Bonjour, voilà , mon pc est infecte par le virus em8tqm.cmd dont l'anti virus n'a pas pu le supprimer , merci de m'aider à me debarasser de cette ordure , @+++

Virus em8 tqm [Résolu]

Réponse 1 / 11

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

slt,

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

figman Messages postés 806 Statut Membre 8

re...

je l'ai fait deja voilà les rapports ,

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-03-30 11:30:01
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 24 GB (60%) free of 40 GB
Total RAM: 959 MB (63% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
BHO pour Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-13 256792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{147D6308-0614-4112-89B1-31402F9B82C4} - Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-13 256792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2006-07-10 176128]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-10 40048]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-12-18 16062464]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-06-24 155648]
"WinampAgent"=C:\Program Files\Winamp\Winampa.exe [2001-04-30 10752]
"Athan"=C:\Program Files\Athan\Athan.exe [2005-09-11 937984]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2002-09-06 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe [2004-06-03 32881]
"S7UB Start"=C:\Program Files\Fichiers communs\Siemens\S7ubtoox\s7ubtstx.exe [2003-12-17 110645]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"E07FDXRC_21537625"=E:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE [2006-06-13 351000]
"cdoosoft"=C:\WINDOWS\system32\olhrwef.exe [2002-03-25 109692]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 240128]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSMBalloonTip"=0
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NofolderOptions"=0
"NoFind"=0
"NoRun"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=
"NoFolderOptions"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Fichiers communs\Siemens\SQLANY\dbsrv7.exe"="C:\Program Files\Fichiers communs\Siemens\SQLANY\dbsrv7.exe:*:Enabled:Adaptive Server Anywhere Network Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3260614d-1c73-11de-aa38-001bb98a270d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{546b9d39-fdc2-11dc-a8ca-001bb98a270d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5695c2fa-1c64-11de-aa37-001bb98a270d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7948f00a-fb73-11dc-a8c9-001bb98a270d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abc294af-1ba3-11de-aa35-001bb98a270d}]
shell\AutoRun\command - G:\start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abc294b3-1ba3-11de-aa35-001bb98a270d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5296a86-63b9-11dd-a94e-001bb98a270d}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

======List of files/folders created in the last 1 months======

2009-03-30 11:30:01 ----D---- C:\rsit
2009-03-30 09:03:06 ----RSH---- C:\em8tqm.cmd
2009-03-29 09:16:52 ----D---- C:\Program Files\Total Video Converter
2009-03-29 08:39:15 ----RSH---- C:\WINDOWS\system32\olhrwef.exe
2009-03-29 08:39:15 ----RSH---- C:\WINDOWS\system32\nmdfgds0.dll
2009-03-16 12:58:38 ----SHD---- C:\RECYCLER
2009-03-16 12:57:07 ----D---- C:\WINDOWS\temp
2009-03-16 12:51:55 ----A---- C:\WINDOWS\NIRCMD.exe
2009-03-16 12:35:33 ----A---- C:\WINDOWS\zip.exe
2009-03-16 12:35:33 ----A---- C:\WINDOWS\VFIND.exe
2009-03-16 12:35:33 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-03-16 12:35:33 ----A---- C:\WINDOWS\SWSC.exe
2009-03-16 12:35:33 ----A---- C:\WINDOWS\SWREG.exe
2009-03-16 12:35:33 ----A---- C:\WINDOWS\sed.exe
2009-03-16 12:35:33 ----A---- C:\WINDOWS\grep.exe
2009-03-16 12:35:33 ----A---- C:\WINDOWS\fdsv.exe
2009-03-16 12:35:31 ----D---- C:\WINDOWS\ERDNT
2009-03-16 12:17:40 ----D---- C:\Program Files\FindyKill
2009-03-15 14:55:54 ----D---- C:\Program Files\trend micro
2009-03-10 10:41:01 ----D---- C:\Program Files\Avira
2009-03-10 10:41:01 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-03-04 11:11:49 ----D---- C:\Program Files\Fichiers communs\SWF Studio
2009-03-04 10:33:28 ----D---- C:\dalel v1
2009-03-04 09:50:40 ----D---- C:\Program Files\directx
2009-03-03 08:37:41 ----D---- C:\Documents and Settings\Administrateur\Application Data\DivX

