pc infecter par antivirus 360 rapport hijacktFermé

Question

Bonjour,
voila le rapport


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33:02, on 28/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\icon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Internet Explorer CG13
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B4868E3-767E-4A1C-A792-3CC451BA8CAC} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: &Research - {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} - C:\WINDOWS\system32\winconfig.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\icon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O20 - Winlogon Notify: ljjgdeb - ljjgdeb.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

Destrio5 · Answer

Salut,

- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.

- Double-clique sur RSIT.exe afin de lancer le programme.

- Clique sur Continue à l'écran Disclaimer.

- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).

Note : Les rapports sont sauvegardés dans le dossier C:\rsit.

Destrio5 · Answer

Il faut les poster ici.

gagounette26 · Answer

voila le rapport log.text Logfile of random's system information tool 1.05 (written by random/random) Run by utilisateur at 2009-02-28 21:48:02 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 7 GB (49%) free of 14 GB Total RAM: 223 MB (37% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:48:11, on 28/02/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\icon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\slserv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe D:\RSIT.exe C:\Program Files\Trend Micro\HijackThis\utilisateur.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Internet Explorer CG13 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {9B4868E3-767E-4A1C-A792-3CC451BA8CAC} - (no file) O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file) O2 - BHO: &Research - {D263FA6D-84CC-48A8-9AF6-C664362B7A5B} - C:\WINDOWS\system32\winconfig.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\icon.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32 wprovau.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com O20 - Winlogon Notify: ljjgdeb - ljjgdeb.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe End of file - 5425 bytes ======Scheduled tasks folder====== C:\WINDOWS asks\At1.job C:\WINDOWS asks\At2.job C:\WINDOWS asks\At3.job C:\WINDOWS asks\Google Software Updater.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B4868E3-767E-4A1C-A792-3CC451BA8CAC}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}] &Research - C:\WINDOWS\system32\winconfig.dll [2009-02-25 300032] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-01-07 46592] "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2002-10-25 126976] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2002-10-25 561152] "icon"=C:\WINDOWS\system32\icon.exe [2003-08-18 204800] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2007-01-15 108160] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-12-02 68856] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-06 3885408] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] C:\Program Files\QuickTime\qttask.exe [2006-05-18 98304] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WL] C:\WINDOWS\system32\WL.exe [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjgdeb] ljjgdeb.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 267304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{9B4868E3-767E-4A1C-A792-3CC451BA8CAC}"= [] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "authentication packages"=msv1_0 C:\WINDOWS\system32\gebay.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot etwork m] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot etwork m.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot etwork\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "E:\Codemasters\Severance\Bin\Blade.exe"="E:\Codemasters\Severance\Bin\Blade.exe:*:Enabled:Blade" "C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\9BUPNTEK\wow[1].exe"="C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\9BUPNTEK\wow[1].exe:*:Enabled:Blizzard Downloader" "C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1SSEW0R\BurningCrusade[1].exe"="C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\R1SSEW0R\BurningCrusade[1].exe:*:Enabled:Blizzard Downloader" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======List of files/folders created in the last 1 months====== 2009-02-28 21:48:02 ----D---- C: sit 2009-02-28 21:30:37 ----D---- C:\Program Files\Trend Micro 2009-02-28 09:01:57 ----D---- C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2009-02-27 23:50:08 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$ 2009-02-27 23:49:55 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$ 2009-02-27 23:49:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$ 