 May 2003        10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 28 May 2003        10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 28 May 2003        29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 28 May 2003        12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 28 May 2003        11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 28 May 2003        17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 28 May 2003         9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Wed 28 May 2003         7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Wed 28 May 2003        13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Wed 28 May 2003        14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Wed 28 May 2003         7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Wed 28 May 2003         7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Wed 28 May 2003         7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Wed 28 May 2003         7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 28 May 2003        24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 28 May 2003         7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Wed 28 May 2003         7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Wed 28 May 2003        10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 28 May 2003        25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 28 May 2003        28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 28 May 2003        14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Wed 28 May 2003         8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Wed 28 May 2003        33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Wed 28 May 2003        51,150 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
Wed 28 May 2003        35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
Wed 28 May 2003        14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
Wed 28 May 2003        37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
Wed 28 May 2003        44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
Wed 28 May 2003        29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
Wed 28 May 2003        52,106 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
Wed 28 May 2003        49,250 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
Wed 28 May 2003        50,600 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
Wed 28 May 2003       161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
Wed 28 May 2003       174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
Wed 28 May 2003        21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
Wed 28 May 2003        30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
Wed 28 May 2003       202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
Wed 28 May 2003       374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
Wed 28 May 2003        22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
Wed 28 May 2003         1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
Wed 28 May 2003        15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
Wed 28 May 2003         7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
Wed 28 May 2003        56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
Wed 28 May 2003        64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
Wed 28 May 2003        32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
Wed 28 May 2003        14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
Wed 28 May 2003        10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
Wed 28 May 2003        53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
Wed 28 May 2003        15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
Wed 28 May 2003        37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
Wed 28 May 2003       354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
Wed 28 May 2003        21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
Wed 28 May 2003       354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
Wed 28 May 2003         8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
Wed 28 May 2003        41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
Wed 28 May 2003       129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
Wed 28 May 2003        28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
Wed 28 May 2003        13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
Wed 28 May 2003       130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
Wed 28 May 2003        11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 28 May 2003        52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 28 May 2003        62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 28 May 2003        11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Wed 28 May 2003        17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Wed 28 May 2003        17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Wed 28 May 2003        11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Wed 28 May 2003        18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 28 May 2003        48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Wed 28 May 2003        13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 28 May 2003         9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 28 May 2003        12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Wed 28 May 2003        44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 28 May 2003        56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 28 May 2003        44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 28 May 2003         9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Wed 28 May 2003         9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Wed 28 May 2003        32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Wed 28 May 2003        52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 28 May 2003        48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Wed 28 May 2003        50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 28 May 2003        33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Wed 28 May 2003        50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 28 May 2003        50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 28 May 2003        48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 28 May 2003        48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 28 May 2003        49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Wed 28 May 2003        53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
Wed 28 May 2003        44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
Wed 28 May 2003        42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"

[b]Finished![/b]
0
Réponse 39 / 174
loloetseb Messages postés 5508 Date d'inscription   Statut Membre Dernière intervention   174
 
Télécharge SmitfraudFix (de S!Ri, balltrap34 et moe31)

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Tutorial ici

http://www.malekal.com/tutorial_SmitFraudfix.php

- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l’option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse.
Note :
Process.exe est détecté par certains antivirus comme étant un risktool. Il ne s’agit pas d’un virus mais d’un utilitaire destiné à mettre fin à des processus.

/!\ Ne fais l’étape 2 que si on te le demande, on doit d’abord examiner le premier rapport de SmitfraudFix /!\
0
Réponse 40 / 174
-CCM- Messages postés 927 Date d'inscription   Statut Membre Dernière intervention   84
 
YA PAS L4EXE ...

j'ai SmitfraudFix.cmd
SmiUpdate.exe
ET LE RESTE EN EXE
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
message de postmaster incessant !
wasap -
wasap -

9 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses