Help !! plantages a repetition
Fermé
lly
-
22 avril 2009 à 21:52
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 27 avril 2009 à 09:09
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 27 avril 2009 à 09:09
A voir également:
- Help !! plantages a repetition
- Plantage firefox à répétition ✓ - Forum Mozilla Firefox
- Blue screen à répétition - Guide
- Comment enlever la répétition des messages sur samsung - Forum Samsung
- Répétition sonnerie sms samsung - Forum Samsung
- Désactiver répétition touche clavier windows 11 - Guide
30 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
22 avril 2009 à 22:16
22 avril 2009 à 22:16
slt pas evident cela peut etre un conflit logciel, un souci materiel ou une infection
comme tu es dans la partie securité:
scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
comme tu es dans la partie securité:
scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
merci beaucoup d avoir répondu,
voilà le rapport
info.txt logfile of random's system information tool 1.06 2009-04-22 22:27:04
======Uninstall list======
-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {60E971B7-51A0-48CA-8687-C6B8F094A409}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
Adobe AIR-->c:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}
Adobe Setup-->MsiExec.exe /I{28773E11-6E44-46DC-90BD-273A3FA2CAC1}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
Architecture 3D 1.5b-->"C:\Programme\LiveCAD\Architecture 3D\unins000.exe"
Archiveur WinRAR-->C:\Programme\WinRAR\uninstall.exe
ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Baby Majhong-->c:\babymajh\Uninstal.exe
CacheMot-->C:\Programme\CacheMot\unins000.exe
CompuApps SwissKnife V3-->C:\WINDOWS\ISUNINST.EXE -fC:\SWISNIFE\SKUninst.ISU -cC:\SWISNIFE\SKUNINST.DLL
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Ecole Primaire - ABCDaire-->C:\WINDOWS\st6unst.exe -n "C:\Programme\Ecole Primaire - ABCDaire\ST6UNST.LOG"
Ecole primaire - Mémoire-->C:\WINDOWS\st6unst.exe -n "C:\Programme\Ecole primaire - Mémoire\ST6UNST.LOG"
EtiketaGoGo v3.3.2-->"C:\Programme\EtiketaGoGo\unins000.exe"
Folding@home-x86-->MsiExec.exe /I{87C85D28-0633-453D-8D29-98C3A1043F6C}
GéoKid-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Programme\denouvel\GéoKid\UnInst.log" "/APPNAME=GéoKid"
GOM Player-->"C:\Programme\GRETECH\GomPlayer\Uninstall.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google SketchUp 6-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c -removeonly
GTK+ 2.10.13 runtime environment-->"C:\Programme\Gemeinsame Dateien\GTK\2.0\setup\unins000.exe"
GVAO-->C:\WINDOWS\unin040c.exe -fC:\Programme\Ord-ixSofts\GVAO\DeIsL1.isu -cC:\Programme\Ord-ixSofts\GVAO\_ISREG32.DLL
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IziSpot 4-->MsiExec.exe /X{78DEE332-4FE2-469F-9CF7-F54C47E11F21}
Jarkanoid 3-->"C:\Programme\Jarkanoid 3\unins000.exe"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jong 3D (version d'évaluation)-->MsiExec.exe /X{758A1306-8AA8-11D7-9EC4-0050FC3A098F}
K-Lite Codec Pack 3.2.5 Full-->"C:\Programme\K-Lite Codec Pack\unins000.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Lauyan TOWeb V2-->"C:\Programme\Lauyan\TOWeb V2\unins000.exe"
Learn2 Player (Uninstall Only)-->C:\Programme\Learn2.com\StRunner\stuninst.exe
Messenger Plus! Live & Sponsor (CiD)-->"C:\Programme\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
MioMap v3 Updater-->MsiExec.exe /I{9C6E2ABE-B3E6-49BA-807C-BDFA54496DA5}
Mozilla Firefox (3.0.1)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Programme\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My Free Mahjong v.2.0-->"C:\Programme\My Free Mahjong\unins000.exe"
Pacman Come Back-->MsiExec.exe /I{BC8F9331-522C-4B24-B610-94EAAA23E43E}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Picasa 2-->"C:\Programme\Picasa2\Uninstall.exe"
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
Revo Uninstaller 1.80-->C:\Programme\VS Revo Group\Revo Uninstaller\uninst.exe
Roxio CinePlayer-->MsiExec.exe /I{1B683082-8791-4D00-8ADE-6C8986FCCC68}
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Contacts Copier-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FECB001A-62F8-4E84-8FD0-4B963D039A63}\setup.exe" -l0x9 -removeonly
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Programme\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung PC Studio 3-->"C:\Programme\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
ShadowFlare-->C:\Programme\ShadowFlare\SFUninst.exe
Shareaza 2.3.1.0-->"C:\CreativesFiles\Uninstall\unins000.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow! Plus-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Simple Backup-->MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spyware Doctor 6.0-->C:\Programme\Spyware Doctor\unins000.exe /LOG
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SuperTux 0.1.3-->C:\Programme\SuperTux\unins000.exe
SupervisionCam-->C:\Programme\SupervisionCam\SupervisionCam.exe /deinstall
SupraLec 1.50-->"C:\Programme\SupraLec\unins000.exe"
The GIMP 2.2.17-->"C:\Programme\GIMP-2.0\unins000.exe"
T-Online 4.0 Hilfe-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\TOHELP4.ISU
T-Online Browser 4.5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{00490EBE-23A5-4976-B95B-BE6B9DF6E2FB}\Setup.exe"
T-Online Copas Client 4.0-->C:\t-online\CoPaS\UNWISE.EXE /U C:\t-online\CoPaS\INSTALL.LOG
T-Online eMail 4.0-->C:\t-online\EMAIL4\UNWISE.EXE /U C:\t-online\EMAIL4\INSTALL.LOG
T-Online OnlineBanking 4.0-->C:\t-online\OB4HBCI\UNWISE.EXE /U C:\t-online\OB4HBCI\INSTALL.LOG
Update für Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update für Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update für Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 2 für Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoCap 1.0-->C:\Programme\VideoCap\unins000.exe
VideoLAN VLC media player 0.8.6c-->C:\Programme\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VIMICRO USB PC Camera V-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}\setup.exe" -l0x7
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB912067-->"C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
X10 Hardware(TM)-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
=====HijackThis Backups=====
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://blooppe.spaces.live.com/PhotoUpload/MsnPUpld.cab [2008-09-07]
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-09-07]
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2008-09-07]
O4 - HKLM\..\Run: [Base frag grid bows] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cast ping base frag\poke manager.exe [2008-09-07]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2008-09-07]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [2008-09-07]
O4 - HKCU\..\Run: [Chinweb] C:\DOKUME~1\HEINRI~1\ANWEND~1\ONLINE~1\programfree.exe [2008-10-18]
O23 - Service: CPDDVFWI - Sysinternals - www.sysinternals.com - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\CPDDVFWI.exe [2008-10-18]
[2009-04-04]
[2009-04-04]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-04-04]
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab [2009-04-21]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-04-21]
O23 - Service: MXVCMFUEVP - Sysinternals - www.sysinternals.com - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\MXVCMFUEVP.exe [2009-04-21]
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (file missing) [2009-04-22]
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll (file missing) [2009-04-22]
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-04-22]
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (file missing) [2009-04-22]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-04-22]
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab [2009-04-22]
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll (file missing) [2009-04-22]
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (file missing) [2009-04-22]
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (file missing) [2009-04-22]
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) [2009-04-22]
O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing) [2009-04-22]
======Hosts File======
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
======Security center information======
FW: Norton Internet Worm Protection (disabled)
======System event log======
Computer Name: HEINRICH
Event Code: 1007
Message: Die IP-Adresse für die Netzwerkkarte mit der Netzwerkadresse 00105AB06D07
wurde automatisch durch diesen Computer konfiguriert. Die verwendete IP-Adresse ist 169.254.168.242.
Record Number: 17790
Source Name: Dhcp
Time Written: 20090408104346.000000+120
Event Type: warning
User:
Computer Name: HEINRICH
Event Code: 29
Message: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Record Number: 17786
Source Name: W32Time
Time Written: 20090408091432.000000+120
Event Type: error
User:
Computer Name: HEINRICH
Event Code: 17
Message: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"ntp.unice.fr,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)
Record Number: 17785
Source Name: W32Time
Time Written: 20090408091432.000000+120
Event Type: error
User:
Computer Name: HEINRICH
Event Code: 29
Message: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Record Number: 17781
Source Name: W32Time
Time Written: 20090408091421.000000+120
Event Type: error
User:
Computer Name: HEINRICH
Event Code: 17
Message: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"ntp.unice.fr,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)
Record Number: 17780
Source Name: W32Time
Time Written: 20090408091421.000000+120
Event Type: error
User:
=====Application event log=====
Computer Name: HEINRICH
Event Code: 1000
Message: Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x014bdcf9.
Record Number: 46
Source Name: Application Error
Time Written: 20090408224413.000000+120
Event Type: error
User:
Computer Name: HEINRICH
Event Code: 1000
Message: Fehlgeschlagene Anwendung firefox.exe, Version 1.8.20081.21709, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x0271dcf9.
Record Number: 31
Source Name: Application Error
Time Written: 20090408152103.000000+120
Event Type: error
User:
Computer Name: HEINRICH
Event Code: 1000
Message: Fehlgeschlagene Anwendung firefox.exe, Version 1.8.20081.21709, fehlgeschlagenes Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x000372e3.
Record Number: 16
Source Name: Application Error
Time Written: 20090408113739.000000+120
Event Type: error
User:
Computer Name: HEINRICH
Event Code: 1000
Message: Fehlgeschlagene Anwendung firefox.exe, Version 1.8.20081.21709, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x025fdcf9.
Record Number: 15
Source Name: Application Error
Time Written: 20090408113652.000000+120
Event Type: error
User:
Computer Name: HEINRICH
Event Code: 1000
Message: Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x014cdcf9.
Record Number: 11
Source Name: Application Error
Time Written: 20090408112116.000000+120
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\GEMEIN~1\SONICS~1\;C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\;C:\Programme\Samsung\Samsung PC Studio 3\;C:\Programme\Gemeinsame Dateien\GTK\2.0\bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0407
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"HPA"=0
"LANG"=fr
-----------------EOF-----------------
voilà le rapport
info.txt logfile of random's system information tool 1.06 2009-04-22 22:27:04
======Uninstall list======
-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {60E971B7-51A0-48CA-8687-C6B8F094A409}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
Adobe AIR-->c:\Programme\Gemeinsame Dateien\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}
Adobe Setup-->MsiExec.exe /I{28773E11-6E44-46DC-90BD-273A3FA2CAC1}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
Architecture 3D 1.5b-->"C:\Programme\LiveCAD\Architecture 3D\unins000.exe"
Archiveur WinRAR-->C:\Programme\WinRAR\uninstall.exe
ATI - Software Uninstall Utility-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Baby Majhong-->c:\babymajh\Uninstal.exe
CacheMot-->C:\Programme\CacheMot\unins000.exe
CompuApps SwissKnife V3-->C:\WINDOWS\ISUNINST.EXE -fC:\SWISNIFE\SKUninst.ISU -cC:\SWISNIFE\SKUNINST.DLL
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Ecole Primaire - ABCDaire-->C:\WINDOWS\st6unst.exe -n "C:\Programme\Ecole Primaire - ABCDaire\ST6UNST.LOG"
Ecole primaire - Mémoire-->C:\WINDOWS\st6unst.exe -n "C:\Programme\Ecole primaire - Mémoire\ST6UNST.LOG"
EtiketaGoGo v3.3.2-->"C:\Programme\EtiketaGoGo\unins000.exe"
Folding@home-x86-->MsiExec.exe /I{87C85D28-0633-453D-8D29-98C3A1043F6C}
GéoKid-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Programme\denouvel\GéoKid\UnInst.log" "/APPNAME=GéoKid"
GOM Player-->"C:\Programme\GRETECH\GomPlayer\Uninstall.exe"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google SketchUp 6-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x40c -removeonly
GTK+ 2.10.13 runtime environment-->"C:\Programme\Gemeinsame Dateien\GTK\2.0\setup\unins000.exe"
GVAO-->C:\WINDOWS\unin040c.exe -fC:\Programme\Ord-ixSofts\GVAO\DeIsL1.isu -cC:\Programme\Ord-ixSofts\GVAO\_ISREG32.DLL
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Programme\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IziSpot 4-->MsiExec.exe /X{78DEE332-4FE2-469F-9CF7-F54C47E11F21}
Jarkanoid 3-->"C:\Programme\Jarkanoid 3\unins000.exe"
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Jong 3D (version d'évaluation)-->MsiExec.exe /X{758A1306-8AA8-11D7-9EC4-0050FC3A098F}
K-Lite Codec Pack 3.2.5 Full-->"C:\Programme\K-Lite Codec Pack\unins000.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Lauyan TOWeb V2-->"C:\Programme\Lauyan\TOWeb V2\unins000.exe"
Learn2 Player (Uninstall Only)-->C:\Programme\Learn2.com\StRunner\stuninst.exe
Messenger Plus! Live & Sponsor (CiD)-->"C:\Programme\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - DEU-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - DEU\install.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
MioMap v3 Updater-->MsiExec.exe /I{9C6E2ABE-B3E6-49BA-807C-BDFA54496DA5}
Mozilla Firefox (3.0.1)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSN-->C:\Programme\MSN\MsnInstaller\msninst.exe /Action:ARP
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
My Free Mahjong v.2.0-->"C:\Programme\My Free Mahjong\unins000.exe"
Pacman Come Back-->MsiExec.exe /I{BC8F9331-522C-4B24-B610-94EAAA23E43E}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Picasa 2-->"C:\Programme\Picasa2\Uninstall.exe"
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x7 -removeonly
Revo Uninstaller 1.80-->C:\Programme\VS Revo Group\Revo Uninstaller\uninst.exe
Roxio CinePlayer-->MsiExec.exe /I{1B683082-8791-4D00-8ADE-6C8986FCCC68}
SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Contacts Copier-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FECB001A-62F8-4E84-8FD0-4B963D039A63}\setup.exe" -l0x9 -removeonly
SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
SAMSUNG Mobile Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe
Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
Samsung PC Studio 3 USB Driver Installer-->"C:\Programme\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -runfromtemp -l0x040c -removeonly
Samsung PC Studio 3-->"C:\Programme\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly
ShadowFlare-->C:\Programme\ShadowFlare\SFUninst.exe
Shareaza 2.3.1.0-->"C:\CreativesFiles\Uninstall\unins000.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow! Plus-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Simple Backup-->MsiExec.exe /I{60E971B7-51A0-48CA-8687-C6B8F094A409}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spyware Doctor 6.0-->C:\Programme\Spyware Doctor\unins000.exe /LOG
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SuperTux 0.1.3-->C:\Programme\SuperTux\unins000.exe
SupervisionCam-->C:\Programme\SupervisionCam\SupervisionCam.exe /deinstall
SupraLec 1.50-->"C:\Programme\SupraLec\unins000.exe"
The GIMP 2.2.17-->"C:\Programme\GIMP-2.0\unins000.exe"
T-Online 4.0 Hilfe-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\TOHELP4.ISU
T-Online Browser 4.5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{00490EBE-23A5-4976-B95B-BE6B9DF6E2FB}\Setup.exe"
T-Online Copas Client 4.0-->C:\t-online\CoPaS\UNWISE.EXE /U C:\t-online\CoPaS\INSTALL.LOG
T-Online eMail 4.0-->C:\t-online\EMAIL4\UNWISE.EXE /U C:\t-online\EMAIL4\INSTALL.LOG
T-Online OnlineBanking 4.0-->C:\t-online\OB4HBCI\UNWISE.EXE /U C:\t-online\OB4HBCI\INSTALL.LOG
Update für Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update für Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update für Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update Rollup 2 für Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoCap 1.0-->C:\Programme\VideoCap\unins000.exe
VideoLAN VLC media player 0.8.6c-->C:\Programme\VideoLAN\VLC\uninstall.exe
Viewpoint Media Player-->C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VIMICRO USB PC Camera V-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}\setup.exe" -l0x7
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Media Center Edition 2005 KB912067-->"C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
X10 Hardware(TM)-->C:\WINDOWS\UNWISE.EXE C:\PROGRA~1\X10HAR~1\Install.log
=====HijackThis Backups=====
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://blooppe.spaces.live.com/PhotoUpload/MsnPUpld.cab [2008-09-07]
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-09-07]
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2008-09-07]
O4 - HKLM\..\Run: [Base frag grid bows] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cast ping base frag\poke manager.exe [2008-09-07]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2008-09-07]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime [2008-09-07]
O4 - HKCU\..\Run: [Chinweb] C:\DOKUME~1\HEINRI~1\ANWEND~1\ONLINE~1\programfree.exe [2008-10-18]
O23 - Service: CPDDVFWI - Sysinternals - www.sysinternals.com - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\CPDDVFWI.exe [2008-10-18]
[2009-04-04]
[2009-04-04]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-04-04]
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab [2009-04-21]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-04-21]
O23 - Service: MXVCMFUEVP - Sysinternals - www.sysinternals.com - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\MXVCMFUEVP.exe [2009-04-21]
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (file missing) [2009-04-22]
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll (file missing) [2009-04-22]
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-04-22]
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (file missing) [2009-04-22]
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2009-04-22]
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab [2009-04-22]
O2 - BHO: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Programme\Lexmark Toolbar\toolband.dll (file missing) [2009-04-22]
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar.dll (file missing) [2009-04-22]
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (file missing) [2009-04-22]
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) [2009-04-22]
O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing) [2009-04-22]
======Hosts File======
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
======Security center information======
FW: Norton Internet Worm Protection (disabled)
======System event log======
Computer Name: HEINRICH
Event Code: 1007
Message: Die IP-Adresse für die Netzwerkkarte mit der Netzwerkadresse 00105AB06D07
wurde automatisch durch diesen Computer konfiguriert. Die verwendete IP-Adresse ist 169.254.168.242.