2009-02-27 14:56:20 ----D---- C:\Program Files\Messenger Plus! Live 2009-02-27 14:42:56 ----D---- C:\Program Files\Microsoft 2009-02-27 14:42:12 ----D---- C:\Program Files\Windows Live SkyDrive 2009-02-27 14:37:53 ----D---- C:\Program Files\Fichiers communs\Windows Live 2009-02-27 08:12:34 ----A---- C:\WINDOWS\OEWABLog.txt 2009-02-27 08:10:55 ----D---- C:\WINDOWS\Prefetch 2009-02-27 02:39:52 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$ 2009-02-27 02:39:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$ 2009-02-27 02:38:43 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$ 2009-02-27 02:38:15 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$ 2009-02-27 02:37:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$ 2009-02-27 02:37:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$ 2009-02-27 02:36:38 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$ 2009-02-27 02:36:03 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$ 2009-02-27 02:35:33 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$ 2009-02-27 02:35:05 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$ 2009-02-27 02:34:38 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$ 2009-02-27 02:34:11 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$ 2009-02-27 02:33:27 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$ 2009-02-27 02:32:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$ 2009-02-27 02:27:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$ 2009-02-27 02:22:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$ 2009-02-27 02:17:31 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$ 2009-02-27 02:12:27 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$ 2009-02-27 02:06:53 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$ 2009-02-27 01:40:12 ----A---- C:\WINDOWS\setuplog.txt 2009-02-27 01:15:15 ----D---- C:\Program Files\Messenger 2009-02-27 01:12:46 ----D---- C:\Program Files\msn 2009-02-27 01:12:41 ----D---- C:\WINDOWS\l2schemas 2009-02-27 01:12:38 ----D---- C:\WINDOWS\system32\fr 2009-02-27 00:37:22 ----A---- C:\WINDOWS\imsins.BAK 2009-02-27 00:15:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$ 2009-02-26 23:12:17 ----A---- C:\WINDOWS\system32\MRT.exe 2009-02-26 22:41:34 ----N---- C:\WINDOWS\system32\wmphoto.dll 2009-02-26 22:41:22 ----N---- C:\WINDOWS\system32\wlanapi.dll 2009-02-26 22:41:15 ----N---- C:\WINDOWS\system32\windowscodecsext.dll 2009-02-26 22:41:15 ----N---- C:\WINDOWS\system32\windowscodecs.dll 2009-02-26 22:40:37 ----N---- C:\WINDOWS\system32 spkg.dll 2009-02-26 22:40:36 ----N---- C:\WINDOWS\system32 sgqec.dll 2009-02-26 22:39:35 ----N---- C:\WINDOWS\system32\setupn.exe 2009-02-26 22:39:08 ----N---- C:\WINDOWS\system32 httpaa.dll 2009-02-26 22:38:58 ----N---- C:\WINDOWS\system32 asqec.dll 2009-02-26 22:38:53 ----N---- C:\WINDOWS\system32\qutil.dll 2009-02-26 22:38:46 ----N---- C:\WINDOWS\system32\qcliprov.dll 2009-02-26 22:38:46 ----N---- C:\WINDOWS\system32\qagentrt.dll 2009-02-26 22:38:45 ----N---- C:\WINDOWS\system32\qagent.dll 2009-02-26 22:38:35 ----N---- C:\WINDOWS\system32\photometadatahandler.dll 2009-02-26 22:38:20 ----N---- C:\WINDOWS\system32\onex.dll 2009-02-26 22:37:31 ----N---- C:\WINDOWS\system32 apstat.exe 2009-02-26 22:37:30 ----N---- C:\WINDOWS\system32 apmontr.dll 2009-02-26 22:37:30 ----N---- C:\WINDOWS\system32 apipsec.dll 2009-02-26 22:37:25 ----N---- C:\WINDOWS\system32\msxml6r.dll 2009-02-26 22:37:25 ----N---- C:\WINDOWS\system32\msxml6.dll 2009-02-26 22:37:12 ----N---- C:\WINDOWS\system32\msshavmsg.dll 2009-02-26 22:37:12 ----N---- C:\WINDOWS\system32\mssha.dll 2009-02-26 22:35:44 ----N---- C:\WINDOWS\system32\mmcperf.exe 2009-02-26 22:35:42 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll 2009-02-26 22:35:42 ----N---- C:\WINDOWS\system32\mmcex.dll 2009-02-26 22:35:41 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll 2009-02-26 22:34:46 ----N---- C:\WINDOWS\system32\l2gpstore.dll 2009-02-26 22:34:42 ----N---- C:\WINDOWS\system32\kmsvc.dll 2009-02-26 22:34:38 ----N---- C:\WINDOWS\system32\kbdpash.dll 2009-02-26 22:34:38 ----N---- C:\WINDOWS\system32\kbdnepr.dll 2009-02-26 22:34:37 ----N---- C:\WINDOWS\system32\kbdiultn.dll 2009-02-26 22:34:36 ----N---- C:\WINDOWS\system32\kbdbhc.dll 2009-02-26 22:34:15 ----N---- C:\WINDOWS\system32\smtpapi.dll 2009-02-26 22:34:12 ----N---- C:\WINDOWS\system32 wnh.dll 2009-02-26 22:32:12 ----A---- C:\WINDOWS\003225_.tmp 2009-02-26 22:31:59 ----N---- C:\WINDOWS\system32\eapsvc.dll 2009-02-26 22:31:59 ----N---- C:\WINDOWS\system32\eapqec.dll 2009-02-26 22:31:58 ----N---- C:\WINDOWS\system32\eappprxy.dll 2009-02-26 22:31:58 ----N---- C:\WINDOWS\system32\eapphost.dll 2009-02-26 22:31:58 ----N---- C:\WINDOWS\system32\eappgnui.dll 2009-02-26 22:31:57 ----N---- C:\WINDOWS\system32\eappcfg.dll 2009-02-26 22:31:57 ----N---- C:\WINDOWS\system32\eapp3hst.dll 2009-02-26 22:31:57 ----N---- C:\WINDOWS\system32\eapolqec.dll 2009-02-26 22:31:36 ----N---- C:\WINDOWS\system32\dot3ui.dll 2009-02-26 22:31:36 ----N---- C:\WINDOWS\system32\dot3svc.dll 2009-02-26 22:31:36 ----N---- C:\WINDOWS\system32\dot3msm.dll 2009-02-26 22:31:36 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll 2009-02-26 22:31:36 ----N---- C:\WINDOWS\system32\dot3dlg.dll 2009-02-26 22:31:35 ----N---- C:\WINDOWS\system32\dot3cfg.dll 2009-02-26 22:31:35 ----N---- C:\WINDOWS\system32\dot3api.dll 2009-02-26 22:31:26 ----N---- C:\WINDOWS\system32\dimsroam.dll 2009-02-26 22:31:25 ----N---- C:\WINDOWS\system32\dimsntfy.dll 2009-02-26 22:31:21 ----N---- C:\WINDOWS\system32\dhcpqec.dll 2009-02-26 22:31:00 ----N---- C:\WINDOWS\system32\credssp.dll 2009-02-26 22:30:03 ----N---- C:\WINDOWS\system32\bitsprx4.dll 2009-02-26 22:30:00 ----N---- C:\WINDOWS\system32\azroles.dll 2009-02-26 22:28:45 ----N---- C:\WINDOWS\system32\aaclient.dll 2009-02-26 19:31:42 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$ 2009-02-26 19:30:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$ 2009-02-26 19:29:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$ 2009-02-26 19:28:17 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$ 2009-02-26 19:26:37 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$ 2009-02-26 18:31:02 ----D---- C:\Program Files\ma-config.com 2009-02-26 18:31:01 ----D---- C:\Documents and Settings\All Users\Application Data\ma-config.com 2009-02-26 18:18:40 ----A---- C:\Documents and Settings\Administrateur\Application Data\sversion.ini 2009-02-26 16:32:37 ----D---- C:\Program Files\CCleaner 2009-02-26 16:23:04 ----D---- C:\Config.Msi 2009-02-26 01:31:10 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$ 2009-02-26 01:30:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$ 2009-02-26 01:29:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$ 2009-02-26 01:27:20 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$ 2009-02-26 01:25:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$ 2009-02-26 01:25:20 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$ 2009-02-26 01:24:05 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$ 2009-02-26 01:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$ 2009-02-26 01:21:55 ----HDC---- C:\WINDOWS\$NtUninstallKB958687_0$ 2009-02-26 01:20:56 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$ 2009-02-26 01:19:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950760$ 2009-02-26 01:18:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$ 2009-02-26 01:17:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$ 2009-02-26 01:16:10 ----HDC---- C:\WINDOWS\$NtUninstallKB938464_0$ 2009-02-26 01:12:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$ 2009-02-26 01:12:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$ 2009-02-26 01:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$ 2009-02-26 01:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$ 2009-02-26 01:08:54 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$ 2009-02-25 21:18:57 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$ 2009-02-25 20:57:15 ----A---- C:\WINDOWS\system32\winconfig.dll 2009-02-25 20:56:19 ----D---- C:\Program Files\Common Files 2009-02-06 18:52:40 ----A---- C:\WINDOWS\system32\sirenacm.dll ======List of files/folders modified in the last 1 months====== 2009-02-28 21:30:37 ----RD---- C:\Program Files 2009-02-28 20:19:06 ----SD---- C:\WINDOWS\Tasks 2009-02-28 19:15:02 ----D---- C:\WINDOWS\Temp 2009-02-28 10:34:07 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-02-28 09:01:12 ----D---- C:\WINDOWS 2009-02-27 23:50:12 ----HD---- C:\WINDOWS\inf 2009-02-27 23:50:10 ----D---- C:\WINDOWS\system32 2009-02-27 23:50:07 ----HD---- C:\WINDOWS\$hf_mig$ 2009-02-27 23:50:02 ----RSHD---- C:\WINDOWS\system32\dllcache 2009-02-27 19:17:22 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2009-02-27 19:07:31 ----D---- C:\WINDOWS\system32\CatRoot2 2009-02-27 14:45:09 ----SHD---- C:\WINDOWS\Installer 2009-02-27 14:44:08 ----D---- C:\WINDOWS\WinSxS 2009-02-27 14:42:27 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2009-02-27 14:42:26 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared 2009-02-27 14:41:43 ----RSD---- C:\WINDOWS\Fonts 2009-02-27 14:41:31 ----D---- C:\Program Files\Windows Live 2009-02-27 14:37:53 ----D---- C:\Program Files\Fichiers communs 2009-02-27 08:23:27 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-02-27 08:20:19 ----D---- C:\WINDOWS\Debug 2009-02-27 08:10:24 ----D---- C:\WINDOWS\system32\Setup 2009-02-27 08:10:24 ----D---- C:\WINDOWS\AppPatch 2009-02-27 08:10:23 ----D---- C:\WINDOWS\system32\wbem 2009-02-27 08:10:08 ----D---- C:\WINDOWS\system32\drivers 2009-02-27 02:40:15 ----D---- C:\WINDOWS\system32\CatRoot 2009-02-27 02:08:54 ----D---- C:\WINDOWS\security 2009-02-27 01:15:21 ----D---- C:\WINDOWS\ServicePackFiles 2009-02-27 01:15:10 ----D---- C:\WINDOWS\EHome 2009-02-27 01:14:53 ----D---- C:\WINDOWS\system32\inetsrv 2009-02-27 01:14:51 ----D---- C:\WINDOWS etwork diagnostic 2009-02-27 01:14:49 ----D---- C:\WINDOWS\ime 2009-02-27 01:14:44 ----D---- C:\WINDOWS\Help 2009-02-27 01:13:08 ----D---- C:\WINDOWS\system32\fr-fr 2009-02-27 01:13:06 ----D---- C:\WINDOWS\system32\usmt 2009-02-27 01:12:36 ----D---- C:\WINDOWS\system32\bits 2009-02-27 01:12:35 ----D---- C:\WINDOWS\peernet 2009-02-27 01:12:33 ----D---- C:\Program Files\Movie Maker 2009-02-27 00:53:43 ----D---- C:\WINDOWS\system32\Restore 2009-02-27 00:53:42 ----D---- C:\WINDOWS\system32 pp 2009-02-27 00:53:33 ----D---- C:\WINDOWS\msagent 2009-02-27 00:53:26 ----D---- C:\WINDOWS\srchasst 2009-02-27 00:53:21 ----D---- C:\Program Files\NetMeeting 2009-02-27 00:53:14 ----D---- C:\WINDOWS\system32\Com 2009-02-27 00:53:01 ----D---- C:\Program Files\Windows Media Player 2009-02-27 00:52:58 ----D---- C:\Program Files\Windows NT 2009-02-27 00:52:57 ----D---- C:\Program Files\Outlook Express 2009-02-27 00:52:34 ----D---- C:\Program Files\Fichiers communs\System 2009-02-27 00:51:09 ----D---- C:\WINDOWS\system32\oobe 2009-02-27 00:50:58 ----D---- C:\WINDOWS\system 2009-02-27 00:36:56 ----D---- C:\WINDOWS\system32\ReinstallBackups 2009-02-26 22:20:25 ----D---- C:\Program Files\Google 2009-02-26 22:20:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google 2009-02-26 18:32:47 ----SD---- C:\WINDOWS\Downloaded Program Files 2009-02-26 17:39:37 ----D---- C:\Program Files\ComPlus Applications 2009-02-26 16:46:46 ----RD---- C:\WINDOWS\Web 2009-02-26 16:32:38 ----D---- C:\WINDOWS\system32\LogFiles 2009-02-26 16:31:31 ----D---- C:\Program Files\Internet Explorer 2009-02-26 01:13:38 ----D---- C:\WINDOWS\ie7updates 2009-02-25 23:09:29 ----A---- C:\WINDOWS\BM971c93c9.txt 2009-02-25 23:09:24 ----ASH---- C:\WINDOWS\system32\yabeg.ini 2009-02-25 23:07:45 ----ASH---- C:\WINDOWS\system32\yabeg.ini2 2009-02-25 22:14:34 ----A---- C:\WINDOWS\pskt.ini 2009-02-25 22:14:24 ----A---- C:\icon.txt 2009-02-25 21:10:42 ----D---- C:\Program Files\Fichiers communs\Symantec Shared 2009-02-25 21:03:46 ----D---- C:\Documents and Settings\Administrateur\Application Data\Adobe 2009-02-25 15:17:16 ----A---- C:\WINDOWS\system32\mcrh.tmp ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2006-12-21 31560] R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2008-04-14 41856] R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2007-01-15 43176] R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS cpip6.sys [2008-06-20 225856] R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2006-12-21 94424] R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS wlnkipx.sys [2008-04-13 88320] R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS wlnknb.sys [2002-08-30 63232] R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS wlnkspx.sys [2002-08-30 55936] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-01-10 695852] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2007-01-15 23352] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 ENE;ENE; C:\WINDOWS\System32\DRIVERS\EMCR7SK.sys [2002-12-23 79392] R3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\System32\DRIVERS\fetnd5.sys [2001-08-17 27165] R3 Mtlmnt5;Mtlmnt5; C:\WINDOWS\System32\DRIVERS\Mtlmnt5.sys [2003-02-05 210128] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS ic1394.sys [2008-04-13 61824] R3 S3Psddr;S3Psddr; C:\WINDOWS\System32\DRIVERS\s3gnbm.sys [2002-12-13 159744] R3 Slntamr;SmartLink AMR_PCI Driver; C:\WINDOWS\System32\DRIVERS\slntamr.sys [2003-02-05 506912] R3 SlWdmSup;SlWdmSup; C:\WINDOWS\System32\DRIVERS\SlWdmSup.sys [2003-01-16 39348] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2002-10-25 265872] R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS unmp.sys [2008-04-13 12288] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608] S2 MTC0003_STDSB;Scroll Bar Driver; C:\WINDOWS\System32\STDSB.sys [] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288] S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944] S3 Mtlstrm;Mtlstrm; C:\WINDOWS\System32\DRIVERS\Mtlstrm.sys [2003-02-05 1290760] S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 NtMtlFax;NtMtlFax; C:\WINDOWS\System32\DRIVERS\NtMtlFax.sys [2003-02-05 162136] S3 nv;nv; C:\WINDOWS\System32\DRIVERS v4_mini.sys [2004-08-04 1897408] S3 RecAgent;recagent; \??\C:\WINDOWS\System32\DRIVERS\RecAgent.sys [] S3 SlNtHal;SlNtHal; C:\WINDOWS\System32\DRIVERS\Slnthal.sys [2003-02-17 85552] S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 wlags48d;Agere Wireless PCCard Service; C:\WINDOWS\System32\DRIVERS\wlags48d.sys [2003-07-07 153088] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 WINIO;WINIO; \??\C:\WINDOWS\system32\winio.