======List of files/folders modified in the last 1 months======

2009-03-30 08:58:00 ----D---- C:\WINDOWS\Prefetch
2009-03-30 08:46:21 ----D---- C:\WINDOWS\system32\drivers
2009-03-30 08:46:21 ----D---- C:\WINDOWS\system32
2009-03-29 15:49:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-29 15:48:40 ----SHD---- C:\WINDOWS\CSC
2009-03-29 12:50:13 ----D---- C:\WINDOWS
2009-03-29 10:06:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-29 09:16:54 ----RSD---- C:\WINDOWS\Fonts
2009-03-29 09:16:52 ----SD---- C:\Program Files
2009-03-22 07:58:08 ----SHD---- C:\System Volume Information
2009-03-18 11:14:25 ----D---- C:\WINDOWS\lhsp
2009-03-16 14:47:00 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-03-16 12:55:27 ----A---- C:\WINDOWS\system.ini
2009-03-16 12:53:25 ----D---- C:\WINDOWS\AppPatch
2009-03-16 12:53:23 ----D---- C:\Program Files\Fichiers communs
2009-03-16 12:52:49 ----D---- C:\WINDOWS\system
2009-03-16 10:00:06 ----A---- C:\WINDOWS\system32\ScrUnZip.dll
2009-03-04 14:11:45 ----SHD---- C:\WINDOWS\Installer
2009-03-04 14:11:40 ----D---- C:\Config.Msi
2009-03-04 14:11:21 ----HD---- C:\WINDOWS\inf
2009-03-04 14:11:20 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-04 14:08:48 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 40320]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-03 223616]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-24 12032]
R2 Dpmtrcdd;Dpmtrcdd; C:\WINDOWS\System32\DRIVERS\dpmtrcdd.sys [2003-10-16 30192]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-24 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-24 55936]
R2 scpdrv;scpdrv; \??\C:\PROGRAM FILES\FICHIERS COMMUNS\SIEMENS\SWS\PLUGINS\SCP\scpdrv.sys []
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-11-16 42496]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-21 4405248]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-03-26 47360]
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-08-02 264192]
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 s7oefs_x;SIMATIC MPI/EFS Driver; C:\WINDOWS\System32\drivers\s7oefs_x.sys [2002-10-18 30512]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-11-02 76672]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-11-02 82560]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2003-04-01 46080]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 almservice;Automation License Key Service; C:\Program Files\Fichiers communs\Siemens\sws\almsrv\almsrvx.exe [2004-04-02 483392]
S2 UPSMONService;UPSMONService; C:\Program Files\UPSMON\UPSMON_Service.Exe [2005-03-22 368128]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-10 827392]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-03-30 11:30:03

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Allah Remembrance Screen Saver-->C:\WINDOWS\system32\RemoveScr.exe Allah Remembrance
ALMOGHNY-->F:\PROGRA~1\ANHARE~1\UNWISE.EXE F:\PROGRA~1\ANHARE~1\INSTALL.LOG
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Athan Basic 3.0 -->C:\WINDOWS\iun6002.exe "C:\Program Files\Athan\irunin.ini"
Automation License Manager V1.1-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\SIEMENS\Automation License Manager\DeIsL1.isu" -c"C:\WINDOWS\system32\S7esetdx.dll
AutoSketch-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Autodesk\AutoSketch\DeIsL1.isu"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\setup.exe /REMOVE
C-Dilla Licence Management System-->C:\C_DILLA\setup\cdunin16.exe
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Complément Office 2007 - Microsoft Enregistrer en tant que PDF ou XPS (Beta)-->MsiExec.exe /X{30120000-00B2-040C-0000-0000000FF1CE}
Disc2Phone-->MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Festo - Catalogue pneumatique-->MsiExec.exe /I{9343AF8F-92DC-4688-9E70-394B6963B9E1}
FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
FlashDiskManager V1.2.6-->"C:\Program Files\FlashDiskManager\uninstall.exe"
Guide de référence LQ590 LQ2090-->C:\Program Files\EPSON\TPMANUAL\LQ590 LQ2090\REF_G\DOCUNINS.EXE
HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
K-Lite Codec Pack 4.0.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Lettres Général V2.0-->C:\WINDOWS\iun6002.exe "D:\Program Files\Ariss\Dictionaries\Lettres Général V2.0\irunin.ini"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Encarta 2007 - Collection-->MsiExec.exe /I{07180000-E9B4-4DF6-A845-CAAFD093E477}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Speech Recognition Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mscsrgpc.inf, Uninstall.NT
Mjuice Components-->"C:\Program Files\MJuice Media Player\MJUninst.exe"
MP3 Player Utilities 5.09-->MsiExec.exe /I{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Pack Vista Inspirat 1.1-->C:\WINDOWS\BricoPacks\Vista Inspirat\Remove.exe
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
POSITool-->C:\PROGRA~1\POSI-T~1\UNWISE.EXE C:\PROGRA~1\POSI-T~1\INSTALL.LOG
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653} /l1036
Rainy Screensaver 2.2.17-->C:\Program Files\Rainy Screensaver\Uninstall.exe C:\WINDOWS\system32\RainySs.scr /uninstall
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
SIMATIC STEP 7 V5.3 + HF2 Professional-->MsiExec.exe /I{9A09E05E-0389-4E98-9048-BB55F25DDB4A}
SIMATIC S7-GRAPH V5.3 Professional-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Siemens\Step7\S7gr7\DeIsL1.isu" -c"C:\WINDOWS\system32\S7esetdx.dll
SIMATIC S7-PLCSIM V5.3 Professional-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Siemens\Plcsim\S7WSI\DeIsL1.isu" -c"C:\WINDOWS\system32\S7esetdx.dll
SIMATIC S7-SCL V5.3 Professional-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Siemens\Step7\S7scl\DeIsL1.isu" -c"C:\WINDOWS\system32\S7esetdx.dll
Sony Ericsson PC Suite 1.20.173-->MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
Total Video Converter 3.02-->"C:\Program Files\Total Video Converter\unins000.exe"
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Universalis 10-->MsiExec.exe /I{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
VIA Platform Device Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver 6.14.10.0326-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
Video Convert Master Trial Version (English) 8.0.4.20-->"C:\Program Files\Video Convert Master\unins000.exe"
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vista Start Menu-->C:\Program Files\Vista Start Menu\uninstall.exe
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
ÇáÞÇãæÓ ãÊÚÏÏ ÇááÛÇÊ-->C:\WINDOWS\iun506.exe C:\Program Files\MEDIA_PRO_dic\irunin.ini