Record Number: 17790
Source Name: Dhcp
Time Written: 20090408104346.000000+120
Event Type: warning
User:
Computer Name: HEINRICH
Event Code: 29
Message: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Record Number: 17786
Source Name: W32Time
Time Written: 20090408091432.000000+120
Event Type: error
User:
Computer Name: HEINRICH
Event Code: 17
Message: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"ntp.unice.fr,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)
Record Number: 17785
Source Name: W32Time
Time Written: 20090408091432.000000+120
Event Type: error
User:
Computer Name: HEINRICH
Event Code: 29
Message: Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren Zeitquellen
konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb
der nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung
mit der Quelle herzustellen.
Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Record Number: 17781
Source Name: W32Time
Time Written: 20090408091421.000000+120
Event Type: error
User:
Computer Name: HEINRICH
Event Code: 17
Message: Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten Peer
"ntp.unice.fr,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler: Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)
Record Number: 17780
Source Name: W32Time
Time Written: 20090408091421.000000+120
Event Type: error
User:
=====Application event log=====
Computer Name: HEINRICH
Event Code: 1000
Message: Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x014bdcf9.
Record Number: 46
Source Name: Application Error
Time Written: 20090408224413.000000+120
Event Type: error
User:
Computer Name: HEINRICH
Event Code: 1000
Message: Fehlgeschlagene Anwendung firefox.exe, Version 1.8.20081.21709, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x0271dcf9.
Record Number: 31
Source Name: Application Error
Time Written: 20090408152103.000000+120
Event Type: error
User:
Computer Name: HEINRICH
Event Code: 1000
Message: Fehlgeschlagene Anwendung firefox.exe, Version 1.8.20081.21709, fehlgeschlagenes Modul msvcrt.dll, Version 7.0.2600.5512, Fehleradresse 0x000372e3.
Record Number: 16
Source Name: Application Error
Time Written: 20090408113739.000000+120
Event Type: error
User:
Computer Name: HEINRICH
Event Code: 1000
Message: Fehlgeschlagene Anwendung firefox.exe, Version 1.8.20081.21709, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x025fdcf9.
Record Number: 15
Source Name: Application Error
Time Written: 20090408113652.000000+120
Event Type: error
User:
Computer Name: HEINRICH
Event Code: 1000
Message: Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x014cdcf9.
Record Number: 11
Source Name: Application Error
Time Written: 20090408112116.000000+120
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\GEMEIN~1\SONICS~1\;C:\Programme\Gemeinsame Dateien\Roxio Shared\DLLShared\;C:\Programme\Samsung\Samsung PC Studio 3\;C:\Programme\Gemeinsame Dateien\GTK\2.0\bin
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=0407
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"HPA"=0
"LANG"=fr
-----------------EOF-----------------
pour maladwarebyte, j ai voulu aller trop vite (avant de planter!) et du coup j ai cliquer sur "complet" (je crois)
bref ca fait 40 minutes qu il tourne me dit avoir detecté 2 infections, et je prie pour qu il ne plante pas...
bref ca fait 40 minutes qu il tourne me dit avoir detecté 2 infections, et je prie pour qu il ne plante pas...
ca y est !! je supprime tout ca :)
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2028
Windows 5.1.2600 Service Pack 3
22/04/2009 23:29:29
mbam-log-2009-04-22 (23-29-21).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 182687
Temps écoulé: 51 minute(s), 53 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Dokumente und Einstellungen\Heinrich Grimminger\Lokale Einstellungen\Temp\_ir_sf7_temp_0\irsetup.exe (Trojan.Agent) -> No action taken.
C:\Programme\CTV PROD\DEMO\IMMOGEST LOYER\Uninstall\uninstall.exe (Trojan.Agent) -> No action taken.
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2028
Windows 5.1.2600 Service Pack 3
22/04/2009 23:29:29
mbam-log-2009-04-22 (23-29-21).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 182687
Temps écoulé: 51 minute(s), 53 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> No action taken.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Dokumente und Einstellungen\Heinrich Grimminger\Lokale Einstellungen\Temp\_ir_sf7_temp_0\irsetup.exe (Trojan.Agent) -> No action taken.
C:\Programme\CTV PROD\DEMO\IMMOGEST LOYER\Uninstall\uninstall.exe (Trojan.Agent) -> No action taken.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
j ai effacé les fichiers detectés mais ca plante toujours, par contre depuis 5 ou 6 reboot, j ai un truc tout nouveau :
windows me trouve un nouveau matériel, inconnu, quand je clique droit dessus, sur l´onglet détail, il me dit
ROOT\LEGACY_AVGIO\0000
sur google tous les liens que j ai trouvé parlent d avira, mais ca je l ai desinstallé (avec revo dont il ne devrait rien rester, mais visiblement c est pas le cas !) ce que je ne comprends pas c est que avira c´est pas du matériel... bref je dois faire quelque chose pour ca, ou aucune importance, je laisse comme c´est ?
windows me trouve un nouveau matériel, inconnu, quand je clique droit dessus, sur l´onglet détail, il me dit
ROOT\LEGACY_AVGIO\0000
sur google tous les liens que j ai trouvé parlent d avira, mais ca je l ai desinstallé (avec revo dont il ne devrait rien rester, mais visiblement c est pas le cas !) ce que je ne comprends pas c est que avira c´est pas du matériel... bref je dois faire quelque chose pour ca, ou aucune importance, je laisse comme c´est ?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
23 avril 2009 à 09:19
23 avril 2009 à 09:19
il manque la moitité du rapport RSIT
tu as bien viré ce qui a été trouvé par malwarebyte?
puis
tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
tu as bien viré ce qui a été trouvé par malwarebyte?
puis
tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2
* Double-clique dessus pour lancer l'installation
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
* Patiente jusqu'à la fin du scan
* Poste le rapport généré (C:\lopR.txt)
merci a nouveau de ton aide, j ai dû enlever à la main ce qui allait pas avec maladwarebyte parce que pc plantait, et je refait rsit tout de suite !
voici le rapport de lop S&D
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
BIOS : Default System BIOS
USER : Heinrich Grimminger ( Administrator )
BOOT : Normal boot
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
C:\ (Local Disk) - NTFS - Total:170 Go (Free:9 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 23/04/2009| 9:25 )
--------------------\\ Listing des dossiers dans ANWEND~1
[18/07/2007|14:15] C:\DOKUME~1\ADMINI~1\ANWEND~1\AOL
[18/10/2008|08:24] C:\DOKUME~1\ADMINI~1\ANWEND~1\ATI
[03/03/2006|21:34] C:\DOKUME~1\ADMINI~1\ANWEND~1\Identities
[05/03/2006|11:49] C:\DOKUME~1\ADMINI~1\ANWEND~1\Microsoft
[05/03/2006|17:02] C:\DOKUME~1\ADMINI~1\ANWEND~1\You've Got Pictures Screensaver
[0|Datei(en)] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes
[7|Verzeichnis(se),] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes frei
[22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[22/04/2009|20:41] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Adobe
[22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic
[18/07/2007|14:15] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AOL
[13/02/2008|23:43] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Cast ping base frag
[29/01/2009|01:11] C:\DOKUME~1\ALLUSE~1\ANWEND~1\FLEXnet
[22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Google
[18/07/2007|13:48] C:\DOKUME~1\ALLUSE~1\ANWEND~1\GRETECH
[05/03/2006|18:03] C:\DOKUME~1\ALLUSE~1\ANWEND~1\InstallShield
[22/04/2009|22:36] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Malwarebytes
[22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Messenger Plus!
[22/04/2009|10:20] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Microsoft
[14/03/2006|13:35] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle
[10/03/2009|22:46] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle VideoSpin
[31/07/2007|19:41] C:\DOKUME~1\ALLUSE~1\ANWEND~1\QuickTime
[31/03/2006|07:49] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Sonic
[14/02/2008|23:06] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Symantec
[22/04/2009|10:08] C:\DOKUME~1\ALLUSE~1\ANWEND~1\TEMP
[21/07/2007|23:10] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Trymedia
[10/03/2009|22:43] C:\DOKUME~1\ALLUSE~1\ANWEND~1\VideoSpin
[05/03/2006|17:02] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Viewpoint
[05/03/2006|11:49] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage
[17/03/2006|12:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\X10 Settings
[0|Datei(en)] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes
[25|Verzeichnis(se),] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes frei
[18/07/2007|14:15] C:\DOKUME~1\DEFAUL~1\ANWEND~1\AOL
[18/10/2008|08:24] C:\DOKUME~1\DEFAUL~1\ANWEND~1\ATI
[03/03/2006|21:34] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Identities
[07/08/2008|04:32] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Macromedia
[05/03/2006|11:49] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Microsoft
[05/03/2006|17:02] C:\DOKUME~1\DEFAUL~1\ANWEND~1\You've Got Pictures Screensaver
[0|Datei(en)] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes
[8|Verzeichnis(se),] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes frei
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Adobe
[27/05/2008|20:15] C:\DOKUME~1\HEINRI~1\ANWEND~1\AdobeUM
[06/09/2008|21:39] C:\DOKUME~1\HEINRI~1\ANWEND~1\Anuman Interactive
[18/07/2007|14:15] C:\DOKUME~1\HEINRI~1\ANWEND~1\AOL
[18/10/2008|08:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\ATI
[30/01/2009|18:54] C:\DOKUME~1\HEINRI~1\ANWEND~1\com.adobe.ExMan
[18/07/2007|19:55] C:\DOKUME~1\HEINRI~1\ANWEND~1\ConvertTemp
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\CoreFTP
[20/07/2007|21:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\DivX
[01/02/2009|14:56] C:\DOKUME~1\HEINRI~1\ANWEND~1\Download Manager
[18/01/2009|00:21] C:\DOKUME~1\HEINRI~1\ANWEND~1\Folding@home-x86
[15/07/2007|18:30] C:\DOKUME~1\HEINRI~1\ANWEND~1\Google
[18/07/2007|13:47] C:\DOKUME~1\HEINRI~1\ANWEND~1\GRETECH
[07/04/2009|00:17] C:\DOKUME~1\HEINRI~1\ANWEND~1\gtk-2.0
[25/07/2007|08:12] C:\DOKUME~1\HEINRI~1\ANWEND~1\Help
[06/08/2007|10:26] C:\DOKUME~1\HEINRI~1\ANWEND~1\ICQ Toolbar
[03/03/2006|21:34] C:\DOKUME~1\HEINRI~1\ANWEND~1\Identities
[20/07/2007|16:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\InstallShield
[26/05/2006|13:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Leadertech
[26/08/2008|18:22] C:\DOKUME~1\HEINRI~1\ANWEND~1\Lexmark Productivity Studio
[01/04/2009|11:08] C:\DOKUME~1\HEINRI~1\ANWEND~1\Macromedia
[22/04/2009|22:36] C:\DOKUME~1\HEINRI~1\ANWEND~1\Malwarebytes
[20/07/2007|21:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Media Player Classic
[11/10/2008|19:27] C:\DOKUME~1\HEINRI~1\ANWEND~1\Microsoft
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Mozilla
[07/08/2007|00:13] C:\DOKUME~1\HEINRI~1\ANWEND~1\MSNInstaller
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Notepad++
[19/05/2008|20:16] C:\DOKUME~1\HEINRI~1\ANWEND~1\Online Barb 01
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\PC Tools
[24/07/2007|22:02] C:\DOKUME~1\HEINRI~1\ANWEND~1\Qualcomm
[18/07/2007|13:43] C:\DOKUME~1\HEINRI~1\ANWEND~1\Real
[18/07/2007|19:50] C:\DOKUME~1\HEINRI~1\ANWEND~1\Samsung
[24/05/2008|07:53] C:\DOKUME~1\HEINRI~1\ANWEND~1\Shareaza
[26/05/2006|13:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Sonic
[10/08/2007|08:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\Sun
[18/07/2007|13:43] C:\DOKUME~1\HEINRI~1\ANWEND~1\Talkback
[22/08/2007|22:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Temporary
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Thunderbird
[29/07/2007|14:13] C:\DOKUME~1\HEINRI~1\ANWEND~1\TransRender
[11/11/2008|00:58] C:\DOKUME~1\HEINRI~1\ANWEND~1\Tsarevna
[16/07/2007|00:36] C:\DOKUME~1\HEINRI~1\ANWEND~1\vlc
[21/09/2008|10:42] C:\DOKUME~1\HEINRI~1\ANWEND~1\Win Novation
[21/08/2007|21:45] C:\DOKUME~1\HEINRI~1\ANWEND~1\WinRAR
[11/08/2007|22:14] C:\DOKUME~1\HEINRI~1\ANWEND~1\X-Chat 2
[05/03/2006|17:02] C:\DOKUME~1\HEINRI~1\ANWEND~1\You've Got Pictures Screensaver
[0|Datei(en)] C:\DOKUME~1\HEINRI~1\ANWEND~1\Bytes
[47|Verzeichnis(se),] C:\DOKUME~1\HEINRI~1\ANWEND~1\Bytes frei
[18/07/2007|15:04] C:\DOKUME~1\LOCALS~1\ANWEND~1\DivX
[03/03/2006|21:28] C:\DOKUME~1\LOCALS~1\ANWEND~1\Microsoft
[15/03/2006|15:25] C:\DOKUME~1\LOCALS~1\ANWEND~1\X10 Commander
[0|Datei(en)] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes
[5|Verzeichnis(se),] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes frei
[03/03/2006|21:33] C:\DOKUME~1\NETWOR~1\ANWEND~1\Microsoft
[0|Datei(en)] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes
[3|Verzeichnis(se),] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes frei
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[21/04/2009 12:37][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[23/04/2009 09:23][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Programme
[01/04/2009|11:09] C:\Programme\Adobe
[22/04/2009|18:01] C:\Programme\Adverts
[22/04/2009|18:01] C:\Programme\AgentWebRanking PRO
[22/04/2009|18:01] C:\Programme\AntiVir PersonalEdition Classic
[14/03/2006|13:44] C:\Programme\ATI Technologies
[24/05/2008|10:25] C:\Programme\BOINC
[10/01/2009|00:27] C:\Programme\CacheMot
[22/04/2009|18:01] C:\Programme\Circle Developement
[15/03/2006|15:22] C:\Programme\Common Files
[22/04/2009|18:00] C:\Programme\CoreFTP
[17/07/2007|14:20] C:\Programme\CTV PROD
[21/09/2008|10:34] C:\Programme\denouvel
[14/03/2006|13:35] C:\Programme\DIFX
[09/01/2009|23:05] C:\Programme\DivX
[22/04/2009|18:00] C:\Programme\EasyPHP 3.0
[29/08/2008|16:54] C:\Programme\Ecole Primaire - ABCDaire
[29/08/2008|16:47] C:\Programme\Ecole primaire - Mémoire
[22/04/2009|20:53] C:\Programme\eMule
[22/04/2009|18:01] C:\Programme\EtiketaGoGo
[25/07/2007|08:33] C:\Programme\FoxMail
[22/04/2009|18:01] C:\Programme\Gemeinsame Dateien
[21/07/2007|12:51] C:\Programme\GIMP-2.0
[21/07/2007|23:11] C:\Programme\Global Star Software
[31/03/2009|22:18] C:\Programme\Google
[18/07/2007|13:47] C:\Programme\GRETECH
[07/08/2007|13:31] C:\Programme\ICQToolbar
[22/04/2009|10:20] C:\Programme\InstallShield Installation Information
[22/04/2009|18:01] C:\Programme\Internet Explorer
[20/03/2009|16:55] C:\Programme\Jarkanoid 3
[31/03/2009|21:13] C:\Programme\Java
[18/07/2007|13:56] C:\Programme\K-Lite Codec Pack
[05/03/2006|17:02] C:\Programme\Learn2.com
[06/09/2008|23:31] C:\Programme\LiveCAD
[20/01/2009|22:12] C:\Programme\Maido Production
[22/04/2009|22:36] C:\Programme\Malwarebytes' Anti-Malware
[30/09/2008|01:09] C:\Programme\Messenger
[22/04/2009|18:01] C:\Programme\Messenger Plus! Live
[03/03/2006|21:29] C:\Programme\microsoft frontpage
[18/08/2008|11:54] C:\Programme\Mio Technology
[30/09/2008|01:03] C:\Programme\Movie Maker
[23/04/2009|09:03] C:\Programme\Mozilla Firefox
[07/08/2007|00:12] C:\Programme\MSN
[03/03/2006|21:20] C:\Programme\MSN Gaming Zone
[22/04/2009|21:05] C:\Programme\MSN Messenger
[19/07/2007|03:00] C:\Programme\MSXML 4.0
[21/09/2008|08:40] C:\Programme\My Free Mahjong
[30/09/2008|00:59] C:\Programme\NetMeeting
[20/08/2008|13:09] C:\Programme\Neuer Ordner
[22/04/2009|18:01] C:\Programme\Notepad++
[13/02/2008|23:42] C:\Programme\Online Barb 01
[03/03/2006|21:23] C:\Programme\Online Services
[20/05/2008|21:55] C:\Programme\Online-Dienste
[17/07/2007|14:24] C:\Programme\Ord-ixSofts
[30/09/2008|00:59] C:\Programme\Outlook Express
[22/04/2009|18:01] C:\Programme\Picasa2
[10/03/2009|22:43] C:\Programme\Pinnacle
[24/07/2007|20:51] C:\Programme\Qualcomm
[22/04/2009|18:01] C:\Programme\QuickTime
[05/03/2006|17:01] C:\Programme\Real
[14/03/2006|13:32] C:\Programme\Realtek
[31/03/2006|07:49] C:\Programme\Roxio
[18/07/2007|19:46] C:\Programme\Samsung
[24/05/2008|10:29] C:\Programme\Shareaza Applications