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2007-01-15 59008] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2007-01-15 132736] R2 SLService;SmartLinkService; C:\WINDOWS\system32\slserv.exe [2003-01-16 45056] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2007-01-15 255616] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2007-01-15 370304] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-26 182768] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016] -----------------EOF----------------- et voila le rapport info.txt info.txt logfile of random's system information tool 1.05 2009-02-28 21:49:18 ======Uninstall list====== -->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu -->C:\WINDOWS\Modio\SLAMR2KO\Setup.exe /Remove -->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf -->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Display' -->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Gamma2' -->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Info2' -->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Overlay' 7-Zip 4.32-->"C:\Program Files\7-Zip\Uninstall.exe" Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 7.0.9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A70900000002} Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} avast! Antivirus-->rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" G5Ens -->MsiExec.exe /X{3AEB9DE6-A7A5-4357-8D19-FD16BF232E90} HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" IEEE 802.11b Wireless LAN-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2EF3DC93-D2DA-4930-BE53-28A8A5DB2BB3} Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000} Java Runtime Environment 1.1-->C:\WINDOWS\uninst.exe -f"C:\Program Files\JavaSoft\JRE\1.1\lib\DeIsL1.isu" Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Ma-Config.com-->MsiExec.exe /X{8AFB8FC4-3EBA-4C67-943F-CF43DB2180F1} Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe" PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" REMOVE Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" ======Security center information====== AV: avast! antivirus 4.7.942 [VPS 090227-0] System event log Computer Name: PC-000000000 Event Code: 7000 Message: Le service WINIO n'a pas pu démarrer en raison de l'erreur : Le fichier spécifié est introuvable. Record Number: 114309 Source Name: Service Control Manager Time Written: 20090228211858.000000+060 Event Type: erreur User: Computer Name: PC-000000000 Event Code: 7000 Message: Le service WINIO n'a pas pu démarrer en raison de l'erreur : Le fichier spécifié est introuvable. Record Number: 114308 Source Name: Service Control Manager Time Written: 20090228211858.000000+060 Event Type: erreur User: Computer Name: PC-000000000 Event Code: 7000 Message: Le service WINIO n'a pas pu démarrer en raison de l'erreur : Le fichier spécifié est introuvable. Record Number: 114307 Source Name: Service Control Manager Time Written: 20090228211857.000000+060 Event Type: erreur User: Computer Name: PC-000000000 Event Code: 7000 Message: Le service WINIO n'a pas pu démarrer en raison de l'erreur : Le fichier spécifié est introuvable. Record Number: 114306 Source Name: Service Control Manager Time Written: 20090228211856.000000+060 Event Type: erreur User: Computer Name: PC-000000000 Event Code: 7000 Message: Le service WINIO n'a pas pu démarrer en raison de l'erreur : Le fichier spécifié est introuvable. Record Number: 114305 Source Name: Service Control Manager Time Written: 20090228211856.000000+060 Event Type: erreur User: Application event log Computer Name: PC-000000000 Event Code: 100 Message: MsnMsgr (1784) Le moteur de base de données 5.01.2600.2780 est démarré. Record Number: 618 Source Name: ESENT Time Written: 20090225210330.000000+060 Event Type: Informations User: Computer Name: PC-000000000 Event Code: 12001 Message: Record Number: 617 Source Name: usnjsvc Time Written: 20090225210322.000000+060 Event Type: User: Computer Name: PC-000000000 Event Code: 2 Message: Récupération de la mise à jour automatique du fichier CAB de la liste racine tierce partie réussie à partir de : < Record Number: 616 Source Name: crypt32 Time Written: 20090225210204.000000+060 Event Type: Informations User: Computer Name: PC-000000000 Event Code: 7 Message: Récupération de la mise à jour automatique du numéro de séquence de la liste racine tierce partie réussie à partir de : < Record Number: 615 Source Name: crypt32 Time Written: 20090225210204.000000+060 Event Type: Informations User: Computer Name: PC-000000000 Event Code: 1002 Message: L'environnement s'est arrêté de façon inattendue et Explorer.exe a redémarré. Record Number: 614 Source Name: Winlogon Time Written: 20090225205632.000000+060 Event Type: Informations User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "windir"=%SystemRoot% "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=0801 "NUMBER_OF_PROCESSORS"=1 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "FP_NO_HOST_CHECK"=NO -----------------EOF-----------------