======Security center information======

AV: Avira AntiVir PersonalEdition Classic (outdated)

System event log

Computer Name: ALUMET
Event Code: 3100
Message: Le pilote de l'édition Développeur IPv6 Microsoft a été démarré.

Record Number: 8390
Source Name: Tcpip6
Time Written: 20090117081013.000000-300
Event Type: information
User:

Computer Name: ALUMET
Event Code: 10
Message: Ce lecteur ne semble pas prendre en charge la lecture audio numérique.

Record Number: 8389
Source Name: redbook
Time Written: 20090117081013.000000-300
Event Type: information
User:

Computer Name: ALUMET
Event Code: 7036
Message: Le service Service de la passerelle de la couche Application est entré dans l'état : en cours d'exécution.

Record Number: 8388
Source Name: Service Control Manager
Time Written: 20090117081011.000000-300
Event Type: information
User:

Computer Name: ALUMET
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de la passerelle de la couche Application.

Record Number: 8387
Source Name: Service Control Manager
Time Written: 20090117081011.000000-300
Event Type: information
User: AUTORITE NT\SYSTEM

Computer Name: ALUMET
Event Code: 7036
Message: Le service NLA (Network Location Awareness) est entré dans l'état : en cours d'exécution.

Record Number: 8386
Source Name: Service Control Manager
Time Written: 20090117081010.000000-300
Event Type: information
User:

Application event log

Computer Name: ALUMET
Event Code: 18
Message: DataBase - OpenWithServiceComponents failed with 0x80004005.

Record Number: 2036
Source Name: Automation License Key Service
Time Written: 20081117091629.000000-300
Event Type: error
User:

Computer Name: ALUMET
Event Code: 18
Message: API = DataBase thread: InitDataBase failed (0x80004005), error code = 0, message = Opération réussie.
.

Record Number: 2035
Source Name: Automation License Key Service
Time Written: 20081117091629.000000-300
Event Type: error
User:

Computer Name: ALUMET
Event Code: 18
Message: DataBase - OpenWithServiceComponents failed with 0x80004005.

Record Number: 2034
Source Name: Automation License Key Service
Time Written: 20081117091629.000000-300
Event Type: error
User:

Computer Name: ALUMET
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 2033
Source Name: SecurityCenter
Time Written: 20081117091629.000000-300
Event Type: information
User:

Computer Name: ALUMET
Event Code: 1
Message: "Automation License Key Service" started successfully.

Record Number: 2032
Source Name: Automation License Key Service
Time Written: 20081117091629.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Fichiers communs\Siemens\Sqlany;C:\Program Files\Siemens\Step7\S7bin;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SQLANY"=C:\Program Files\Fichiers communs\Siemens\Sqlany
"S7TMP"=C:\Program Files\Siemens\Step7\S7Tmp
"CLASSPATH"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

merci @+++

Réponse 2 / 11

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

branche tous tes disques externes! clé usb, disque dur ....

c'est l'ordi du boulot? il est sur le net ou pas?

______________
puis

Pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

_________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
C:\WINDOWS\system32\olhrwef.exe
C:\em8tqm.cmd
C:\WINDOWS\system32\olhrwef.exe
C:\WINDOWS\system32\nmdfgds0.dll
C:\RECYCLER
G:\start.exe
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"cdoosoft"=
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3260614d-1c73-11de-aa38-001bb98a270d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{546b9d39-fdc2-11dc-a8ca-001bb98a270d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5695c2fa-1c64-11de-aa37-001bb98a270d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7948f00a-fb73-11dc-a8c9-001bb98a270d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abc294af-1ba3-11de-aa35-001bb98a270d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{abc294b3-1ba3-11de-aa35-001bb98a270d}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5296a86-63b9-11dd-a94e-001bb98a270d}]

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

__________________________

Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus

# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!