[26/08/2008|22:53] C:\Programme\SodeaSoft
[05/03/2006|18:02] C:\Programme\Sonic
[22/04/2009|18:01] C:\Programme\Spyware Doctor
[20/09/2008|21:03] C:\Programme\SuperTux
[10/08/2007|02:07] C:\Programme\SupervisionCam
[10/01/2009|00:57] C:\Programme\SupraLec
[21/09/2008|10:28] C:\Programme\Transsoft Games
[07/09/2008|12:29] C:\Programme\Trend Micro
[06/12/2007|23:20] C:\Programme\Uninstall Information
[16/02/2008|19:22] C:\Programme\VideoCap
[15/07/2007|23:31] C:\Programme\VideoLAN
[05/03/2006|17:02] C:\Programme\Viewpoint
[08/08/2007|18:43] C:\Programme\Vimicro
[21/04/2009|10:46] C:\Programme\VS Revo Group
[22/04/2009|18:01] C:\Programme\Windows Live
[05/03/2006|18:18] C:\Programme\Windows Media Connect 2
[15/08/2007|03:00] C:\Programme\Windows Media Player
[30/09/2008|00:59] C:\Programme\Windows NT
[03/03/2006|21:23] C:\Programme\Windows Plus
[22/04/2009|18:01] C:\Programme\WinHTTrack
[21/08/2007|21:45] C:\Programme\WinRAR
[15/03/2006|15:22] C:\Programme\X10 Hardware
[08/11/2008|22:46] C:\Programme\xchat
[22/04/2009|18:01] C:\Programme\Xenu
[03/03/2006|21:29] C:\Programme\xerox
[0|Datei(en)] C:\Programme\Bytes
[90|Verzeichnis(se),] C:\Programme\Bytes frei
--------------------\\ Listing des dossiers dans C:\Programme\Gemeinsame Dateien
[01/04/2009|11:01] C:\Programme\Gemeinsame Dateien\Adobe
[29/01/2009|00:43] C:\Programme\Gemeinsame Dateien\Adobe AIR
[18/07/2007|16:11] C:\Programme\Gemeinsame Dateien\aol
[03/03/2006|21:26] C:\Programme\Gemeinsame Dateien\Dienste
[22/04/2009|18:01] C:\Programme\Gemeinsame Dateien\fun communications
[21/07/2007|12:49] C:\Programme\Gemeinsame Dateien\GTK
[14/03/2006|13:32] C:\Programme\Gemeinsame Dateien\InstallShield
[10/08/2007|08:19] C:\Programme\Gemeinsame Dateien\Java
[20/01/2009|22:12] C:\Programme\Gemeinsame Dateien\Microsoft Shared
[03/03/2006|21:26] C:\Programme\Gemeinsame Dateien\MSSoap
[05/03/2006|17:01] C:\Programme\Gemeinsame Dateien\Nullsoft
[10/12/2008|00:29] C:\Programme\Gemeinsame Dateien\Real
[31/03/2006|07:49] C:\Programme\Gemeinsame Dateien\Roxio Shared
[31/03/2006|07:49] C:\Programme\Gemeinsame Dateien\Sonic Shared
[03/03/2006|21:15] C:\Programme\Gemeinsame Dateien\SpeechEngines
[05/03/2006|18:02] C:\Programme\Gemeinsame Dateien\SureThing Shared
[22/04/2009|18:01] C:\Programme\Gemeinsame Dateien\Symantec Shared
[30/09/2008|00:59] C:\Programme\Gemeinsame Dateien\System
[10/12/2008|00:29] C:\Programme\Gemeinsame Dateien\xing shared
[10/03/2009|22:43] C:\Programme\Gemeinsame Dateien\Yahoo!
[0|Datei(en)] C:\Programme\Gemeinsame Dateien\Bytes
[22|Verzeichnis(se),] C:\Programme\Gemeinsame Dateien\Bytes frei
--------------------\\ Process
( 29 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOKUME~1\ALLUSE~1\ANWEND~1\Cast ping base frag
C:\DOKUME~1\ALLUSE~1\ANWEND~1\Cast ping base frag\poke manager.exe
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsa2B.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsc70.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nscopy.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsh139.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsh7D.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsi1F.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISGSearchCheck.dll
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISPromotion.dll
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISPromotion.ini
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nskE.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-1.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-10.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-11.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-2.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-3.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-4.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-5.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-6.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-7.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-8.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-9.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail.eml
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nso85.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsoB.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsq1147.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsq8E.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsr7CF.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsr91.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\Nss.exe
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst14.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst17.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst7A.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsu8.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsv13E.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx145.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx5.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx6D.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx82.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsy8B.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsz104.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\stadistic.log
C:\Programme\Adverts
C:\Programme\Circle Developement
C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@advertstream[2].txt
C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@adin.bigpoint[1].txt
C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@bigpoint[1].txt
C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@de.gladiatoren2.bigpoint[1].txt
C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@glorykings.bigpoint[1].txt
C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@adopt.euroclick[1].txt
C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@888[1].txt
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts MODIFIE
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD
-> 72 [ 70 ## added by CiD ]
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 09:26:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOKUME~1\HEINRI~1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\sus2_deb@hotmail.fr\Sharing Folders\sadmsn@hotmail.fr\Insaniquarium Deluxe Game - PopCap - Full+crack
[F:3725][D:544]-> C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp
[F:1408][D:0]-> C:\DOKUME~1\HEINRI~1\Cookies
[F:11228][D:42]-> C:\DOKUME~1\HEINRI~1\LOKALE~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 23/04/2009| 9:29 - Option : [1]
--------------------\\ Fin du rapport a 9:29:34
voici le rapport de lop S&D
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
BIOS : Default System BIOS
USER : Heinrich Grimminger ( Administrator )
BOOT : Normal boot
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
C:\ (Local Disk) - NTFS - Total:170 Go (Free:9 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 23/04/2009| 9:25 )
--------------------\\ Listing des dossiers dans ANWEND~1
[18/07/2007|14:15] C:\DOKUME~1\ADMINI~1\ANWEND~1\AOL
[18/10/2008|08:24] C:\DOKUME~1\ADMINI~1\ANWEND~1\ATI
[03/03/2006|21:34] C:\DOKUME~1\ADMINI~1\ANWEND~1\Identities
[05/03/2006|11:49] C:\DOKUME~1\ADMINI~1\ANWEND~1\Microsoft
[05/03/2006|17:02] C:\DOKUME~1\ADMINI~1\ANWEND~1\You've Got Pictures Screensaver
[0|Datei(en)] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes
[7|Verzeichnis(se),] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes frei
[22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[22/04/2009|20:41] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Adobe
[22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic
[18/07/2007|14:15] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AOL
[13/02/2008|23:43] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Cast ping base frag
[29/01/2009|01:11] C:\DOKUME~1\ALLUSE~1\ANWEND~1\FLEXnet
[22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Google
[18/07/2007|13:48] C:\DOKUME~1\ALLUSE~1\ANWEND~1\GRETECH
[05/03/2006|18:03] C:\DOKUME~1\ALLUSE~1\ANWEND~1\InstallShield
[22/04/2009|22:36] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Malwarebytes
[22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Messenger Plus!
[22/04/2009|10:20] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Microsoft
[14/03/2006|13:35] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle
[10/03/2009|22:46] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle VideoSpin
[31/07/2007|19:41] C:\DOKUME~1\ALLUSE~1\ANWEND~1\QuickTime
[31/03/2006|07:49] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Sonic
[14/02/2008|23:06] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Symantec
[22/04/2009|10:08] C:\DOKUME~1\ALLUSE~1\ANWEND~1\TEMP
[21/07/2007|23:10] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Trymedia
[10/03/2009|22:43] C:\DOKUME~1\ALLUSE~1\ANWEND~1\VideoSpin
[05/03/2006|17:02] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Viewpoint
[05/03/2006|11:49] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage
[17/03/2006|12:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\X10 Settings
[0|Datei(en)] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes
[25|Verzeichnis(se),] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes frei
[18/07/2007|14:15] C:\DOKUME~1\DEFAUL~1\ANWEND~1\AOL
[18/10/2008|08:24] C:\DOKUME~1\DEFAUL~1\ANWEND~1\ATI
[03/03/2006|21:34] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Identities
[07/08/2008|04:32] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Macromedia
[05/03/2006|11:49] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Microsoft
[05/03/2006|17:02] C:\DOKUME~1\DEFAUL~1\ANWEND~1\You've Got Pictures Screensaver
[0|Datei(en)] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes
[8|Verzeichnis(se),] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes frei
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Adobe
[27/05/2008|20:15] C:\DOKUME~1\HEINRI~1\ANWEND~1\AdobeUM
[06/09/2008|21:39] C:\DOKUME~1\HEINRI~1\ANWEND~1\Anuman Interactive
[18/07/2007|14:15] C:\DOKUME~1\HEINRI~1\ANWEND~1\AOL
[18/10/2008|08:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\ATI
[30/01/2009|18:54] C:\DOKUME~1\HEINRI~1\ANWEND~1\com.adobe.ExMan
[18/07/2007|19:55] C:\DOKUME~1\HEINRI~1\ANWEND~1\ConvertTemp
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\CoreFTP
[20/07/2007|21:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\DivX
[01/02/2009|14:56] C:\DOKUME~1\HEINRI~1\ANWEND~1\Download Manager
[18/01/2009|00:21] C:\DOKUME~1\HEINRI~1\ANWEND~1\Folding@home-x86
[15/07/2007|18:30] C:\DOKUME~1\HEINRI~1\ANWEND~1\Google
[18/07/2007|13:47] C:\DOKUME~1\HEINRI~1\ANWEND~1\GRETECH
[07/04/2009|00:17] C:\DOKUME~1\HEINRI~1\ANWEND~1\gtk-2.0
[25/07/2007|08:12] C:\DOKUME~1\HEINRI~1\ANWEND~1\Help
[06/08/2007|10:26] C:\DOKUME~1\HEINRI~1\ANWEND~1\ICQ Toolbar
[03/03/2006|21:34] C:\DOKUME~1\HEINRI~1\ANWEND~1\Identities
[20/07/2007|16:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\InstallShield
[26/05/2006|13:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Leadertech
[26/08/2008|18:22] C:\DOKUME~1\HEINRI~1\ANWEND~1\Lexmark Productivity Studio
[01/04/2009|11:08] C:\DOKUME~1\HEINRI~1\ANWEND~1\Macromedia
[22/04/2009|22:36] C:\DOKUME~1\HEINRI~1\ANWEND~1\Malwarebytes
[20/07/2007|21:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Media Player Classic
[11/10/2008|19:27] C:\DOKUME~1\HEINRI~1\ANWEND~1\Microsoft
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Mozilla
[07/08/2007|00:13] C:\DOKUME~1\HEINRI~1\ANWEND~1\MSNInstaller
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Notepad++
[19/05/2008|20:16] C:\DOKUME~1\HEINRI~1\ANWEND~1\Online Barb 01
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\PC Tools
[24/07/2007|22:02] C:\DOKUME~1\HEINRI~1\ANWEND~1\Qualcomm
[18/07/2007|13:43] C:\DOKUME~1\HEINRI~1\ANWEND~1\Real
[18/07/2007|19:50] C:\DOKUME~1\HEINRI~1\ANWEND~1\Samsung
[24/05/2008|07:53] C:\DOKUME~1\HEINRI~1\ANWEND~1\Shareaza
[26/05/2006|13:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Sonic
[10/08/2007|08:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\Sun
[18/07/2007|13:43] C:\DOKUME~1\HEINRI~1\ANWEND~1\Talkback
[22/08/2007|22:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Temporary
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Thunderbird
[29/07/2007|14:13] C:\DOKUME~1\HEINRI~1\ANWEND~1\TransRender
[11/11/2008|00:58] C:\DOKUME~1\HEINRI~1\ANWEND~1\Tsarevna
[16/07/2007|00:36] C:\DOKUME~1\HEINRI~1\ANWEND~1\vlc
[21/09/2008|10:42] C:\DOKUME~1\HEINRI~1\ANWEND~1\Win Novation
[21/08/2007|21:45] C:\DOKUME~1\HEINRI~1\ANWEND~1\WinRAR
[11/08/2007|22:14] C:\DOKUME~1\HEINRI~1\ANWEND~1\X-Chat 2
[05/03/2006|17:02] C:\DOKUME~1\HEINRI~1\ANWEND~1\You've Got Pictures Screensaver
[0|Datei(en)] C:\DOKUME~1\HEINRI~1\ANWEND~1\Bytes
[47|Verzeichnis(se),] C:\DOKUME~1\HEINRI~1\ANWEND~1\Bytes frei
[18/07/2007|15:04] C:\DOKUME~1\LOCALS~1\ANWEND~1\DivX
[03/03/2006|21:28] C:\DOKUME~1\LOCALS~1\ANWEND~1\Microsoft
[15/03/2006|15:25] C:\DOKUME~1\LOCALS~1\ANWEND~1\X10 Commander
[0|Datei(en)] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes
[5|Verzeichnis(se),] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes frei
[03/03/2006|21:33] C:\DOKUME~1\NETWOR~1\ANWEND~1\Microsoft
[0|Datei(en)] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes
[3|Verzeichnis(se),] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes frei
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[21/04/2009 12:37][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[23/04/2009 09:23][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Programme
[01/04/2009|11:09] C:\Programme\Adobe
[22/04/2009|18:01] C:\Programme\Adverts
[22/04/2009|18:01] C:\Programme\AgentWebRanking PRO
[22/04/2009|18:01] C:\Programme\AntiVir PersonalEdition Classic
[14/03/2006|13:44] C:\Programme\ATI Technologies
[24/05/2008|10:25] C:\Programme\BOINC
[10/01/2009|00:27] C:\Programme\CacheMot
[22/04/2009|18:01] C:\Programme\Circle Developement
[15/03/2006|15:22] C:\Programme\Common Files
[22/04/2009|18:00] C:\Programme\CoreFTP
[17/07/2007|14:20] C:\Programme\CTV PROD
[21/09/2008|10:34] C:\Programme\denouvel
[14/03/2006|13:35] C:\Programme\DIFX
[09/01/2009|23:05] C:\Programme\DivX
[22/04/2009|18:00] C:\Programme\EasyPHP 3.0
[29/08/2008|16:54] C:\Programme\Ecole Primaire - ABCDaire
[29/08/2008|16:47] C:\Programme\Ecole primaire - Mémoire
[22/04/2009|20:53] C:\Programme\eMule
[22/04/2009|18:01] C:\Programme\EtiketaGoGo
[25/07/2007|08:33] C:\Programme\FoxMail
[22/04/2009|18:01] C:\Programme\Gemeinsame Dateien
[21/07/2007|12:51] C:\Programme\GIMP-2.0
[21/07/2007|23:11] C:\Programme\Global Star Software
[31/03/2009|22:18] C:\Programme\Google
[18/07/2007|13:47] C:\Programme\GRETECH
[07/08/2007|13:31] C:\Programme\ICQToolbar
[22/04/2009|10:20] C:\Programme\InstallShield Installation Information
[22/04/2009|18:01] C:\Programme\Internet Explorer
[20/03/2009|16:55] C:\Programme\Jarkanoid 3
[31/03/2009|21:13] C:\Programme\Java
[18/07/2007|13:56] C:\Programme\K-Lite Codec Pack
[05/03/2006|17:02] C:\Programme\Learn2.com
[06/09/2008|23:31] C:\Programme\LiveCAD
[20/01/2009|22:12] C:\Programme\Maido Production
[22/04/2009|22:36] C:\Programme\Malwarebytes' Anti-Malware
[30/09/2008|01:09] C:\Programme\Messenger
[22/04/2009|18:01] C:\Programme\Messenger Plus! Live
[03/03/2006|21:29] C:\Programme\microsoft frontpage
[18/08/2008|11:54] C:\Programme\Mio Technology
[30/09/2008|01:03] C:\Programme\Movie Maker
[23/04/2009|09:03] C:\Programme\Mozilla Firefox
[07/08/2007|00:12] C:\Programme\MSN
[03/03/2006|21:20] C:\Programme\MSN Gaming Zone
[22/04/2009|21:05] C:\Programme\MSN Messenger
[19/07/2007|03:00] C:\Programme\MSXML 4.0
[21/09/2008|08:40] C:\Programme\My Free Mahjong
[30/09/2008|00:59] C:\Programme\NetMeeting
[20/08/2008|13:09] C:\Programme\Neuer Ordner
[22/04/2009|18:01] C:\Programme\Notepad++
[13/02/2008|23:42] C:\Programme\Online Barb 01
[03/03/2006|21:23] C:\Programme\Online Services
[20/05/2008|21:55] C:\Programme\Online-Dienste
[17/07/2007|14:24] C:\Programme\Ord-ixSofts
[30/09/2008|00:59] C:\Programme\Outlook Express
[22/04/2009|18:01] C:\Programme\Picasa2
[10/03/2009|22:43] C:\Programme\Pinnacle
[24/07/2007|20:51] C:\Programme\Qualcomm
[22/04/2009|18:01] C:\Programme\QuickTime