Destrio5 · Answer

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous : 





:processes
explorer.exe 

:files 
C:\WINDOWS	asks\At1.job 
C:\WINDOWS	asks\At2.job 
C:\WINDOWS	asks\At3.job     
C:\WINDOWS\system32\winconfig.dll 
C:\WINDOWS\system32\mcrh.tmp 
C:\WINDOWS\pskt.ini 
C:\WINDOWS\system32\yabeg.ini2 
C:\WINDOWS\system32\yabeg.ini     
C:\WINDOWS\BM971c93c9.txt     

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B4868E3-767E-4A1C-A792-3CC451BA8CAC}] 
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}] 
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WL]   
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjgdeb] 
[HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\lsa]
"Authentication Packages"= hex(7):6d,73,76,31,5f,30,00,00

:commands
[purity]
[emptytemp]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

gagounette26 · Answer

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder C:\WINDOWS	asks\At1.job not found.
File/Folder C:\WINDOWS	asks\At2.job not found.
File/Folder C:\WINDOWS	asks\At3.job not found.
File/Folder C:\WINDOWS\system32\winconfig.dll not found.
File/Folder C:\WINDOWS\system32\mcrh.tmp not found.
File/Folder C:\WINDOWS\pskt.ini not found.
File/Folder C:\WINDOWS\system32\yabeg.ini2 not found.
File/Folder C:\WINDOWS\system32\yabeg.ini not found.
File/Folder C:\WINDOWS\BM971c93c9.txt not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B4868E3-767E-4A1C-A792-3CC451BA8CAC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D263FA6D-84CC-48A8-9AF6-C664362B7A5B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WL\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjgdeb\ deleted successfully.
HKEY_LOCAL_MACHINE\system\CurrentControlSet\Control\lsa\"Authentication Packages"| hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS	emp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS	emp\Perflib_Perfdata_27c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Temp folders emptied.
 
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02282009_224806

Destrio5 · Answer

Bien.