_________________________

Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Double-clique sur l’icône.
Les icônes vont disparaître. C’est normal.
Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite
Redémarre ensuite le PC.

_________________

remets un rapport RSIt tout neuf

figman Messages postés 806 Statut Membre 8

re

oui c'est le pc deu boulot et il est pas branché sur le net , mais je vais telecharger tout ça dans ma clé usb

@+++

Réponse 3 / 11

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

avant ouverture de ta clé passe un coup de RAV et flash disinfector sur le pc où tu vas la brancher car sinon il sera aussi touché!

figman Messages postés 806 Statut Membre 8

re

ça marche pas ce lien ...http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

par contre voilà les rapports rsit,

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrateur at 2009-03-30 15:07:23
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 24 GB (60%) free of 40 GB
Total RAM: 959 MB (65% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{955BE0B8-BC85-4CAF-856E-8E0D8B610560}]
BHO pour Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-13 256792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{147D6308-0614-4112-89B1-31402F9B82C4} - Compagnon Web Encarta - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL [2006-06-13 256792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2006-07-10 176128]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-10 40048]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-12-18 16062464]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-06-24 155648]
"WinampAgent"=C:\Program Files\Winamp\Winampa.exe [2001-04-30 10752]
"Athan"=C:\Program Files\Athan\Athan.exe [2005-09-11 937984]
"IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE [2002-09-06 44032]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2004-08-03 59392]
"SunJavaUpdateSched"=C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe [2004-06-03 32881]
"S7UB Start"=C:\Program Files\Fichiers communs\Siemens\S7ubtoox\s7ubtstx.exe [2003-12-17 110645]
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2005-10-26 159744]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-03 15360]
"E07FDXRC_21537625"=E:\Program Files\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE [2006-06-13 351000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-03 240128]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-05-09 52224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSMBalloonTip"=0
"NoResolveTrack"=1
"NoResolveSearch"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDriveAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Fichiers communs\Siemens\SQLANY\dbsrv7.exe"="C:\Program Files\Fichiers communs\Siemens\SQLANY\dbsrv7.exe:*:Enabled:Adaptive Server Anywhere Network Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2009-03-30 15:06:35 ----D---- C:\rsit
2009-03-30 14:13:57 ----SHD---- C:\RECYCLER
2009-03-30 14:08:27 ----D---- C:\WINDOWS\temp
2009-03-30 14:05:34 ----A---- C:\WINDOWS\NIRCMD.exe
2009-03-30 14:05:32 ----D---- C:\ComboFix
2009-03-30 14:03:58 ----AD---- C:\Qoobox
2009-03-30 11:32:27 ----D---- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2009-03-30 11:32:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-30 11:32:21 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-29 09:16:52 ----D---- C:\Program Files\Total Video Converter
2009-03-16 12:35:33 ----A---- C:\WINDOWS\zip.exe
2009-03-16 12:35:33 ----A---- C:\WINDOWS\VFIND.exe
2009-03-16 12:35:33 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-03-16 12:35:33 ----A---- C:\WINDOWS\SWSC.exe
2009-03-16 12:35:33 ----A---- C:\WINDOWS\SWREG.exe
2009-03-16 12:35:33 ----A---- C:\WINDOWS\sed.exe
2009-03-16 12:35:33 ----A---- C:\WINDOWS\grep.exe
2009-03-16 12:35:33 ----A---- C:\WINDOWS\fdsv.exe
2009-03-16 12:35:31 ----D---- C:\WINDOWS\ERDNT
2009-03-16 12:17:40 ----D---- C:\Program Files\FindyKill
2009-03-15 14:55:54 ----D---- C:\Program Files\trend micro
2009-03-10 10:41:01 ----D---- C:\Program Files\Avira
2009-03-10 10:41:01 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-03-04 11:11:49 ----D---- C:\Program Files\Fichiers communs\SWF Studio
2009-03-04 10:33:28 ----D---- C:\dalel v1
2009-03-04 09:50:40 ----D---- C:\Program Files\directx
2009-03-03 08:37:41 ----D---- C:\Documents and Settings\Administrateur\Application Data\DivX