[05/03/2006|17:01] C:\Programme\Real
[14/03/2006|13:32] C:\Programme\Realtek
[31/03/2006|07:49] C:\Programme\Roxio
[18/07/2007|19:46] C:\Programme\Samsung
[24/05/2008|10:29] C:\Programme\Shareaza Applications
[26/08/2008|22:53] C:\Programme\SodeaSoft
[05/03/2006|18:02] C:\Programme\Sonic
[22/04/2009|18:01] C:\Programme\Spyware Doctor
[20/09/2008|21:03] C:\Programme\SuperTux
[10/08/2007|02:07] C:\Programme\SupervisionCam
[10/01/2009|00:57] C:\Programme\SupraLec
[21/09/2008|10:28] C:\Programme\Transsoft Games
[07/09/2008|12:29] C:\Programme\Trend Micro
[06/12/2007|23:20] C:\Programme\Uninstall Information
[16/02/2008|19:22] C:\Programme\VideoCap
[15/07/2007|23:31] C:\Programme\VideoLAN
[05/03/2006|17:02] C:\Programme\Viewpoint
[08/08/2007|18:43] C:\Programme\Vimicro
[21/04/2009|10:46] C:\Programme\VS Revo Group
[22/04/2009|18:01] C:\Programme\Windows Live
[05/03/2006|18:18] C:\Programme\Windows Media Connect 2
[15/08/2007|03:00] C:\Programme\Windows Media Player
[30/09/2008|00:59] C:\Programme\Windows NT
[03/03/2006|21:23] C:\Programme\Windows Plus
[22/04/2009|18:01] C:\Programme\WinHTTrack
[21/08/2007|21:45] C:\Programme\WinRAR
[15/03/2006|15:22] C:\Programme\X10 Hardware
[08/11/2008|22:46] C:\Programme\xchat
[22/04/2009|18:01] C:\Programme\Xenu
[03/03/2006|21:29] C:\Programme\xerox
[0|Datei(en)] C:\Programme\Bytes
[90|Verzeichnis(se),] C:\Programme\Bytes frei
--------------------\\ Listing des dossiers dans C:\Programme\Gemeinsame Dateien
[01/04/2009|11:01] C:\Programme\Gemeinsame Dateien\Adobe
[29/01/2009|00:43] C:\Programme\Gemeinsame Dateien\Adobe AIR
[18/07/2007|16:11] C:\Programme\Gemeinsame Dateien\aol
[03/03/2006|21:26] C:\Programme\Gemeinsame Dateien\Dienste
[22/04/2009|18:01] C:\Programme\Gemeinsame Dateien\fun communications
[21/07/2007|12:49] C:\Programme\Gemeinsame Dateien\GTK
[14/03/2006|13:32] C:\Programme\Gemeinsame Dateien\InstallShield
[10/08/2007|08:19] C:\Programme\Gemeinsame Dateien\Java
[20/01/2009|22:12] C:\Programme\Gemeinsame Dateien\Microsoft Shared
[03/03/2006|21:26] C:\Programme\Gemeinsame Dateien\MSSoap
[05/03/2006|17:01] C:\Programme\Gemeinsame Dateien\Nullsoft
[10/12/2008|00:29] C:\Programme\Gemeinsame Dateien\Real
[31/03/2006|07:49] C:\Programme\Gemeinsame Dateien\Roxio Shared
[31/03/2006|07:49] C:\Programme\Gemeinsame Dateien\Sonic Shared
[03/03/2006|21:15] C:\Programme\Gemeinsame Dateien\SpeechEngines
[05/03/2006|18:02] C:\Programme\Gemeinsame Dateien\SureThing Shared
[22/04/2009|18:01] C:\Programme\Gemeinsame Dateien\Symantec Shared
[30/09/2008|00:59] C:\Programme\Gemeinsame Dateien\System
[10/12/2008|00:29] C:\Programme\Gemeinsame Dateien\xing shared
[10/03/2009|22:43] C:\Programme\Gemeinsame Dateien\Yahoo!
[0|Datei(en)] C:\Programme\Gemeinsame Dateien\Bytes
[22|Verzeichnis(se),] C:\Programme\Gemeinsame Dateien\Bytes frei
--------------------\\ Process
( 29 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOKUME~1\ALLUSE~1\ANWEND~1\Cast ping base frag
C:\DOKUME~1\ALLUSE~1\ANWEND~1\Cast ping base frag\poke manager.exe
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsa2B.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsc70.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nscopy.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsh139.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsh7D.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsi1F.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISGSearchCheck.dll
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISPromotion.dll
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISPromotion.ini
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nskE.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-1.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-10.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-11.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-2.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-3.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-4.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-5.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-6.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-7.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-8.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-9.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail.eml
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nso85.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsoB.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsq1147.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsq8E.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsr7CF.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsr91.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\Nss.exe
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst14.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst17.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst7A.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsu8.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsv13E.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx145.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx5.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx6D.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx82.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsy8B.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsz104.tmp
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\stadistic.log
C:\Programme\Adverts
C:\Programme\Circle Developement
C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@advertstream[2].txt
C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@adin.bigpoint[1].txt
C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@bigpoint[1].txt
C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@de.gladiatoren2.bigpoint[1].txt
C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@glorykings.bigpoint[1].txt
C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@adopt.euroclick[1].txt
C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@888[1].txt
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts MODIFIE
127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 download.cdn.winsoftware.com ## added by CiD
127.0.0.1 download.errorsafe.com ## added by CiD
127.0.0.1 download.systemdoctor.com ## added by CiD
127.0.0.1 download.winantispyware.com ## added by CiD
127.0.0.1 download.windrivecleaner.com ## added by CiD
127.0.0.1 download.winfixer.com ## added by CiD
127.0.0.1 drivecleaner.com ## added by CiD
127.0.0.1 dynamique.drivecleaner.com ## added by CiD
127.0.0.1 errorprotector.com ## added by CiD
127.0.0.1 errorsafe.com ## added by CiD
127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 [i]ww/iw.drivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.errorprotector.com ## added by CiD
127.0.0.1 [i]ww/iw.errorsafe.com ## added by CiD
127.0.0.1 [i]ww/iw.systemdoctor.com ## added by CiD
127.0.0.1 [i]ww/iw.utils.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.win-anti-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.win-virus-pro.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispam.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispy.com ## added by CiD
127.0.0.1 [i]ww/iw.winantispyware.com ## added by CiD
127.0.0.1 [i]ww/iw.winantivirus.com ## added by CiD
127.0.0.1 [i]ww/iw.winantiviruspro.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivecleaner.com ## added by CiD
127.0.0.1 [i]ww/iw.windrivesafe.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer.com ## added by CiD
127.0.0.1 [i]ww/iw.winfixer2006.com ## added by CiD
127.0.0.1 [i]ww/iw.winsoftware.com ## added by CiD
-> 72 [ 70 ## added by CiD ]
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 09:26:59
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
--------------------\\ Cracks & Keygens ..
C:\DOKUME~1\HEINRI~1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\sus2_deb@hotmail.fr\Sharing Folders\sadmsn@hotmail.fr\Insaniquarium Deluxe Game - PopCap - Full+crack
[F:3725][D:544]-> C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp
[F:1408][D:0]-> C:\DOKUME~1\HEINRI~1\Cookies
[F:11228][D:42]-> C:\DOKUME~1\HEINRI~1\LOKALE~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 23/04/2009| 9:29 - Option : [1]
--------------------\\ Fin du rapport a 9:29:34
Logfile of random's system information tool 1.06 (written by random/random)
Run by Heinrich Grimminger at 2009-04-23 09:32:24
Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (6%) free of 174 GB
Total RAM: 2047 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:32:26, on 23/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\Heinrich Grimminger\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Heinrich Grimminger.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA3501D8-B4BF-41D9-9BCA-8A349A0CC421}: NameServer = 195.50.140.114 195.50.140.252
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
Run by Heinrich Grimminger at 2009-04-23 09:32:24
Microsoft Windows XP Professional Service Pack 3
System drive C: has 10 GB (6%) free of 174 GB
Total RAM: 2047 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:32:26, on 23/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Dokumente und Einstellungen\Heinrich Grimminger\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Heinrich Grimminger.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA3501D8-B4BF-41D9-9BCA-8A349A0CC421}: NameServer = 195.50.140.114 195.50.140.252
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programme\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programme\Spyware Doctor\pctsSvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
en parcourant ce forum, j ai vu que certains conseillaient ccleaner, je l ai telechargé et lancé pour nettoyer la base de registre, j´ai egalement relancé malwarebytes qui detectait de nouveau des fichiers infectés...
ces 2 là me disent qu´il n´y plus rien à supprimer (c´est déjà ca!) et j´attends le prochain plantage pour voir si ca change quelque chose...
ces 2 là me disent qu´il n´y plus rien à supprimer (c´est déjà ca!) et j´attends le prochain plantage pour voir si ca change quelque chose...
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
23 avril 2009 à 12:33
23 avril 2009 à 12:33
tu as un message d'erreur?
_____________
Télécharge et installe UsbFix de C_XX & Chiquitine29
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir</gras>
# Double clic sur le raccourci UsbFix présent sur ton bureau .
# Choisi l option 1 ( Recherche )
# Laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaitra.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
_____________
Télécharge et installe UsbFix de C_XX & Chiquitine29
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir</gras>
# Double clic sur le raccourci UsbFix présent sur ton bureau .
# Choisi l option 1 ( Recherche )
# Laisse travailler l outil.
# Ensuite post le rapport UsbFix.txt qui apparaitra.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
non :(
aucun message d erreur...
du coup j ai continué a desinstaller un max de trucs avec revo, relancé ccleaner suite à ca, renettoyer la base de registre,
donc voici le nouveau rapport rsit :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Heinrich Grimminger at 2009-04-23 14:02:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (6%) free of 174 GB
Total RAM: 2047 MB (82% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:31, on 23/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Heinrich Grimminger\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Heinrich Grimminger.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
aucun message d erreur...
du coup j ai continué a desinstaller un max de trucs avec revo, relancé ccleaner suite à ca, renettoyer la base de registre,
donc voici le nouveau rapport rsit :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Heinrich Grimminger at 2009-04-23 14:02:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (6%) free of 174 GB
Total RAM: 2047 MB (82% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:02:31, on 23/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Heinrich Grimminger\Desktop\RSIT.exe
C:\Programme\Trend Micro\HijackThis\Heinrich Grimminger.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
voila ! c´est fait
mais je n´ai rien branché de plus... il n y a que ma souris qui soit branchée sur le port usb (avant il y avait mon tel portable, depuis il a rendu l âme, et je n´ai pas de clé usb)
############################## [ UsbFix V3.011 ]
# User : Heinrich Grimminger (Administratoren) # HEINRICH
# Update on 23/04/09 by C_XX & Chiquitine29
# Start at: 14:10:56 | 23/04/2009
# Intel(R) Pentium(R) D CPU 2.66GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# FW : Norton Internet Worm Protection[ (!) Disabled ]2006
# C:\ # Lokale Festplatte # 170,31 Go (10,31 Go free) # NTFS
# E:\ # CD
# F:\ # CD
# G:\ # Wechseldatenträger
# H:\ # Wechseldatenträger
# I:\ # Wechseldatenträger
# J:\ # Wechseldatenträger
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Heinrich Grimminger"
HKLM_logon: "AltDefaultUserName"="Heinrich Grimminger"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: High Definition Audio Property Page Shortcut=HDAShCut.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
################## [ Informations ]
# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# -> ( Value | Good = 0x0 Bad = 0x1 )
# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
################## [ Fichiers # Dossiers infectieux ]
Found ! C:\recycler\S-1-5-21-3871476309-2915037576-3965653451-1005\Dc85\UNWISE.EXE
Found ! C:\recycler\S-1-5-21-3871476309-2915037576-3965653451-1005\Dc86\UNWISE.EXE
################## [ Registre # Clés Run infectieuses ]
################## [ Registre # Mountpoints2 ]
# -> Not Found !
################## [ ! Fin du rapport # UsbFix V3.011 ! ]
mais je n´ai rien branché de plus... il n y a que ma souris qui soit branchée sur le port usb (avant il y avait mon tel portable, depuis il a rendu l âme, et je n´ai pas de clé usb)
############################## [ UsbFix V3.011 ]
# User : Heinrich Grimminger (Administratoren) # HEINRICH
# Update on 23/04/09 by C_XX & Chiquitine29
# Start at: 14:10:56 | 23/04/2009
# Intel(R) Pentium(R) D CPU 2.66GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Disabled
# FW : Norton Internet Worm Protection[ (!) Disabled ]2006
# C:\ # Lokale Festplatte # 170,31 Go (10,31 Go free) # NTFS
# E:\ # CD
# F:\ # CD
# G:\ # Wechseldatenträger
# H:\ # Wechseldatenträger
# I:\ # Wechseldatenträger
# J:\ # Wechseldatenträger
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Heinrich Grimminger"
HKLM_logon: "AltDefaultUserName"="Heinrich Grimminger"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: High Definition Audio Property Page Shortcut=HDAShCut.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
################## [ Informations ]
# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# -> ( Value | Good = 0x0 Bad = 0x1 )
# HKCU\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKCU\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegedit" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableRegistryTools" = (0x0)
# HKLM\SOFTWARE\...\Policies\System "DisableTaskMgr" = (0x0)
################## [ Fichiers # Dossiers infectieux ]
Found ! C:\recycler\S-1-5-21-3871476309-2915037576-3965653451-1005\Dc85\UNWISE.EXE
Found ! C:\recycler\S-1-5-21-3871476309-2915037576-3965653451-1005\Dc86\UNWISE.EXE
################## [ Registre # Clés Run infectieuses ]
################## [ Registre # Mountpoints2 ]
# -> Not Found !
################## [ ! Fin du rapport # UsbFix V3.011 ! ]
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
23 avril 2009 à 14:25
23 avril 2009 à 14:25
fais l'option 2 et mets le rapport
_____________
ton antivirus trouve des inections?
___________________
regarde la temperature du pc: avec seedfan pour voir
https://www.01net.com/telecharger/windows/Utilitaire/optimiseurs_et_tests/fiches/25436.html
si elevée nettoie les ventilo
___________________
teste ta memoire vive:
http://www.world-informatique.com/pasapas/faq/voir.html?qid=48
_____________
ton antivirus trouve des inections?