---> Refais un scan RSIT et poste le rapport log.

gagounette26 · Answer

Logfile of random's system information tool 1.05 (written by random/random)
Run by utilisateur at 2009-02-28 22:59:39
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 7 GB (50%) free of 14 GB
Total RAM: 223 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:00:53, on 28/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\icon.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\utilisateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Internet Explorer CG13
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\icon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

Destrio5 · Answer

---> Fais analyser le fichier suivant :  C:\WINDOWS\system32\icon.exe     

---> Sur VirusTotal et poste le lien de l'analyse.

gagounette26 · Answer

http://www.virustotal.com/fr/analisis/88669b6d9ca3074902a96b9fbf85895a

Destrio5 · Answer

1/

---> Désinstalle les programmes suivants :
- Java 2 Runtime Environment, SE v1.4.2
- Java Runtime Environment 1.1

---> Mets à jour Java.

---> Mets à jour Adobe Reader.


2/

---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
---> Sélectionne Exécuter un examen rapide.
---> Clique sur Rechercher. L'analyse démarre.

A la fin de l'analyse, un message s'affiche :

L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
---> Ferme tes navigateurs.
Si des malwares ont été détectés, clique sur Afficher les résultats.
---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.

gagounette26 · Answer

excuses moi mais quand je double clic sur Malwarebytes  une fenetre s affiche et me dis qu il est deja en cours dexecution mais moi je l ai pas mise a part en icone sur le bureau que dois je faire???

Destrio5 · Answer

Redémarre et réessaie.

gagounette26 · Answer

ok je vais le faire de suite par contre je voulai te dire que maintenant quand j ouvre une page internet j ai plus le message en anaglais de antivirus 360 donc je pense que c est bon signe

gagounette26 · Answer

re alors apres avoir redemarrer le pc c est identique quand je clic sur Malwarebytes il me dit qu il est deja en cours d application

Destrio5 · Answer

A ce moment-là, fais le scan en mode sans échec :

---> Pour redémarrer en mode sans échec :
- Redémarre ton PC.
- Au démarrage, tapote sur F8 (F5 sur certains PC) juste après l'affichage du BIOS et juste avant le chargement de Windows.
- Dans le menu d'options avancées, choisis Mode sans échec.
- Choisis ta session.

gagounette26 · Answer

bon j abandonne pour aujourd hui car la fatigue se fait sentir et je commence a faire que des betises avec le pc lol
je te remercie pour ton aide et quand penses tu etre de nouveau sur le site pour qu on continue a essayer de me débarasser de ce fichu virus???
en tout cas bonne nuit a toi
gaelle

Destrio5 · Answer

Bonne nuit, je serai là demain.

gagounette26 · Answer

re bonjour alors apres une bonne nuit j ai enfin reussi donc voila le rapport de Malwarebytes


Malwarebytes' Anti-Malware 1.34
Version de la base de données: 1813
Windows 5.1.2600 Service Pack 3

01/03/2009 12:49:07
mbam-log-2009-03-01 (12-49-07).txt

Type de recherche: Examen rapide
Eléments examinés: 58303
Temps écoulé: 19 minute(s), 0 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 17
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9b4868e3-767e-4a1c-a792-3cc451ba8cac} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d263fa6d-84cc-48a8-9af6-c664362b7a5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9b4868e3-767e-4a1c-a792-3cc451ba8cac} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\BM971c93c9.xml (Trojan.Vundo) -> Quarantined and deleted successfully.

Destrio5 · Answer

---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Refais un scan RSIT et poste le rapport log.

gagounette26 · Answer

Logfile of random's system information tool 1.05 (written by random/random)
Run by utilisateur at 2009-03-01 17:56:00
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 7 GB (49%) free of 14 GB
Total RAM: 223 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:04, on 01/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\icon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\utilisateur.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fourni par Internet Explorer CG13
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [icon] C:\WINDOWS\system32\icon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: SmartLinkService (SLService) -   - C:\WINDOWS\SYSTEM32\slserv.exe

Destrio5 · Answer

---> Désinstalle Avast.

---> Installe Antivir et mets-le à jour.

---> Double-clique sur l'icône d'Antivir (Parapluie) dans la barre des tâches.

---> Dans Antivir, choisis Outils puis Configuration.

---> Coche Mode Expert et coche Rech. Rootkit au dém. de la recherche à droite dans Autres réglages.