======List of files/folders modified in the last 1 months======

2009-03-30 15:05:20 ----D---- C:\WINDOWS\Prefetch
2009-03-30 14:12:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-30 14:08:28 ----D---- C:\WINDOWS\system32
2009-03-30 14:08:27 ----D---- C:\WINDOWS
2009-03-30 14:07:29 ----A---- C:\WINDOWS\system.ini
2009-03-30 14:06:54 ----D---- C:\WINDOWS\system32\drivers
2009-03-30 14:06:54 ----D---- C:\WINDOWS\AppPatch
2009-03-30 14:06:52 ----D---- C:\Program Files\Fichiers communs
2009-03-30 14:06:06 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-30 11:32:21 ----SD---- C:\Program Files
2009-03-29 15:48:40 ----SHD---- C:\WINDOWS\CSC
2009-03-29 09:16:54 ----RSD---- C:\WINDOWS\Fonts
2009-03-22 07:58:08 ----SHD---- C:\System Volume Information
2009-03-18 11:14:25 ----D---- C:\WINDOWS\lhsp
2009-03-16 14:47:00 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-03-16 12:52:49 ----D---- C:\WINDOWS\system
2009-03-16 10:00:06 ----A---- C:\WINDOWS\system32\ScrUnZip.dll
2009-03-04 14:11:45 ----SHD---- C:\WINDOWS\Installer
2009-03-04 14:11:40 ----D---- C:\Config.Msi
2009-03-04 14:11:21 ----HD---- C:\WINDOWS\inf
2009-03-04 14:11:20 ----D---- C:\WINDOWS\SoftwareDistribution
2009-03-04 14:08:48 ----RSHDC---- C:\WINDOWS\system32\dllcache

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 40320]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-11-08 21248]
R1 Tcpip6;Pilote du protocole IPv6 Microsoft; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2004-08-03 223616]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-24 12032]
R2 Dpmtrcdd;Dpmtrcdd; C:\WINDOWS\System32\DRIVERS\dpmtrcdd.sys [2003-10-16 30192]
R2 NwlnkIpx;Protocole de transport compatible NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
R2 NwlnkNb;NetBIOS NWLink; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-24 63232]
R2 NwlnkSpx;Protocole NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-24 55936]
R2 scpdrv;scpdrv; \??\C:\PROGRAM FILES\FICHIERS COMMUNS\SIEMENS\SWS\PLUGINS\SCP\scpdrv.sys []
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-11-16 42496]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-12-21 4405248]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-03-26 47360]
R3 tunmp;Pilote de carte miniport Tun Microsoft; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-03 12416]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2006-08-02 264192]
S3 AVPsys;AVPsys; \??\C:\WINDOWS\system32\drivers\cdaudio.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-03 40320]
S3 s7oefs_x;SIMATIC MPI/EFS Driver; C:\WINDOWS\System32\drivers\s7oefs_x.sys [2002-10-18 30512]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\WINDOWS\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2004-08-03 78464]
S3 w810bus;Sony Ericsson W810 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\w810bus.sys [2006-02-20 58288]
S3 w810mdfl;Sony Ericsson W810 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\w810mdfl.sys [2006-02-20 8336]
S3 w810mdm;Sony Ericsson W810 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\w810mdm.sys [2006-02-20 94064]
S3 w810mgmt;Sony Ericsson W810 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\w810mgmt.sys [2006-02-20 85408]
S3 w810obex;Sony Ericsson W810 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\w810obex.sys [2006-02-20 83344]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-11-02 76672]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-11-02 82560]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Service d'application d'assistance IPv6; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]
R2 AntiVirScheduler;Planificateur Avira AntiVir Personal - Free Antivirus; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 C-DillaSrv;C-DillaSrv; C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE [2003-04-01 46080]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe [2002-01-29 77824]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 almservice;Automation License Key Service; C:\Program Files\Fichiers communs\Siemens\sws\almsrv\almsrvx.exe [2004-04-02 483392]
S2 UPSMONService;UPSMONService; C:\Program Files\UPSMON\UPSMON_Service.Exe [2005-03-22 368128]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-05-10 827392]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-03 14336]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.05 2009-03-30 15:06:37