___________________
regarde la temperature du pc: avec seedfan pour voir
https://www.01net.com/telecharger/windows/Utilitaire/optimiseurs_et_tests/fiches/25436.html
si elevée nettoie les ventilo
___________________
teste ta memoire vive:
http://www.world-informatique.com/pasapas/faq/voir.html?qid=48
Ok !
alors speedfan me detecte 5 temperatures, Ambient, Remote 1, Remote 2, Hdd0, Hdd 1 qui tournent toutes autour de 35° (pour l´instant)
par contre memtest me parait bien compliqué !! e vais tacher de trouver une disquette, et surtout un lecteur de disquette (parce que graver un cd, je ne sais pas comment on fait)
reste la question de mon antivirus, c´est simple je n en ai plus, j ai désinstallé tout ce qui n´était pas absolument nécessaire (me reste par contre Windows live messenger qui ne veut pas partir)
as tu vu mon message plus haut concernant ce nouveau matériel détecté, est ce que ca peu avoir un rapport avec mes soucis ?
voici le rapport d´usbfix après avoir tapé l´option 2
############################## [ UsbFix V3.011 ]
# User : Heinrich Grimminger (Administratoren) # HEINRICH
# Update on 23/04/09 by C_XX & Chiquitine29
# Start at: 16:25:17 | 23/04/2009
# Intel(R) Pentium(R) D CPU 2.66GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# FW : Norton Internet Worm Protection[ (!) Disabled ]2006
# C:\ # Lokale Festplatte # 170,31 Go (10,31 Go free) # NTFS
# E:\ # CD
# F:\ # CD
# G:\ # Wechseldatenträger
# H:\ # Wechseldatenträger
# I:\ # Wechseldatenträger
# J:\ # Wechseldatenträger
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Fichiers # Dossiers infectieux ]
################## [ Registre # Clés Run infectieuses ]
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"=""
HKLM_logon: "AltDefaultUserName"="Heinrich Grimminger"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: High Definition Audio Property Page Shortcut=HDAShCut.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
################## [ Registre # Mountpoints2 ]
# -> Not Found !
################## [ Listing des fichiers présent ]
C:\AUTOEXEC.BAT
C:\NTDETECT.COM
C:\boot.ini
C:\autorun.inf
################## [ Vaccination ]
# C:\autorun.inf -> Folder created by UsbFix.
################## [ ! Fin du rapport # UsbFix V3.011 ! ]
alors speedfan me detecte 5 temperatures, Ambient, Remote 1, Remote 2, Hdd0, Hdd 1 qui tournent toutes autour de 35° (pour l´instant)
par contre memtest me parait bien compliqué !! e vais tacher de trouver une disquette, et surtout un lecteur de disquette (parce que graver un cd, je ne sais pas comment on fait)
reste la question de mon antivirus, c´est simple je n en ai plus, j ai désinstallé tout ce qui n´était pas absolument nécessaire (me reste par contre Windows live messenger qui ne veut pas partir)
as tu vu mon message plus haut concernant ce nouveau matériel détecté, est ce que ca peu avoir un rapport avec mes soucis ?
voici le rapport d´usbfix après avoir tapé l´option 2
############################## [ UsbFix V3.011 ]
# User : Heinrich Grimminger (Administratoren) # HEINRICH
# Update on 23/04/09 by C_XX & Chiquitine29
# Start at: 16:25:17 | 23/04/2009
# Intel(R) Pentium(R) D CPU 2.66GHz
# Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 7.0.5730.13
# Windows Firewall Status : Enabled
# FW : Norton Internet Worm Protection[ (!) Disabled ]2006
# C:\ # Lokale Festplatte # 170,31 Go (10,31 Go free) # NTFS
# E:\ # CD
# F:\ # CD
# G:\ # Wechseldatenträger
# H:\ # Wechseldatenträger
# I:\ # Wechseldatenträger
# J:\ # Wechseldatenträger
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
################## [ Fichiers # Dossiers infectieux ]
################## [ Registre # Clés Run infectieuses ]
################## [ Registre # Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="https://www.google.com/?gws_rd=ssl"
HKCU_Main: "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
HKCU_Main: "Window Title"=""
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"=""
HKLM_logon: "AltDefaultUserName"="Heinrich Grimminger"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: High Definition Audio Property Page Shortcut=HDAShCut.exe
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater=
################## [ Registre # Mountpoints2 ]
# -> Not Found !
################## [ Listing des fichiers présent ]
C:\AUTOEXEC.BAT
C:\NTDETECT.COM
C:\boot.ini
C:\autorun.inf
################## [ Vaccination ]
# C:\autorun.inf -> Folder created by UsbFix.
################## [ ! Fin du rapport # UsbFix V3.011 ! ]
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
23 avril 2009 à 17:06
23 avril 2009 à 17:06
au fait refais lopsd option 2 et colle le rapport
et vire ce crack
C:\DOKUME~1\HEINRI~1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\sus2_deb@hotmail.fr\Sharing Folders\sadmsn@hotmail.fr\Insaniquarium Deluxe Game - PopCap - Full+crack
puis teste la memoire vive et dis si encore des soucis
au fait ton antivirus a trouvé des infections?
et vire ce crack
C:\DOKUME~1\HEINRI~1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\sus2_deb@hotmail.fr\Sharing Folders\sadmsn@hotmail.fr\Insaniquarium Deluxe Game - PopCap - Full+crack
puis teste la memoire vive et dis si encore des soucis
au fait ton antivirus a trouvé des infections?
heu c´est a partir de combien qu´il faut s´affoler pour la temperature ?
parce qu en fait ca grimpe, je suis a 45° pour les 2 HDD (nb je savais meme pas que j avais 2 disques durs !!), speedfan me les met en rouge
j´ai vu que sur ce logiciel je pouvais changer la vitesse des ventilos, j ai tout coché sur automatique, depuis ils sont a 100 %
pourtant j´ai deja essayé d´enlever un max de poussière...
parce qu en fait ca grimpe, je suis a 45° pour les 2 HDD (nb je savais meme pas que j avais 2 disques durs !!), speedfan me les met en rouge
j´ai vu que sur ce logiciel je pouvais changer la vitesse des ventilos, j ai tout coché sur automatique, depuis ils sont a 100 %
pourtant j´ai deja essayé d´enlever un max de poussière...
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
23 avril 2009 à 17:34
23 avril 2009 à 17:34
fais le message 16
quelques news !
j ai pas encore trouvé de lecteur de disquettes (mais c´est en cours dans la semaine je devrais en récupérer un)
pour le reste, j avais plus d antivirus (j avais desinstallé tout ce qui n est pas absolument essentiel), et impossible de remettre avira, j´ai attaque la base de registre à la main pour rechercher d eventuelles traces, et effectivement avira a bien voulu s installer
Starting master boot sector scan:
Master boot sector HD1
[DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
[WARNING] The boot sector cannot be repaired! You can find more information in the help
installation de doctor web :
Backdoor Maosboot indiqué comme éradiqué mais réapparait à chaque scan
re-scan avec avira :
Master boot sector HD1
[DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
[WARNING] The boot sector cannot be repaired! You can find more information in the help
kvitheme.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Dokumente und Einstellungen\Heinrich Grimminger\DoctorWeb\Quarantine\
1B1.tmp
[DETECTION] Contains recognition pattern of the RKIT/MBR.Sinowal root kit
A0284366.dll
[DETECTION] Contains recognition pattern of the ADSPY/Shareaza adware or spyware
re-scan avec doctor web, il retrouve sinowal.A, aucun changement
re-scan avira
Master boot sector HD1
[DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
[WARNING] The boot sector cannot be repaired! You can find more information in the help
C:\System Volume Information\_restore{0F07B807-AA9C-4F37-970A-99D31EBAF277}\RP414\A0284362.dll
[DETECTION] Contains recognition pattern of the SPR/Spy.M program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{0F07B807-AA9C-4F37-970A-99D31EBAF277}\RP416\A0292513.exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was deleted!
C:\System Volume Information\_restore{0F07B807-AA9C-4F37-970A-99D31EBAF277}\RP416\A0293928.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
telechargement de gmer, j´ai rien compris au log, je crois qu il a rien trouvé (??)
je suis pas sure de m´en sortir...
j ai pas encore trouvé de lecteur de disquettes (mais c´est en cours dans la semaine je devrais en récupérer un)
pour le reste, j avais plus d antivirus (j avais desinstallé tout ce qui n est pas absolument essentiel), et impossible de remettre avira, j´ai attaque la base de registre à la main pour rechercher d eventuelles traces, et effectivement avira a bien voulu s installer
Starting master boot sector scan:
Master boot sector HD1
[DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
[WARNING] The boot sector cannot be repaired! You can find more information in the help
installation de doctor web :
Backdoor Maosboot indiqué comme éradiqué mais réapparait à chaque scan
re-scan avec avira :
Master boot sector HD1
[DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
[WARNING] The boot sector cannot be repaired! You can find more information in the help
kvitheme.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Dokumente und Einstellungen\Heinrich Grimminger\DoctorWeb\Quarantine\
1B1.tmp
[DETECTION] Contains recognition pattern of the RKIT/MBR.Sinowal root kit
A0284366.dll
[DETECTION] Contains recognition pattern of the ADSPY/Shareaza adware or spyware
re-scan avec doctor web, il retrouve sinowal.A, aucun changement
re-scan avira
Master boot sector HD1
[DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
[WARNING] The boot sector cannot be repaired! You can find more information in the help
C:\System Volume Information\_restore{0F07B807-AA9C-4F37-970A-99D31EBAF277}\RP414\A0284362.dll
[DETECTION] Contains recognition pattern of the SPR/Spy.M program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{0F07B807-AA9C-4F37-970A-99D31EBAF277}\RP416\A0292513.exe
[DETECTION] Contains recognition pattern of the GAME/Dldr.TryMedia.Gen game
[NOTE] The file was deleted!
C:\System Volume Information\_restore{0F07B807-AA9C-4F37-970A-99D31EBAF277}\RP416\A0293928.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!
telechargement de gmer, j´ai rien compris au log, je crois qu il a rien trouvé (??)
je suis pas sure de m´en sortir...
avec tout ca j avais oublié le rapport de lop S&D (option 2) !
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
BIOS : Default System BIOS
USER : Heinrich Grimminger ( Administrator )
BOOT : Normal boot
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
C:\ (Local Disk) - NTFS - Total:170 Go (Free:10 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 23/04/2009|17:34 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOKUME~1\ALLUSE~1\ANWEND~1\Cast ping base frag\poke manager.exe
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsa2B.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsc70.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nscopy.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsh139.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsh7D.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsi1F.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISGSearchCheck.dll
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISPromotion.dll
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISPromotion.ini
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nskE.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-1.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-10.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-11.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-2.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-3.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-4.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-5.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-6.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-7.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-8.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-9.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail.eml
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nso85.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsoB.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsq1147.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsq8E.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsr7CF.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsr91.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\Nss.exe
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst14.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst17.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst7A.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsu8.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsv13E.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx145.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx5.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx6D.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx82.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsy8B.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsz104.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\stadistic.log
Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@advertstream[2].txt
Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@adin.bigpoint[1].txt
Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@bigpoint[1].txt
Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@de.gladiatoren2.bigpoint[1].txt
Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@glorykings.bigpoint[1].txt
Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@adopt.euroclick[1].txt
Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@888[1].txt
Supprime! - C:\DOKUME~1\ALLUSE~1\ANWEND~1\Cast ping base frag
Supprime! - C:\Programme\Adverts
Supprime! - C:\Programme\Circle Developement
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans ANWEND~1
[18/07/2007|14:15] C:\DOKUME~1\ADMINI~1\ANWEND~1\AOL
[18/10/2008|08:24] C:\DOKUME~1\ADMINI~1\ANWEND~1\ATI
[03/03/2006|21:34] C:\DOKUME~1\ADMINI~1\ANWEND~1\Identities
[05/03/2006|11:49] C:\DOKUME~1\ADMINI~1\ANWEND~1\Microsoft
[05/03/2006|17:02] C:\DOKUME~1\ADMINI~1\ANWEND~1\You've Got Pictures Screensaver
[0|Datei(en)] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes
[7|Verzeichnis(se),] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes frei
[22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[22/04/2009|20:41] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Adobe
[22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic
[18/07/2007|14:15] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AOL
[29/01/2009|01:11] C:\DOKUME~1\ALLUSE~1\ANWEND~1\FLEXnet
[22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Google
[05/03/2006|18:03] C:\DOKUME~1\ALLUSE~1\ANWEND~1\InstallShield
[22/04/2009|22:36] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Malwarebytes
[22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Messenger Plus!