---> Fais un scan complet et poste le rapport.

gagounette26 · Answer

Avira AntiVir Personal
Report file date: dimanche 1 mars 2009  19:04

Scanning for 1271369 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 3)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    PC-000000000

Version information:
BUILD.DAT     : 8.2.0.337      16934 Bytes  18/11/2008 13:05:00
AVSCAN.EXE    : 8.1.4.10      315649 Bytes  18/11/2008 08:21:26
AVSCAN.DLL    : 8.1.4.0        40705 Bytes  26/05/2008 07:56:40
LUKE.DLL      : 8.1.4.5       164097 Bytes  12/06/2008 12:44:19
LUKERES.DLL   : 8.1.4.0        12033 Bytes  26/05/2008 07:58:52
ANTIVIR0.VDF  : 7.1.0.0     15603712 Bytes  27/10/2008 11:30:36
ANTIVIR1.VDF  : 7.1.2.12     3336192 Bytes  11/02/2009 17:51:52
ANTIVIR2.VDF  : 7.1.2.55      248832 Bytes  20/02/2009 17:51:53
ANTIVIR3.VDF  : 7.1.2.96      190976 Bytes  28/02/2009 17:51:55
Engineversion : 8.2.0.98  
AEVDF.DLL     : 8.1.1.0       106868 Bytes  01/03/2009 17:52:08
AESCRIPT.DLL  : 8.1.1.56      352634 Bytes  01/03/2009 17:52:06
AESCN.DLL     : 8.1.1.7       127347 Bytes  01/03/2009 17:52:05
AERDL.DLL     : 8.1.1.3       438645 Bytes  04/11/2008 13:58:38
AEPACK.DLL    : 8.1.3.8       397684 Bytes  01/03/2009 17:52:05
AEOFFICE.DLL  : 8.1.0.36      196987 Bytes  01/03/2009 17:52:03
AEHEUR.DLL    : 8.1.0.100    1618295 Bytes  01/03/2009 17:52:00
AEHELP.DLL    : 8.1.2.2       119158 Bytes  01/03/2009 17:51:58
AEGEN.DLL     : 8.1.1.22      336245 Bytes  01/03/2009 17:51:57
AEEMU.DLL     : 8.1.0.9       393588 Bytes  14/10/2008 10:05:56
AECORE.DLL    : 8.1.6.6       176501 Bytes  01/03/2009 17:51:56
AEBB.DLL      : 8.1.0.3        53618 Bytes  14/10/2008 10:05:56
AVWINLL.DLL   : 1.0.0.12       15105 Bytes  09/07/2008 08:40:05
AVPREF.DLL    : 8.0.2.0        38657 Bytes  16/05/2008 09:28:01
AVREP.DLL     : 8.0.0.2        98344 Bytes  31/07/2008 12:02:15
AVREG.DLL     : 8.0.0.1        33537 Bytes  09/05/2008 11:26:40
AVARKT.DLL    : 1.0.0.23      307457 Bytes  12/02/2008 08:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes  12/06/2008 12:27:49
SQLITE3.DLL   : 3.3.17.1      339968 Bytes  22/01/2008 17:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes  12/06/2008 12:49:40
NETNT.DLL     : 8.0.0.1         7937 Bytes  25/01/2008 12:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes  12/06/2008 13:48:07
RCTEXT.DLL    : 8.0.52.0       86273 Bytes  27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, E:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 1 mars 2009  19:04

Starting search for hidden objects.
c:\windows\system32\winio.sys
    [INFO]      The registry entry is invisible.
    [WARNING]   The file could not be copied to the quarantine directory.
    [WARNING]   Error in ARK lib
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winio
    [INFO]      The registry entry is invisible.
'54753' objects were checked, '2' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'Icon.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
Master boot sector HD1
    [INFO]      No virus was found!
    [WARNING]   System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'E:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '49' files ).


Starting the file scan:

Begin scan in 'C:\' <O13_System>
C:\pagefile.sys
    [WARNING]   The file could not be opened!
Begin scan in 'E:\'


End of the scan: dimanche 1 mars 2009  21:28
Used time:  2:24:48 Hour(s)

The scan has been done completely.

   2975 Scanning directories
 171545 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      1 Files cannot be scanned
 171544 Files not concerned
   6684 Archives were scanned
      3 Warnings
      0 Notes
  54753 Objects were scanned with rootkit scan
      2 Hidden objects were found

Destrio5 · Answer

Ton PC va bien ?

---> Désactive ton antivirus le temps de la manipulation car OTMoveIt3 est détecté comme une infection à tort.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau.

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous : 





:processes
explorer.exe 

:services
WINIO

:commands
[purity]
[emptytemp]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

gagounette26 · Answer

non il rame grave depuis que j y est installé antivir c est normal???

Destrio5 · Answer

Si tu as laissé Antivir + Avast, c'est normal.

Pc infecter par antivirus 360 rapport hijackt

25 réponses

Newsletters