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.0 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Allah Remembrance Screen Saver-->C:\WINDOWS\system32\RemoveScr.exe Allah Remembrance
ALMOGHNY-->F:\PROGRA~1\ANHARE~1\UNWISE.EXE F:\PROGRA~1\ANHARE~1\INSTALL.LOG
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ASIO4ALL-->C:\Program Files\ASIO4ALL v2\uninstall.exe
Athan Basic 3.0 -->C:\WINDOWS\iun6002.exe "C:\Program Files\Athan\irunin.ini"
Automation License Manager V1.1-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\SIEMENS\Automation License Manager\DeIsL1.isu" -c"C:\WINDOWS\system32\S7esetdx.dll
AutoSketch-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\Autodesk\AutoSketch\DeIsL1.isu"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\setup.exe /REMOVE
C-Dilla Licence Management System-->C:\C_DILLA\setup\cdunin16.exe
Collab-->C:\Program Files\Image-Line\Collab\uninstall.exe
Complément Office 2007 - Microsoft Enregistrer en tant que PDF ou XPS (Beta)-->MsiExec.exe /X{30120000-00B2-040C-0000-0000000FF1CE}
Disc2Phone-->MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /r
Festo - Catalogue pneumatique-->MsiExec.exe /I{9343AF8F-92DC-4688-9E70-394B6963B9E1}
FindyKill-->C:\Program Files\FindyKill\Uninstal.exe
FL Studio 8-->C:\Program Files\Image-Line\FL Studio 8\uninstall.exe
FlashDiskManager V1.2.6-->"C:\Program Files\FlashDiskManager\uninstall.exe"
Guide de référence LQ590 LQ2090-->C:\Program Files\EPSON\TPMANUAL\LQ590 LQ2090\REF_G\DOCUNINS.EXE
HP USB Disk Storage Format Tool-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}\Setup.exe" -l0x9
IL Download Manager-->C:\Program Files\Image-Line\Downloader\uninstall.exe
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
K-Lite Codec Pack 4.0.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Lernout & Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Lettres Général V2.0-->C:\WINDOWS\iun6002.exe "D:\Program Files\Ariss\Dictionaries\Lettres Général V2.0\irunin.ini"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Encarta 2007 - Collection-->MsiExec.exe /I{07180000-E9B4-4DF6-A845-CAAFD093E477}
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Speech Recognition Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\mscsrgpc.inf, Uninstall.NT
Mjuice Components-->"C:\Program Files\MJuice Media Player\MJUninst.exe"
MP3 Player Utilities 5.09-->MsiExec.exe /I{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
Pack Vista Inspirat 1.1-->C:\WINDOWS\BricoPacks\Vista Inspirat\Remove.exe
PoiZone-->C:\Program Files\Image-Line\PoiZone\uninstall.exe
POSITool-->C:\PROGRA~1\POSI-T~1\UNWISE.EXE C:\PROGRA~1\POSI-T~1\INSTALL.LOG
PowerDVD-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
QuickTime-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653} /l1036
Rainy Screensaver 2.2.17-->C:\Program Files\Rainy Screensaver\Uninstall.exe C:\WINDOWS\system32\RainySs.scr /uninstall
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
SIMATIC STEP 7 V5.3 + HF2 Professional-->MsiExec.exe /I{9A09E05E-0389-4E98-9048-BB55F25DDB4A}
SIMATIC S7-GRAPH V5.3 Professional-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Siemens\Step7\S7gr7\DeIsL1.isu" -c"C:\WINDOWS\system32\S7esetdx.dll
SIMATIC S7-PLCSIM V5.3 Professional-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Siemens\Plcsim\S7WSI\DeIsL1.isu" -c"C:\WINDOWS\system32\S7esetdx.dll
SIMATIC S7-SCL V5.3 Professional-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Siemens\Step7\S7scl\DeIsL1.isu" -c"C:\WINDOWS\system32\S7esetdx.dll
Sony Ericsson PC Suite 1.20.173-->MsiExec.exe /I{C5ADA65A-7828-4D85-B071-ECC52B51F794}
Total Video Converter 3.02-->"C:\Program Files\Total Video Converter\unins000.exe"
Toxic Biohazard-->C:\Program Files\Image-Line\Toxic Biohazard\uninstall.exe
Universalis 10-->MsiExec.exe /I{73F1BDB7-11E1-11D5-9DC6-00C04F2FC33B}
VIA Platform Device Manager-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter-->Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver 6.14.10.0326-->C:\PROGRA~1\S3\UChromeP\s3minset.exe /u UChromeP.uns
Video Convert Master Trial Version (English) 8.0.4.20-->"C:\Program Files\Video Convert Master\unins000.exe"
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vista Start Menu-->C:\Program Files\Vista Start Menu\uninstall.exe
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
ÇáÞÇãæÓ ãÊÚÏÏ ÇááÛÇÊ-->C:\WINDOWS\iun506.exe C:\Program Files\MEDIA_PRO_dic\irunin.ini

======Security center information======

AV: Avira AntiVir PersonalEdition Classic (outdated)

System event log

Computer Name: ALUMET
Event Code: 6005
Message: Le service d'Enregistrement d'événement a démarré.

Record Number: 8523
Source Name: EventLog
Time Written: 20090120093737.000000-300
Event Type: information
User:

Computer Name: ALUMET
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 2 Multiprocessor Free.

Record Number: 8522
Source Name: EventLog
Time Written: 20090120093737.000000-300
Event Type: information
User:

Computer Name: ALUMET
Event Code: 6006
Message: Le service d'Enregistrement d'événement a été arrêté.

Record Number: 8521
Source Name: EventLog
Time Written: 20090119155111.000000-300
Event Type: information
User:

Computer Name: ALUMET
Event Code: 10005
Message: DCOM a reçu l'erreur "%1058" lors de la mise en route du service StiSvc avec les arguments ""
pour démarrer le serveur :
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Record Number: 8520
Source Name: DCOM
Time Written: 20090119113356.000000-300
Event Type: error
User: ALUMET\Administrateur

Computer Name: ALUMET
Event Code: 10005
Message: DCOM a reçu l'erreur "%1058" lors de la mise en route du service StiSvc avec les arguments ""
pour démarrer le serveur :
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Record Number: 8519
Source Name: DCOM
Time Written: 20090119113136.000000-300
Event Type: error
User: ALUMET\Administrateur

Application event log

Computer Name: ALUMET
Event Code: 18
Message: DataBase - OpenWithServiceComponents failed with 0x80004005.