[22/04/2009|10:20] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Microsoft
[14/03/2006|13:35] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle
[10/03/2009|22:46] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle VideoSpin
[23/04/2009|13:06] C:\DOKUME~1\ALLUSE~1\ANWEND~1\QuickTime
[31/03/2006|07:49] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Sonic
[14/02/2008|23:06] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Symantec
[22/04/2009|10:08] C:\DOKUME~1\ALLUSE~1\ANWEND~1\TEMP
[21/07/2007|23:10] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Trymedia
[10/03/2009|22:43] C:\DOKUME~1\ALLUSE~1\ANWEND~1\VideoSpin
[05/03/2006|11:49] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage
[17/03/2006|12:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\X10 Settings
[0|Datei(en)] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes
[22|Verzeichnis(se),] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes frei
[18/07/2007|14:15] C:\DOKUME~1\DEFAUL~1\ANWEND~1\AOL
[18/10/2008|08:24] C:\DOKUME~1\DEFAUL~1\ANWEND~1\ATI
[03/03/2006|21:34] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Identities
[07/08/2008|04:32] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Macromedia
[05/03/2006|11:49] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Microsoft
[05/03/2006|17:02] C:\DOKUME~1\DEFAUL~1\ANWEND~1\You've Got Pictures Screensaver
[0|Datei(en)] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes
[8|Verzeichnis(se),] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes frei
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Adobe
[27/05/2008|20:15] C:\DOKUME~1\HEINRI~1\ANWEND~1\AdobeUM
[06/09/2008|21:39] C:\DOKUME~1\HEINRI~1\ANWEND~1\Anuman Interactive
[18/07/2007|14:15] C:\DOKUME~1\HEINRI~1\ANWEND~1\AOL
[18/10/2008|08:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\ATI
[30/01/2009|18:54] C:\DOKUME~1\HEINRI~1\ANWEND~1\com.adobe.ExMan
[18/07/2007|19:55] C:\DOKUME~1\HEINRI~1\ANWEND~1\ConvertTemp
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\CoreFTP
[20/07/2007|21:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\DivX
[01/02/2009|14:56] C:\DOKUME~1\HEINRI~1\ANWEND~1\Download Manager
[23/04/2009|12:25] C:\DOKUME~1\HEINRI~1\ANWEND~1\Folding@home-x86
[15/07/2007|18:30] C:\DOKUME~1\HEINRI~1\ANWEND~1\Google
[07/04/2009|00:17] C:\DOKUME~1\HEINRI~1\ANWEND~1\gtk-2.0
[25/07/2007|08:12] C:\DOKUME~1\HEINRI~1\ANWEND~1\Help
[06/08/2007|10:26] C:\DOKUME~1\HEINRI~1\ANWEND~1\ICQ Toolbar
[03/03/2006|21:34] C:\DOKUME~1\HEINRI~1\ANWEND~1\Identities
[20/07/2007|16:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\InstallShield
[26/05/2006|13:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Leadertech
[26/08/2008|18:22] C:\DOKUME~1\HEINRI~1\ANWEND~1\Lexmark Productivity Studio
[01/04/2009|11:08] C:\DOKUME~1\HEINRI~1\ANWEND~1\Macromedia
[22/04/2009|22:36] C:\DOKUME~1\HEINRI~1\ANWEND~1\Malwarebytes
[11/10/2008|19:27] C:\DOKUME~1\HEINRI~1\ANWEND~1\Microsoft
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Mozilla
[23/04/2009|13:00] C:\DOKUME~1\HEINRI~1\ANWEND~1\MSNInstaller
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Notepad++
[19/05/2008|20:16] C:\DOKUME~1\HEINRI~1\ANWEND~1\Online Barb 01
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\PC Tools
[24/07/2007|22:02] C:\DOKUME~1\HEINRI~1\ANWEND~1\Qualcomm
[23/04/2009|13:12] C:\DOKUME~1\HEINRI~1\ANWEND~1\Real
[18/07/2007|19:50] C:\DOKUME~1\HEINRI~1\ANWEND~1\Samsung
[23/04/2009|13:27] C:\DOKUME~1\HEINRI~1\ANWEND~1\Shareaza
[26/05/2006|13:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Sonic
[10/08/2007|08:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\Sun
[18/07/2007|13:43] C:\DOKUME~1\HEINRI~1\ANWEND~1\Talkback
[22/08/2007|22:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Temporary
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Thunderbird
[29/07/2007|14:13] C:\DOKUME~1\HEINRI~1\ANWEND~1\TransRender
[11/11/2008|00:58] C:\DOKUME~1\HEINRI~1\ANWEND~1\Tsarevna
[16/07/2007|00:36] C:\DOKUME~1\HEINRI~1\ANWEND~1\vlc
[21/09/2008|10:42] C:\DOKUME~1\HEINRI~1\ANWEND~1\Win Novation
[21/08/2007|21:45] C:\DOKUME~1\HEINRI~1\ANWEND~1\WinRAR
[11/08/2007|22:14] C:\DOKUME~1\HEINRI~1\ANWEND~1\X-Chat 2
[05/03/2006|17:02] C:\DOKUME~1\HEINRI~1\ANWEND~1\You've Got Pictures Screensaver
[0|Datei(en)] C:\DOKUME~1\HEINRI~1\ANWEND~1\Bytes
[45|Verzeichnis(se),] C:\DOKUME~1\HEINRI~1\ANWEND~1\Bytes frei
[18/07/2007|15:04] C:\DOKUME~1\LOCALS~1\ANWEND~1\DivX
[03/03/2006|21:28] C:\DOKUME~1\LOCALS~1\ANWEND~1\Microsoft
[15/03/2006|15:25] C:\DOKUME~1\LOCALS~1\ANWEND~1\X10 Commander
[0|Datei(en)] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes
[5|Verzeichnis(se),] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes frei
[03/03/2006|21:33] C:\DOKUME~1\NETWOR~1\ANWEND~1\Microsoft
[0|Datei(en)] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes
[3|Verzeichnis(se),] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes frei
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[21/04/2009 12:37][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[23/04/2009 16:23][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Programme
[01/04/2009|11:09] C:\Programme\Adobe
[22/04/2009|18:01] C:\Programme\AgentWebRanking PRO
[22/04/2009|18:01] C:\Programme\AntiVir PersonalEdition Classic
[14/03/2006|13:44] C:\Programme\ATI Technologies
[24/05/2008|10:25] C:\Programme\BOINC
[23/04/2009|12:19] C:\Programme\CacheMot
[23/04/2009|10:55] C:\Programme\CCleaner
[15/03/2006|15:22] C:\Programme\Common Files
[22/04/2009|18:00] C:\Programme\CoreFTP
[17/07/2007|14:20] C:\Programme\CTV PROD
[23/04/2009|12:26] C:\Programme\denouvel
[14/03/2006|13:35] C:\Programme\DIFX
[22/04/2009|18:00] C:\Programme\EasyPHP 3.0
[22/04/2009|20:53] C:\Programme\eMule
[22/04/2009|18:01] C:\Programme\EtiketaGoGo
[25/07/2007|08:33] C:\Programme\FoxMail
[23/04/2009|13:52] C:\Programme\Gemeinsame Dateien
[21/07/2007|23:11] C:\Programme\Global Star Software
[23/04/2009|12:45] C:\Programme\Google
[23/04/2009|12:40] C:\Programme\GRETECH
[07/08/2007|13:31] C:\Programme\ICQToolbar
[23/04/2009|13:57] C:\Programme\InstallShield Installation Information
[22/04/2009|18:01] C:\Programme\Internet Explorer
[31/03/2009|21:13] C:\Programme\Java
[23/04/2009|12:49] C:\Programme\Maido Production
[22/04/2009|22:36] C:\Programme\Malwarebytes' Anti-Malware
[30/09/2008|01:09] C:\Programme\Messenger
[22/04/2009|18:01] C:\Programme\Messenger Plus! Live
[03/03/2006|21:29] C:\Programme\microsoft frontpage
[23/04/2009|12:51] C:\Programme\Mio Technology
[30/09/2008|01:03] C:\Programme\Movie Maker
[23/04/2009|16:26] C:\Programme\Mozilla Firefox
[23/04/2009|13:00] C:\Programme\MSN
[03/03/2006|21:20] C:\Programme\MSN Gaming Zone
[22/04/2009|21:05] C:\Programme\MSN Messenger
[19/07/2007|03:00] C:\Programme\MSXML 4.0
[30/09/2008|00:59] C:\Programme\NetMeeting
[20/08/2008|13:09] C:\Programme\Neuer Ordner
[22/04/2009|18:01] C:\Programme\Notepad++
[13/02/2008|23:42] C:\Programme\Online Barb 01
[03/03/2006|21:23] C:\Programme\Online Services
[20/05/2008|21:55] C:\Programme\Online-Dienste
[23/04/2009|12:44] C:\Programme\Ord-ixSofts
[30/09/2008|00:59] C:\Programme\Outlook Express
[10/03/2009|22:43] C:\Programme\Pinnacle
[24/07/2007|20:51] C:\Programme\Qualcomm
[22/04/2009|18:01] C:\Programme\QuickTime
[05/03/2006|17:01] C:\Programme\Real
[23/04/2009|13:09] C:\Programme\Roxio
[23/04/2009|13:50] C:\Programme\Samsung
[24/05/2008|10:29] C:\Programme\Shareaza Applications
[26/08/2008|22:53] C:\Programme\SodeaSoft
[23/04/2009|13:14] C:\Programme\Sonic
[23/04/2009|17:25] C:\Programme\SpeedFan
[23/04/2009|13:34] C:\Programme\SupervisionCam
[23/04/2009|13:02] C:\Programme\Transsoft Games
[07/09/2008|12:29] C:\Programme\Trend Micro
[06/12/2007|23:20] C:\Programme\Uninstall Information
[15/07/2007|23:31] C:\Programme\VideoLAN
[21/04/2009|10:46] C:\Programme\VS Revo Group
[22/04/2009|18:01] C:\Programme\Windows Live
[05/03/2006|18:18] C:\Programme\Windows Media Connect 2
[15/08/2007|03:00] C:\Programme\Windows Media Player
[30/09/2008|00:59] C:\Programme\Windows NT
[03/03/2006|21:23] C:\Programme\Windows Plus
[22/04/2009|18:01] C:\Programme\WinHTTrack
[21/08/2007|21:45] C:\Programme\WinRAR
[15/03/2006|15:22] C:\Programme\X10 Hardware
[08/11/2008|22:46] C:\Programme\xchat
[22/04/2009|18:01] C:\Programme\Xenu
[03/03/2006|21:29] C:\Programme\xerox
[0|Datei(en)] C:\Programme\Bytes
[73|Verzeichnis(se),] C:\Programme\Bytes frei
--------------------\\ Listing des dossiers dans C:\Programme\Gemeinsame Dateien
[01/04/2009|11:01] C:\Programme\Gemeinsame Dateien\Adobe
[18/07/2007|16:11] C:\Programme\Gemeinsame Dateien\aol
[03/03/2006|21:26] C:\Programme\Gemeinsame Dateien\Dienste
[22/04/2009|18:01] C:\Programme\Gemeinsame Dateien\fun communications
[23/04/2009|13:50] C:\Programme\Gemeinsame Dateien\InstallShield
[10/08/2007|08:19] C:\Programme\Gemeinsame Dateien\Java
[20/01/2009|22:12] C:\Programme\Gemeinsame Dateien\Microsoft Shared
[03/03/2006|21:26] C:\Programme\Gemeinsame Dateien\MSSoap
[05/03/2006|17:01] C:\Programme\Gemeinsame Dateien\Nullsoft
[23/04/2009|13:13] C:\Programme\Gemeinsame Dateien\Real
[23/04/2009|13:07] C:\Programme\Gemeinsame Dateien\Roxio Shared
[03/03/2006|21:15] C:\Programme\Gemeinsame Dateien\SpeechEngines
[22/04/2009|18:01] C:\Programme\Gemeinsame Dateien\Symantec Shared
[30/09/2008|00:59] C:\Programme\Gemeinsame Dateien\System
[10/03/2009|22:43] C:\Programme\Gemeinsame Dateien\Yahoo!
[0|Datei(en)] C:\Programme\Gemeinsame Dateien\Bytes
[17|Verzeichnis(se),] C:\Programme\Gemeinsame Dateien\Bytes frei
--------------------\\ Process
( 28 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nss3B.tmp
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 17:36:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:3596][D:419]-> C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp
[F:1401][D:0]-> C:\DOKUME~1\HEINRI~1\Cookies
[F:11228][D:42]-> C:\DOKUME~1\HEINRI~1\LOKALE~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 23/04/2009| 9:29 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 23/04/2009|17:37 - Option : [2]
--------------------\\ Fin du rapport a 17:37:59
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) D CPU 2.66GHz )
BIOS : Default System BIOS
USER : Heinrich Grimminger ( Administrator )
BOOT : Normal boot
Firewall : Norton Internet Worm Protection 2006 (Not Activated)
C:\ (Local Disk) - NTFS - Total:170 Go (Free:10 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 23/04/2009|17:34 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOKUME~1\ALLUSE~1\ANWEND~1\Cast ping base frag\poke manager.exe
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsa2B.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsc70.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nscopy.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsh139.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsh7D.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsi1F.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISGSearchCheck.dll
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISPromotion.dll
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\NSISPromotion.ini
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nskE.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-1.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-10.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-11.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-2.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-3.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-4.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-5.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-6.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-7.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-8.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail-9.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail.eml
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsmail.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nso85.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsoB.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsq1147.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsq8E.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsr7CF.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsr91.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\Nss.exe
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst14.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst17.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nst7A.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsu8.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsv13E.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx145.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx5.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx6D.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsx82.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsy8B.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nsz104.tmp
Supprime! - C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\stadistic.log
Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@advertstream[2].txt
Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@adin.bigpoint[1].txt
Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@bigpoint[1].txt
Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@de.gladiatoren2.bigpoint[1].txt
Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@glorykings.bigpoint[1].txt
Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@adopt.euroclick[1].txt
Supprime! - C:\DOKUME~1\HEINRI~1\Cookies\heinrich_grimminger@888[1].txt
Supprime! - C:\DOKUME~1\ALLUSE~1\ANWEND~1\Cast ping base frag
Supprime! - C:\Programme\Adverts
Supprime! - C:\Programme\Circle Developement
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans ANWEND~1
[18/07/2007|14:15] C:\DOKUME~1\ADMINI~1\ANWEND~1\AOL
[18/10/2008|08:24] C:\DOKUME~1\ADMINI~1\ANWEND~1\ATI
[03/03/2006|21:34] C:\DOKUME~1\ADMINI~1\ANWEND~1\Identities
[05/03/2006|11:49] C:\DOKUME~1\ADMINI~1\ANWEND~1\Microsoft
[05/03/2006|17:02] C:\DOKUME~1\ADMINI~1\ANWEND~1\You've Got Pictures Screensaver
[0|Datei(en)] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes
[7|Verzeichnis(se),] C:\DOKUME~1\ADMINI~1\ANWEND~1\Bytes frei
[22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[22/04/2009|20:41] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Adobe
[22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AntiVir PersonalEdition Classic
[18/07/2007|14:15] C:\DOKUME~1\ALLUSE~1\ANWEND~1\AOL
[29/01/2009|01:11] C:\DOKUME~1\ALLUSE~1\ANWEND~1\FLEXnet
[22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Google
[05/03/2006|18:03] C:\DOKUME~1\ALLUSE~1\ANWEND~1\InstallShield
[22/04/2009|22:36] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Malwarebytes
[22/04/2009|18:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Messenger Plus!
[22/04/2009|10:20] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Microsoft
[14/03/2006|13:35] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle
[10/03/2009|22:46] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Pinnacle VideoSpin
[23/04/2009|13:06] C:\DOKUME~1\ALLUSE~1\ANWEND~1\QuickTime
[31/03/2006|07:49] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Sonic
[14/02/2008|23:06] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Symantec
[22/04/2009|10:08] C:\DOKUME~1\ALLUSE~1\ANWEND~1\TEMP
[21/07/2007|23:10] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Trymedia
[10/03/2009|22:43] C:\DOKUME~1\ALLUSE~1\ANWEND~1\VideoSpin
[05/03/2006|11:49] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Windows Genuine Advantage
[17/03/2006|12:01] C:\DOKUME~1\ALLUSE~1\ANWEND~1\X10 Settings
[0|Datei(en)] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes
[22|Verzeichnis(se),] C:\DOKUME~1\ALLUSE~1\ANWEND~1\Bytes frei
[18/07/2007|14:15] C:\DOKUME~1\DEFAUL~1\ANWEND~1\AOL
[18/10/2008|08:24] C:\DOKUME~1\DEFAUL~1\ANWEND~1\ATI
[03/03/2006|21:34] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Identities
[07/08/2008|04:32] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Macromedia
[05/03/2006|11:49] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Microsoft
[05/03/2006|17:02] C:\DOKUME~1\DEFAUL~1\ANWEND~1\You've Got Pictures Screensaver
[0|Datei(en)] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes
[8|Verzeichnis(se),] C:\DOKUME~1\DEFAUL~1\ANWEND~1\Bytes frei
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Adobe
[27/05/2008|20:15] C:\DOKUME~1\HEINRI~1\ANWEND~1\AdobeUM
[06/09/2008|21:39] C:\DOKUME~1\HEINRI~1\ANWEND~1\Anuman Interactive
[18/07/2007|14:15] C:\DOKUME~1\HEINRI~1\ANWEND~1\AOL
[18/10/2008|08:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\ATI
[30/01/2009|18:54] C:\DOKUME~1\HEINRI~1\ANWEND~1\com.adobe.ExMan
[18/07/2007|19:55] C:\DOKUME~1\HEINRI~1\ANWEND~1\ConvertTemp
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\CoreFTP
[20/07/2007|21:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\DivX