Record Number: 2036
Source Name: Automation License Key Service
Time Written: 20081117091629.000000-300
Event Type: error
User:

Computer Name: ALUMET
Event Code: 18
Message: API = DataBase thread: InitDataBase failed (0x80004005), error code = 0, message = Opération réussie.
.

Record Number: 2035
Source Name: Automation License Key Service
Time Written: 20081117091629.000000-300
Event Type: error
User:

Computer Name: ALUMET
Event Code: 18
Message: DataBase - OpenWithServiceComponents failed with 0x80004005.

Record Number: 2034
Source Name: Automation License Key Service
Time Written: 20081117091629.000000-300
Event Type: error
User:

Computer Name: ALUMET
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 2033
Source Name: SecurityCenter
Time Written: 20081117091629.000000-300
Event Type: information
User:

Computer Name: ALUMET
Event Code: 1
Message: "Automation License Key Service" started successfully.

Record Number: 2032
Source Name: Automation License Key Service
Time Written: 20081117091629.000000-300
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Fichiers communs\Siemens\Sqlany;C:\Program Files\Siemens\Step7\S7bin;C:\Program Files\QuickTime\QTSystem;C:\Program Files\Fichiers communs\Teleca Shared
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0605
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SQLANY"=C:\Program Files\Fichiers communs\Siemens\Sqlany
"S7TMP"=C:\Program Files\Siemens\Step7\S7Tmp
"CLASSPATH"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------

@+++

Réponse 4 / 11

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

tu as fais deux post...

reste dans l'autre sinon c'est le bordel

figman Messages postés 806 Statut Membre 8

re

comment ça deux post ??? se sont pas les vrais rapports rsit ??

@+++

Réponse 5 / 11

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

le rapport combofix?

figman Messages postés 806 Statut Membre 8

re

ah d'acc , j'ai oublier de le poster , je l'ai copier dans ma clé usb , je croyais que je l'ai posté
désolé, et encore je l'ai supprimer de ma clé usb ,

je le ferai demain , bonne soirée

@+++

Réponse 6 / 11

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

a premiere vu tout a été viré! encore des soucis???

dis a ton ami de passer sur son pc , en ayant branché sa clé usb, disque dur externes ...

et de passer combofix, rav et flash disinfector pour éviter que tu attrape a nouveau cette infection car son pc est touché , et sa clé aussi

Réponse 7 / 11

figman Messages postés 806 Statut Membre 8

bonjour ,

d'accord merci ,

voilà le rapport de combofix , je l'ai refais aujourd'hui par ce que celui d'hier a été supprimé

ComboFix 09-03-29.04 - Administrateur 2009-03-31 11:44:00.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1256.966.1036.18.959.619 [GMT -5:00]
Running from: c:\documents and settings\Administrateur\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\em8tqm.cmd
C:\RECYCLER
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\olhrwef.exe
G:\start.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

H:\log.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-28 to 2009-03-31 )))))))))))))))))))))))))))))))
.

2009-03-30 11:32 . 2009-03-30 11:32 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-30 11:32 . 2009-03-30 11:32 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-30 11:32 . 2009-03-30 11:32 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2009-03-30 11:32 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 11:32 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-29 09:16 . 2009-03-29 11:50 <REP> d-------- c:\program files\Total Video Converter
2009-03-29 08:50 . 2009-03-29 08:50 660 --a------ c:\windows\kawai2004.hst
2009-03-21 14:55 . 2009-03-21 14:55 <REP> d---s---- c:\documents and settings\NetworkService\Historique
2009-03-16 12:17 . 2009-03-16 12:23 <REP> d-------- c:\program files\FindyKill
2009-03-15 14:55 . 2009-03-15 14:55 <REP> d-------- c:\program files\trend micro
2009-03-10 10:41 . 2009-03-10 10:41 <REP> d-------- c:\program files\Avira
2009-03-10 10:41 . 2009-03-10 10:41 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-03-04 11:11 . 2009-03-04 11:11 <REP> d-------- c:\program files\Fichiers communs\SWF Studio
2009-03-04 10:33 . 2009-03-04 10:33 <REP> d-------- C:\dalel v1
2009-03-04 10:33 . 2009-03-30 15:39 157 --a------ C:\home.htm
2009-03-04 09:50 . 2009-03-04 09:50 <REP> d-------- c:\program files\directx
2009-03-03 08:37 . 2009-03-03 08:37 <REP> d-------- c:\documents and settings\Administrateur\Application Data\DivX
2009-02-04 12:55 . 2009-02-04 12:55 <REP> d-------- c:\program files\Disc2Phone
2009-02-04 12:52 . 2009-02-04 12:52 <REP> d-------- c:\windows\system32\URTTEMP
2009-02-04 12:26 . 2009-02-04 12:26 <REP> d-------- c:\program files\Sony Ericsson
2009-02-04 12:26 . 2009-02-04 12:45 <REP> d-------- c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-02-04 12:26 . 2009-02-04 12:28 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Teleca

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 15:00 94,208 ----a-w c:\windows\system32\ScrUnZip.dll
2009-02-04 17:45 --------- d-----w c:\program files\Fichiers communs\Teleca Shared
2009-02-04 17:26 --------- d-----w c:\documents and settings\All Users\Application Data\Teleca
2009-01-31 14:49 286,720 ----a-w c:\windows\iun506.exe
2004-08-04 04:54 60,416 --sha-w c:\windows\BricoPacks\SysFiles\69_msimn.exe
2004-08-03 22:54 168,509 --sha-r c:\windows\system32\vfetz.dll
.

------- Sigcheck -------

2004-08-18 02:09 359040 7b11118b078b88f87183fe69eda43137 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"E07FDXRC_21537625"="e:\program files\Microsoft Encarta\Microsoft Encarta 2007 - Collection\EDICT.EXE" [2006-06-13 351000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-10 40048]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-06-24 155648]
"WinampAgent"="c:\program files\Winamp\Winampa.exe" [2001-04-30 10752]
"Athan"="c:\program files\Athan\Athan.exe" [2005-09-11 937984]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2002-09-06 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 32881]
"S7UB Start"="c:\program files\Fichiers communs\Siemens\S7ubtoox\s7ubtstx.exe" [2003-12-17 110645]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 159744]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"VTTimer"="VTTimer.exe" [2005-03-07 c:\windows\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-07-10 c:\windows\system32\VTTrayp.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-18 c:\windows\RTHDCPL.EXE]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Fichiers communs\\Siemens\\SQLANY\\dbsrv7.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9135:TCP"= 9135:TCP:lblgog

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2007-05-23 17920]
R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [2008-01-27 30192]
R2 scpdrv;scpdrv;c:\program files\Fichiers communs\Siemens\SWS\plugins\scp\scpdrv.sys [2008-01-27 26944]
S2 almservice;Automation License Key Service;c:\program files\Fichiers communs\Siemens\SWS\almsrv\almsrvx.exe [2008-01-27 483392]
S2 bcypsp;Installer Image;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
S3 AVPsys;AVPsys;c:\windows\system32\drivers\cdaudio.sys [2001-08-17 18688]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [2002-10-18 30512]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-01-25 25088]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
bcypsp
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.elebda3.net/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-31 11:45:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\bcypsp]
"ServiceDll"="c:\windows\system32\vfetz.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):28,06,47,70,aa,f0,8d,df,74,60,4c,3a,2c,7d,c6,b7,57,5e,a9,6a,eb,
e2,d4,82,6e,24,f6,3e,f1,41,25,c2,72,0e,53,5c,a4,88,3a,82,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{f88165be-8f93-4a94-9f71-f7f95f6d6ae3}]
@Denied: (Full) (Everyone)
"Model"=dword:00000019
"Therad"=dword:0000000b
.
Completion time: 2009-03-31 11:46:06
ComboFix-quarantined-files.txt 2009-03-31 16:46:04

Pre-Run: 25 101 742 080 octets libres
Post-Run: 25,088,622,592 octets libres

136

@+++

Réponse 8 / 11

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

ok c'est bon

encore des soucis?

pour éviter de l'avoir à nouveau lire ceci:

http://forum.malekal.com/ftopic3350.php

bonne suite

figman Messages postés 806 Statut Membre 8

re

est ce que il ya rav à jour ? par ce que quand je scan la clé usb il detecte le virus et il le supprime ensuite , il affiche que le pc est saint , je retir la clé et je redemarre le pc et je refait un scan à ma clé il trouve toujours le même virus , comment je fait pour le supprimer une fois pour toute ,

merci , en ce qui concerne le pc , je crois qu'il est saint , et je remercie

@+++

Réponse 9 / 11

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

il fallait brancher la clé usb avant de faire combofix qui aurait nettoyé la clé!!!!

refais combofix en branchant la clé sinon en remettant la clé le pc sera de nouveau touché!

pour RAV il faut toujours télécharger la dernière version (qui se mets a jour rarement mais ...)

Réponse 10 / 11

figman Messages postés 806 Statut Membre 8

re

d'accord merci pour ton aide jlpjlp

bonne fin de journée ,

Réponse 11 / 11

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

ok bonne journée aussi

Virus em8 tqm

11 réponses

Votre réponse

Discussions similaires

Newsletters