[01/02/2009|14:56] C:\DOKUME~1\HEINRI~1\ANWEND~1\Download Manager
[23/04/2009|12:25] C:\DOKUME~1\HEINRI~1\ANWEND~1\Folding@home-x86
[15/07/2007|18:30] C:\DOKUME~1\HEINRI~1\ANWEND~1\Google
[07/04/2009|00:17] C:\DOKUME~1\HEINRI~1\ANWEND~1\gtk-2.0
[25/07/2007|08:12] C:\DOKUME~1\HEINRI~1\ANWEND~1\Help
[06/08/2007|10:26] C:\DOKUME~1\HEINRI~1\ANWEND~1\ICQ Toolbar
[03/03/2006|21:34] C:\DOKUME~1\HEINRI~1\ANWEND~1\Identities
[20/07/2007|16:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\InstallShield
[26/05/2006|13:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Leadertech
[26/08/2008|18:22] C:\DOKUME~1\HEINRI~1\ANWEND~1\Lexmark Productivity Studio
[01/04/2009|11:08] C:\DOKUME~1\HEINRI~1\ANWEND~1\Macromedia
[22/04/2009|22:36] C:\DOKUME~1\HEINRI~1\ANWEND~1\Malwarebytes
[11/10/2008|19:27] C:\DOKUME~1\HEINRI~1\ANWEND~1\Microsoft
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Mozilla
[23/04/2009|13:00] C:\DOKUME~1\HEINRI~1\ANWEND~1\MSNInstaller
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Notepad++
[19/05/2008|20:16] C:\DOKUME~1\HEINRI~1\ANWEND~1\Online Barb 01
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\PC Tools
[24/07/2007|22:02] C:\DOKUME~1\HEINRI~1\ANWEND~1\Qualcomm
[23/04/2009|13:12] C:\DOKUME~1\HEINRI~1\ANWEND~1\Real
[18/07/2007|19:50] C:\DOKUME~1\HEINRI~1\ANWEND~1\Samsung
[23/04/2009|13:27] C:\DOKUME~1\HEINRI~1\ANWEND~1\Shareaza
[26/05/2006|13:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Sonic
[10/08/2007|08:24] C:\DOKUME~1\HEINRI~1\ANWEND~1\Sun
[18/07/2007|13:43] C:\DOKUME~1\HEINRI~1\ANWEND~1\Talkback
[22/08/2007|22:04] C:\DOKUME~1\HEINRI~1\ANWEND~1\Temporary
[22/04/2009|18:01] C:\DOKUME~1\HEINRI~1\ANWEND~1\Thunderbird
[29/07/2007|14:13] C:\DOKUME~1\HEINRI~1\ANWEND~1\TransRender
[11/11/2008|00:58] C:\DOKUME~1\HEINRI~1\ANWEND~1\Tsarevna
[16/07/2007|00:36] C:\DOKUME~1\HEINRI~1\ANWEND~1\vlc
[21/09/2008|10:42] C:\DOKUME~1\HEINRI~1\ANWEND~1\Win Novation
[21/08/2007|21:45] C:\DOKUME~1\HEINRI~1\ANWEND~1\WinRAR
[11/08/2007|22:14] C:\DOKUME~1\HEINRI~1\ANWEND~1\X-Chat 2
[05/03/2006|17:02] C:\DOKUME~1\HEINRI~1\ANWEND~1\You've Got Pictures Screensaver
[0|Datei(en)] C:\DOKUME~1\HEINRI~1\ANWEND~1\Bytes
[45|Verzeichnis(se),] C:\DOKUME~1\HEINRI~1\ANWEND~1\Bytes frei
[18/07/2007|15:04] C:\DOKUME~1\LOCALS~1\ANWEND~1\DivX
[03/03/2006|21:28] C:\DOKUME~1\LOCALS~1\ANWEND~1\Microsoft
[15/03/2006|15:25] C:\DOKUME~1\LOCALS~1\ANWEND~1\X10 Commander
[0|Datei(en)] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes
[5|Verzeichnis(se),] C:\DOKUME~1\LOCALS~1\ANWEND~1\Bytes frei
[03/03/2006|21:33] C:\DOKUME~1\NETWOR~1\ANWEND~1\Microsoft
[0|Datei(en)] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes
[3|Verzeichnis(se),] C:\DOKUME~1\NETWOR~1\ANWEND~1\Bytes frei
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[21/04/2009 12:37][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[23/04/2009 16:23][--ah-----] C:\WINDOWS\tasks\SA.DAT
[10/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Programme
[01/04/2009|11:09] C:\Programme\Adobe
[22/04/2009|18:01] C:\Programme\AgentWebRanking PRO
[22/04/2009|18:01] C:\Programme\AntiVir PersonalEdition Classic
[14/03/2006|13:44] C:\Programme\ATI Technologies
[24/05/2008|10:25] C:\Programme\BOINC
[23/04/2009|12:19] C:\Programme\CacheMot
[23/04/2009|10:55] C:\Programme\CCleaner
[15/03/2006|15:22] C:\Programme\Common Files
[22/04/2009|18:00] C:\Programme\CoreFTP
[17/07/2007|14:20] C:\Programme\CTV PROD
[23/04/2009|12:26] C:\Programme\denouvel
[14/03/2006|13:35] C:\Programme\DIFX
[22/04/2009|18:00] C:\Programme\EasyPHP 3.0
[22/04/2009|20:53] C:\Programme\eMule
[22/04/2009|18:01] C:\Programme\EtiketaGoGo
[25/07/2007|08:33] C:\Programme\FoxMail
[23/04/2009|13:52] C:\Programme\Gemeinsame Dateien
[21/07/2007|23:11] C:\Programme\Global Star Software
[23/04/2009|12:45] C:\Programme\Google
[23/04/2009|12:40] C:\Programme\GRETECH
[07/08/2007|13:31] C:\Programme\ICQToolbar
[23/04/2009|13:57] C:\Programme\InstallShield Installation Information
[22/04/2009|18:01] C:\Programme\Internet Explorer
[31/03/2009|21:13] C:\Programme\Java
[23/04/2009|12:49] C:\Programme\Maido Production
[22/04/2009|22:36] C:\Programme\Malwarebytes' Anti-Malware
[30/09/2008|01:09] C:\Programme\Messenger
[22/04/2009|18:01] C:\Programme\Messenger Plus! Live
[03/03/2006|21:29] C:\Programme\microsoft frontpage
[23/04/2009|12:51] C:\Programme\Mio Technology
[30/09/2008|01:03] C:\Programme\Movie Maker
[23/04/2009|16:26] C:\Programme\Mozilla Firefox
[23/04/2009|13:00] C:\Programme\MSN
[03/03/2006|21:20] C:\Programme\MSN Gaming Zone
[22/04/2009|21:05] C:\Programme\MSN Messenger
[19/07/2007|03:00] C:\Programme\MSXML 4.0
[30/09/2008|00:59] C:\Programme\NetMeeting
[20/08/2008|13:09] C:\Programme\Neuer Ordner
[22/04/2009|18:01] C:\Programme\Notepad++
[13/02/2008|23:42] C:\Programme\Online Barb 01
[03/03/2006|21:23] C:\Programme\Online Services
[20/05/2008|21:55] C:\Programme\Online-Dienste
[23/04/2009|12:44] C:\Programme\Ord-ixSofts
[30/09/2008|00:59] C:\Programme\Outlook Express
[10/03/2009|22:43] C:\Programme\Pinnacle
[24/07/2007|20:51] C:\Programme\Qualcomm
[22/04/2009|18:01] C:\Programme\QuickTime
[05/03/2006|17:01] C:\Programme\Real
[23/04/2009|13:09] C:\Programme\Roxio
[23/04/2009|13:50] C:\Programme\Samsung
[24/05/2008|10:29] C:\Programme\Shareaza Applications
[26/08/2008|22:53] C:\Programme\SodeaSoft
[23/04/2009|13:14] C:\Programme\Sonic
[23/04/2009|17:25] C:\Programme\SpeedFan
[23/04/2009|13:34] C:\Programme\SupervisionCam
[23/04/2009|13:02] C:\Programme\Transsoft Games
[07/09/2008|12:29] C:\Programme\Trend Micro
[06/12/2007|23:20] C:\Programme\Uninstall Information
[15/07/2007|23:31] C:\Programme\VideoLAN
[21/04/2009|10:46] C:\Programme\VS Revo Group
[22/04/2009|18:01] C:\Programme\Windows Live
[05/03/2006|18:18] C:\Programme\Windows Media Connect 2
[15/08/2007|03:00] C:\Programme\Windows Media Player
[30/09/2008|00:59] C:\Programme\Windows NT
[03/03/2006|21:23] C:\Programme\Windows Plus
[22/04/2009|18:01] C:\Programme\WinHTTrack
[21/08/2007|21:45] C:\Programme\WinRAR
[15/03/2006|15:22] C:\Programme\X10 Hardware
[08/11/2008|22:46] C:\Programme\xchat
[22/04/2009|18:01] C:\Programme\Xenu
[03/03/2006|21:29] C:\Programme\xerox
[0|Datei(en)] C:\Programme\Bytes
[73|Verzeichnis(se),] C:\Programme\Bytes frei
--------------------\\ Listing des dossiers dans C:\Programme\Gemeinsame Dateien
[01/04/2009|11:01] C:\Programme\Gemeinsame Dateien\Adobe
[18/07/2007|16:11] C:\Programme\Gemeinsame Dateien\aol
[03/03/2006|21:26] C:\Programme\Gemeinsame Dateien\Dienste
[22/04/2009|18:01] C:\Programme\Gemeinsame Dateien\fun communications
[23/04/2009|13:50] C:\Programme\Gemeinsame Dateien\InstallShield
[10/08/2007|08:19] C:\Programme\Gemeinsame Dateien\Java
[20/01/2009|22:12] C:\Programme\Gemeinsame Dateien\Microsoft Shared
[03/03/2006|21:26] C:\Programme\Gemeinsame Dateien\MSSoap
[05/03/2006|17:01] C:\Programme\Gemeinsame Dateien\Nullsoft
[23/04/2009|13:13] C:\Programme\Gemeinsame Dateien\Real
[23/04/2009|13:07] C:\Programme\Gemeinsame Dateien\Roxio Shared
[03/03/2006|21:15] C:\Programme\Gemeinsame Dateien\SpeechEngines
[22/04/2009|18:01] C:\Programme\Gemeinsame Dateien\Symantec Shared
[30/09/2008|00:59] C:\Programme\Gemeinsame Dateien\System
[10/03/2009|22:43] C:\Programme\Gemeinsame Dateien\Yahoo!
[0|Datei(en)] C:\Programme\Gemeinsame Dateien\Bytes
[17|Verzeichnis(se),] C:\Programme\Gemeinsame Dateien\Bytes frei
--------------------\\ Process
( 28 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp\nss3B.tmp
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-23 17:36:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:3596][D:419]-> C:\DOKUME~1\HEINRI~1\LOKALE~1\Temp
[F:1401][D:0]-> C:\DOKUME~1\HEINRI~1\Cookies
[F:11228][D:42]-> C:\DOKUME~1\HEINRI~1\LOKALE~1\TEMPOR~1\content.IE5
1 - "C:\Lop SD\LopR_1.txt" - 23/04/2009| 9:29 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 23/04/2009|17:37 - Option : [2]
--------------------\\ Fin du rapport a 17:37:59
je tiens a ajouter qu il y a quand meme une tres tres nette amelioration depuis ces derniers jours, le pc tient plusieurs heures sans planter, alors qu avant j avais, au mieux, quelques minutes avant de devoir redémarrer...
alors j ai bon espoir de pouvoir reutiliser un jour msn ou meme de regarder un film (choses qui ne fonctionnent plus depuis longtemps)
alors j ai bon espoir de pouvoir reutiliser un jour msn ou meme de regarder un film (choses qui ne fonctionnent plus depuis longtemps)
voici le dernier rapport d avira, il y a du mieux par rapport aux précédents scan :
Avira AntiVir Personal
Report file date: dimanche 26 avril 2009 13:39
Scanning for 1364969 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HEINRICH
Version information:
BUILD.DAT : 9.0.0.387 17962 Bytes 24/03/2009 11:04:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 10:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:33:26
ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 16/04/2009 14:08:24
ANTIVIR3.VDF : 7.1.3.109 144896 Bytes 25/04/2009 14:08:26
Engineversion : 8.2.0.156
AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 15:36:42
AESCRIPT.DLL : 8.1.1.77 381306 Bytes 25/04/2009 14:08:38
AESCN.DLL : 8.1.1.10 127348 Bytes 25/04/2009 14:08:37
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 16:24:41
AEPACK.DLL : 8.1.3.14 397685 Bytes 25/04/2009 14:08:37
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 18:01:56
AEHEUR.DLL : 8.1.0.122 1737080 Bytes 25/04/2009 14:08:35
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 18:01:56
AEGEN.DLL : 8.1.1.39 348532 Bytes 25/04/2009 14:08:28
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 25/04/2009 14:08:27
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 05:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 09:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 13:55:12
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: delete
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +GAME,+JOKE,+PCK,+SPR,
Start of the scan: dimanche 26 avril 2009 13:39
Initiating scan of system files:
Signed -> 'C:\WINDOWS\system32\svchost.exe'
Signed -> 'C:\WINDOWS\system32\winlogon.exe'
Signed -> 'C:\WINDOWS\explorer.exe'
Signed -> 'C:\WINDOWS\system32\smss.exe'
Signed -> 'C:\WINDOWS\system32\wininet.DLL'
Signed -> 'C:\WINDOWS\system32\wsock32.DLL'
Signed -> 'C:\WINDOWS\system32\ws2_32.DLL'
Signed -> 'C:\WINDOWS\system32\services.exe'
Signed -> 'C:\WINDOWS\system32\lsass.exe'
Signed -> 'C:\WINDOWS\system32\csrss.exe'
Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys'
Signed -> 'C:\WINDOWS\system32\spoolsv.exe'
Signed -> 'C:\WINDOWS\system32\alg.exe'
Signed -> 'C:\WINDOWS\system32\wuauclt.exe'
Signed -> 'C:\WINDOWS\system32\advapi32.DLL'
Signed -> 'C:\WINDOWS\system32\user32.DLL'
Signed -> 'C:\WINDOWS\system32\gdi32.DLL'
Signed -> 'C:\WINDOWS\system32\kernel32.DLL'
Signed -> 'C:\WINDOWS\system32\ntdll.DLL'
Signed -> 'C:\WINDOWS\system32\ntoskrnl.exe'
Signed -> 'C:\WINDOWS\system32\ctfmon.exe'
The system files were scanned ('21' files)
Starting search for hidden objects.
[INFO] The process is not visible.
'75024' objects were checked, '1' hidden objects were found.
The scan of running processes will be started
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
25 processes with 25 modules were scanned
Starting master boot sector scan:
Master boot sector HD1
[DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
[WARNING] The boot sector cannot be repaired! You can find more information in the help
Start scanning boot sectors:
Starting to scan executable files (registry).
The registry was scanned ( '48' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Dokumente und Einstellungen\Heinrich Grimminger\Lokale Einstellungen\Temporary Internet Files\Content.IE5\277YWLND\swflash[1].cab
[0] Archive type: CAB (Microsoft)
--> FP_AX_CAB_INSTALLER.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
End of the scan: dimanche 26 avril 2009 14:20
Used time: 40:23 Minute(s)
The scan has been done completely.
5272 Scanned directories
280933 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
280932 Files not concerned
8105 Archives were scanned
4 Warnings
1 Notes
75024 Objects were scanned with rootkit scan
1 Hidden objects were found
Avira AntiVir Personal
Report file date: dimanche 26 avril 2009 13:39
Scanning for 1364969 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HEINRICH
Version information:
BUILD.DAT : 9.0.0.387 17962 Bytes 24/03/2009 11:04:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 10:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:33:26
ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 16/04/2009 14:08:24
ANTIVIR3.VDF : 7.1.3.109 144896 Bytes 25/04/2009 14:08:26
Engineversion : 8.2.0.156
AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 15:36:42
AESCRIPT.DLL : 8.1.1.77 381306 Bytes 25/04/2009 14:08:38
AESCN.DLL : 8.1.1.10 127348 Bytes 25/04/2009 14:08:37
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 16:24:41
AEPACK.DLL : 8.1.3.14 397685 Bytes 25/04/2009 14:08:37
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 18:01:56
AEHEUR.DLL : 8.1.0.122 1737080 Bytes 25/04/2009 14:08:35
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 18:01:56
AEGEN.DLL : 8.1.1.39 348532 Bytes 25/04/2009 14:08:28
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 25/04/2009 14:08:27
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 05:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 09:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 13:55:12
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: delete
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +GAME,+JOKE,+PCK,+SPR,
Start of the scan: dimanche 26 avril 2009 13:39
Initiating scan of system files:
Signed -> 'C:\WINDOWS\system32\svchost.exe'
Signed -> 'C:\WINDOWS\system32\winlogon.exe'
Signed -> 'C:\WINDOWS\explorer.exe'
Signed -> 'C:\WINDOWS\system32\smss.exe'
Signed -> 'C:\WINDOWS\system32\wininet.DLL'
Signed -> 'C:\WINDOWS\system32\wsock32.DLL'
Signed -> 'C:\WINDOWS\system32\ws2_32.DLL'
Signed -> 'C:\WINDOWS\system32\services.exe'
Signed -> 'C:\WINDOWS\system32\lsass.exe'
Signed -> 'C:\WINDOWS\system32\csrss.exe'
Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys'
Signed -> 'C:\WINDOWS\system32\spoolsv.exe'
Signed -> 'C:\WINDOWS\system32\alg.exe'
Signed -> 'C:\WINDOWS\system32\wuauclt.exe'
Signed -> 'C:\WINDOWS\system32\advapi32.DLL'
Signed -> 'C:\WINDOWS\system32\user32.DLL'
Signed -> 'C:\WINDOWS\system32\gdi32.DLL'
Signed -> 'C:\WINDOWS\system32\kernel32.DLL'
Signed -> 'C:\WINDOWS\system32\ntdll.DLL'
Signed -> 'C:\WINDOWS\system32\ntoskrnl.exe'
Signed -> 'C:\WINDOWS\system32\ctfmon.exe'
The system files were scanned ('21' files)
Starting search for hidden objects.
[INFO] The process is not visible.
'75024' objects were checked, '1' hidden objects were found.
The scan of running processes will be started
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
25 processes with 25 modules were scanned
Starting master boot sector scan:
Master boot sector HD1
[DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
[WARNING] The boot sector cannot be repaired! You can find more information in the help
Start scanning boot sectors:
Starting to scan executable files (registry).
The registry was scanned ( '48' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Dokumente und Einstellungen\Heinrich Grimminger\Lokale Einstellungen\Temporary Internet Files\Content.IE5\277YWLND\swflash[1].cab
[0] Archive type: CAB (Microsoft)
--> FP_AX_CAB_INSTALLER.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
End of the scan: dimanche 26 avril 2009 14:20
Used time: 40:23 Minute(s)
The scan has been done completely.
5272 Scanned directories
280933 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
280932 Files not concerned
8105 Archives were scanned
4 Warnings
1 Notes
75024 Objects were scanned with rootkit scan
1 Hidden objects were found
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
26 avril 2009 à 14:59
26 avril 2009 à 14:59
aie sinowal!
Il me semble que c'est une infection Mebroot.
Ce malware dérobe les informations confidentielles, en particulier Mots de passe et données bancaires.
Il sera nécessaire que tu changes tout cela en fin de désinfection et que tu vérifies auprès de ta banque que rien d'anormal ne s'est passé.
Pour éradiquer :
Télécharge mbr.exe de Gmer :
http://www2.gmer.net/mbr/mbr.exe
Sur le bureau.
Merci à Malekal pour le tutoriel
Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Double clique sur mbr.exe Un rapport sera généré : mbr.log
En cas d'infection, ce message MBR rootkit code detected va apparaitre.
Dans le menu Démarrer- Exécuter tape : "%userprofile%\Bureau\mbr" -f
Dans le mbr.log cette ligne apparaitra original MBR restored successfully !
Poste ce rapport et supprimes-le ensuite.
Relance mbr.exe.
Poste le nouveau rapport.
remets ensuite un rapport antivir
Il me semble que c'est une infection Mebroot.
Ce malware dérobe les informations confidentielles, en particulier Mots de passe et données bancaires.
Il sera nécessaire que tu changes tout cela en fin de désinfection et que tu vérifies auprès de ta banque que rien d'anormal ne s'est passé.
Pour éradiquer :
Télécharge mbr.exe de Gmer :
http://www2.gmer.net/mbr/mbr.exe
Sur le bureau.
Merci à Malekal pour le tutoriel
Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Double clique sur mbr.exe Un rapport sera généré : mbr.log
En cas d'infection, ce message MBR rootkit code detected va apparaitre.
Dans le menu Démarrer- Exécuter tape : "%userprofile%\Bureau\mbr" -f
Dans le mbr.log cette ligne apparaitra original MBR restored successfully !
Poste ce rapport et supprimes-le ensuite.
Relance mbr.exe.
Poste le nouveau rapport.
remets ensuite un rapport antivir
ok !
effectivement il a trouvé quelque chose voici le rapport :
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x89b265a0
\Device\Harddisk0\DR0 -> ParseProcedure -> 0x89b2d060
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 1 !
copy of MBR has been found in sector 10 !
copy of MBR has been found in sector 0x017BD52D8
malicious code @ sector 0x017BD52DB !
PE file found in sector at 0x017BD52F1 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !
je relance mbr.exe et avira
merci beaucoup pour les instructions !
effectivement il a trouvé quelque chose voici le rapport :
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\ACPI -> 0x89b265a0
\Device\Harddisk0\DR0 -> ParseProcedure -> 0x89b2d060
Warning: possible MBR rootkit infection !
copy of MBR has been found in sector 1 !
copy of MBR has been found in sector 10 !
copy of MBR has been found in sector 0x017BD52D8
malicious code @ sector 0x017BD52DB !
PE file found in sector at 0x017BD52F1 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !
je relance mbr.exe et avira
merci beaucoup pour les instructions !
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
>
lly
26 avril 2009 à 18:46
26 avril 2009 à 18:46
ok tu mettras les rapports. À plus
je me sens désespérée, je pensais que cette fois, tout serait clean, mais plantage avant d avoir pu lancer avira... il est en train de tourner donc pas encore le rapport, mais il affiche déjà avoir retrouvé sinowal...
rapport de mbr.exe :
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 1 !
copy of MBR has been found in sector 0x017BD52D8
malicious code @ sector 0x017BD52DB !
PE file found in sector at 0x017BD52F1 !
il me reste des options ?
je poste le rapport d avira des qu´il est dispo
surtout qu´il a l air bien méchant ce sinowal et là je crains, je ne sais pas depuis combien de temps il est là, mais pour certaines données ca peut etre catastrophique si est installé depuis plusieurs mois
rapport de mbr.exe :
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 1 !
copy of MBR has been found in sector 0x017BD52D8
malicious code @ sector 0x017BD52DB !
PE file found in sector at 0x017BD52F1 !
il me reste des options ?
je poste le rapport d avira des qu´il est dispo
surtout qu´il a l air bien méchant ce sinowal et là je crains, je ne sais pas depuis combien de temps il est là, mais pour certaines données ca peut etre catastrophique si est installé depuis plusieurs mois
Avira AntiVir Personal
Report file date: dimanche 26 avril 2009 19:03
Scanning for 1365100 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HEINRICH
Version information:
BUILD.DAT : 9.0.0.387 17962 Bytes 24/03/2009 11:04:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 10:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:33:26
ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 16/04/2009 14:08:24
ANTIVIR3.VDF : 7.1.3.110 146432 Bytes 25/04/2009 16:38:16
Engineversion : 8.2.0.156
AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 15:36:42
AESCRIPT.DLL : 8.1.1.77 381306 Bytes 25/04/2009 14:08:38
AESCN.DLL : 8.1.1.10 127348 Bytes 25/04/2009 14:08:37
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 16:24:41
AEPACK.DLL : 8.1.3.14 397685 Bytes 25/04/2009 14:08:37
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 18:01:56
AEHEUR.DLL : 8.1.0.122 1737080 Bytes 25/04/2009 14:08:35
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 18:01:56
AEGEN.DLL : 8.1.1.39 348532 Bytes 25/04/2009 14:08:28
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 25/04/2009 14:08:27
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 05:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 09:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 13:55:12
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: delete
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +GAME,+JOKE,+PCK,+SPR,
Start of the scan: dimanche 26 avril 2009 19:03
Initiating scan of system files:
Signed -> 'C:\WINDOWS\system32\svchost.exe'
Signed -> 'C:\WINDOWS\system32\winlogon.exe'
Signed -> 'C:\WINDOWS\explorer.exe'
Signed -> 'C:\WINDOWS\system32\smss.exe'
Signed -> 'C:\WINDOWS\system32\wininet.DLL'
Signed -> 'C:\WINDOWS\system32\wsock32.DLL'
Signed -> 'C:\WINDOWS\system32\ws2_32.DLL'
Signed -> 'C:\WINDOWS\system32\services.exe'
Signed -> 'C:\WINDOWS\system32\lsass.exe'
Signed -> 'C:\WINDOWS\system32\csrss.exe'
Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys'
Signed -> 'C:\WINDOWS\system32\spoolsv.exe'
Signed -> 'C:\WINDOWS\system32\alg.exe'
Signed -> 'C:\WINDOWS\system32\wuauclt.exe'
Signed -> 'C:\WINDOWS\system32\advapi32.DLL'
Signed -> 'C:\WINDOWS\system32\user32.DLL'
Signed -> 'C:\WINDOWS\system32\gdi32.DLL'
Signed -> 'C:\WINDOWS\system32\kernel32.DLL'
Signed -> 'C:\WINDOWS\system32\ntdll.DLL'
Signed -> 'C:\WINDOWS\system32\ntoskrnl.exe'
Signed -> 'C:\WINDOWS\system32\ctfmon.exe'
The system files were scanned ('21' files)
Starting search for hidden objects.
'74221' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
27 processes with 27 modules were scanned
Starting master boot sector scan:
Master boot sector HD1
[DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
[WARNING] The boot sector cannot be repaired! You can find more information in the help
Start scanning boot sectors:
Starting to scan executable files (registry).
The registry was scanned ( '48' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Dokumente und Einstellungen\Heinrich Grimminger\Lokale Einstellungen\Temporary Internet Files\Content.IE5\277YWLND\swflash[1].cab
[0] Archive type: CAB (Microsoft)
--> FP_AX_CAB_INSTALLER.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
End of the scan: dimanche 26 avril 2009 19:54
Used time: 50:48 Minute(s)
The scan has been done completely.
5125 Scanned directories
280085 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
280084 Files not concerned
8094 Archives were scanned
4 Warnings
1 Notes
74221 Objects were scanned with rootkit scan
0 Hidden objects were found
Report file date: dimanche 26 avril 2009 19:03
Scanning for 1365100 virus strains and unwanted programs.
Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : HEINRICH
Version information:
BUILD.DAT : 9.0.0.387 17962 Bytes 24/03/2009 11:04:00
AVSCAN.EXE : 9.0.3.3 464641 Bytes 24/02/2009 10:13:26
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:33:26
ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 16/04/2009 14:08:24
ANTIVIR3.VDF : 7.1.3.110 146432 Bytes 25/04/2009 16:38:16
Engineversion : 8.2.0.156
AEVDF.DLL : 8.1.1.0 106868 Bytes 27/01/2009 15:36:42
AESCRIPT.DLL : 8.1.1.77 381306 Bytes 25/04/2009 14:08:38
AESCN.DLL : 8.1.1.10 127348 Bytes 25/04/2009 14:08:37
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 16:24:41
AEPACK.DLL : 8.1.3.14 397685 Bytes 25/04/2009 14:08:37
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 18:01:56
AEHEUR.DLL : 8.1.0.122 1737080 Bytes 25/04/2009 14:08:35
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 18:01:56
AEGEN.DLL : 8.1.1.39 348532 Bytes 25/04/2009 14:08:28
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 25/04/2009 14:08:27
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09
AVARKT.DLL : 9.0.0.1 292609 Bytes 09/02/2009 05:52:24
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 09:45:45
RCTEXT.DLL : 9.0.35.0 87297 Bytes 11/03/2009 13:55:12
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\programme\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: delete
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +GAME,+JOKE,+PCK,+SPR,
Start of the scan: dimanche 26 avril 2009 19:03
Initiating scan of system files:
Signed -> 'C:\WINDOWS\system32\svchost.exe'
Signed -> 'C:\WINDOWS\system32\winlogon.exe'
Signed -> 'C:\WINDOWS\explorer.exe'
Signed -> 'C:\WINDOWS\system32\smss.exe'
Signed -> 'C:\WINDOWS\system32\wininet.DLL'
Signed -> 'C:\WINDOWS\system32\wsock32.DLL'
Signed -> 'C:\WINDOWS\system32\ws2_32.DLL'
Signed -> 'C:\WINDOWS\system32\services.exe'
Signed -> 'C:\WINDOWS\system32\lsass.exe'
Signed -> 'C:\WINDOWS\system32\csrss.exe'
Signed -> 'C:\WINDOWS\system32\drivers\kbdclass.sys'
Signed -> 'C:\WINDOWS\system32\spoolsv.exe'
Signed -> 'C:\WINDOWS\system32\alg.exe'
Signed -> 'C:\WINDOWS\system32\wuauclt.exe'
Signed -> 'C:\WINDOWS\system32\advapi32.DLL'
Signed -> 'C:\WINDOWS\system32\user32.DLL'
Signed -> 'C:\WINDOWS\system32\gdi32.DLL'
Signed -> 'C:\WINDOWS\system32\kernel32.DLL'
Signed -> 'C:\WINDOWS\system32\ntdll.DLL'
Signed -> 'C:\WINDOWS\system32\ntoskrnl.exe'
Signed -> 'C:\WINDOWS\system32\ctfmon.exe'
The system files were scanned ('21' files)
Starting search for hidden objects.
'74221' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
27 processes with 27 modules were scanned
Starting master boot sector scan:
Master boot sector HD1
[DETECTION] Contains code of the BOO/Sinowal.A boot sector virus
[WARNING] The boot sector cannot be repaired! You can find more information in the help
Start scanning boot sectors:
Starting to scan executable files (registry).
The registry was scanned ( '48' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Dokumente und Einstellungen\Heinrich Grimminger\Lokale Einstellungen\Temporary Internet Files\Content.IE5\277YWLND\swflash[1].cab
[0] Archive type: CAB (Microsoft)
--> FP_AX_CAB_INSTALLER.exe
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
End of the scan: dimanche 26 avril 2009 19:54
Used time: 50:48 Minute(s)
The scan has been done completely.
5125 Scanned directories
280085 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
280084 Files not concerned
8094 Archives were scanned
4 Warnings
1 Notes
74221 Objects were scanned with rootkit scan
0 Hidden objects were found
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
26 avril 2009 à 20:38
26 avril 2009 à 20:38
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
__________________
refais ensuite le message 24
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
__________________
refais ensuite le message 24
wahou... les mises en garde sur ce programme m´ont foutu la trouille!
anyway, voici le rapport :
ComboFix 09-04-25.A3 - Heinrich Grimminger 26/04/2009 20:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.33.1031.18.2047.1552 [GMT 2:00]
Lancé depuis: c:\dokumente und einstellungen\Heinrich Grimminger\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled*
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_000008_.tmp.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-26 au 2009-4-26 ))))))))))))))))))))))))))))))))))))
.
2009-04-26 06:49 . 2009-04-26 06:57 -------- d-----w c:\programme\XoftSpySE
2009-04-25 14:18 . 2009-04-25 14:18 -------- d-sh--w c:\dokumente und einstellungen\LocalService\IETldCache
2009-04-25 10:44 . 2009-04-25 10:44 -------- d-----w c:\dokumente und einstellungen\Heinrich Grimminger\DoctorWeb
2009-04-25 10:33 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-25 10:33 . 2009-04-25 10:33 -------- d-----w c:\programme\Avira
2009-04-25 10:33 . 2009-04-25 10:33 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2009-04-23 14:12 . 2009-04-26 07:32 -------- d-----w c:\programme\SpeedFan
2009-04-23 14:12 . 2009-04-23 14:12 45 ----a-w c:\windows\system32\initdebug.nfo
2009-04-23 10:01 . 2009-04-23 10:01 -------- d-sha-r C:\autorun.inf
2009-04-23 09:56 . 2009-04-23 14:25 -------- d-----w C:\UsbFix
2009-04-23 08:55 . 2009-04-23 08:55 -------- d-----w c:\programme\CCleaner
2009-04-23 07:21 . 2009-04-23 15:37 -------- d-----w C:\Lop SD
2009-04-22 20:36 . 2009-04-22 20:36 -------- d-----w c:\dokumente und einstellungen\Heinrich Grimminger\Anwendungsdaten\Malwarebytes
2009-04-22 20:36 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-22 20:36 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-22 20:36 . 2009-04-22 20:36 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-04-22 20:36 . 2009-04-22 20:36 -------- d-----w c:\programme\Malwarebytes' Anti-Malware
2009-04-22 20:22 . 2009-04-22 20:27 -------- d-----w C:\rsit
2009-04-22 16:01 . 2009-04-22 16:01 -------- d-----w c:\windows\system32\config\systemprofile\Anwendungsdaten\PC Tools
2009-04-19 09:05 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 09:05 . 2009-03-06 14:19 286720 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-19 09:05 . 2009-02-09 11:21 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-19 09:05 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 09:05 . 2009-02-09 10:51 678400 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 09:05 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 09:05 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 07:59 . 2008-04-21 21:13 217600 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-01 09:56 . 2007-05-23 15:54 260248 ----a-w c:\windows\system32\QMO.dll
2009-04-01 09:56 . 2007-05-23 15:54 80024 ----a-w c:\windows\system32\TXGYUploader.dll
2009-04-01 09:56 . 2007-05-23 15:54 92312 ----a-w c:\windows\system32\QMOCameraDll.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 15:37 . 2009-04-23 07:22 16459 ----a-w C:\lopR.txt
2009-04-23 14:26 . 2009-04-23 14:23 2874 ----a-w C:\UsbFix.txt
2009-04-23 11:57 . 2006-03-14 11:13 -------- d--h--w c:\programme\InstallShield Installation Information
2009-04-23 11:50 . 2006-03-05 16:03 -------- d-----w c:\programme\Gemeinsame Dateien\InstallShield
2009-04-23 11:06 . 2006-03-05 15:01 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\QuickTime
2009-04-22 18:53 . 2007-07-15 18:29 -------- d-----w c:\programme\eMule
2009-04-22 18:21 . 2004-08-10 12:00 76972 ----a-w c:\windows\system32\perfc007.dat
2009-04-22 18:21 . 2004-08-10 12:00 421830 ----a-w c:\windows\system32\perfh007.dat
2009-04-22 16:01 . 2009-04-22 16:01 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Messenger Plus!
2009-04-22 16:01 . 2009-04-22 16:01 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2009-04-22 16:01 . 2009-04-22 16:01 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-04-22 15:30 . 2006-05-26 10:57 32024 ----a-w c:\dokumente und einstellungen\Heinrich Grimminger\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-04-22 08:42 . 2009-04-21 20:11 2460 ----a-w C:\aaw7boot.log
2009-04-22 08:08 . 2008-06-04 00:37 -------- d---a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2009-04-21 08:46 . 2009-04-21 08:46 -------- d-----w c:\programme\VS Revo Group
2009-04-03 14:22 . 2007-07-18 11:40 7835 ----a-w c:\windows\mozver.dat
2009-04-01 09:01 . 2008-05-27 18:16 -------- d-----w c:\programme\Gemeinsame Dateien\Adobe
2009-03-31 19:13 . 2007-08-10 06:23 -------- d-----w c:\programme\Java
2009-03-10 20:46 . 2009-03-10 20:46 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Pinnacle VideoSpin
2009-03-10 20:43 . 2009-03-10 20:43 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\VideoSpin
2009-03-09 03:19 . 2008-12-05 13:53 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 02:34 . 2004-08-10 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2004-08-10 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2004-08-10 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2004-08-10 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2004-08-10 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2004-08-10 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2004-08-10 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2004-08-10 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2004-08-10 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2004-08-10 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:19 . 2004-08-10 12:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-02-09 14:04 . 2007-07-15 16:03 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:21 . 2004-08-04 00:50 2026496 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:21 . 2004-08-10 12:00 2147840 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:21 . 2004-08-10 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2004-08-10 12:00 736768 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-08-10 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2004-08-10 12:00 678400 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2004-08-10 12:00 740352 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2004-08-10 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2004-08-10 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-05-22 22:08 . 2006-03-05 14:20 27272 ----a-w c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-05-26 10:58 . 2006-05-26 10:57 152 ----a-w c:\dokumente und einstellungen\Heinrich Grimminger\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2006-03-05 07:50 . 2006-03-05 07:50 146 ----a-w c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2008-09-29 23:20 . 2008-09-29 23:20 32768 --sha-w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008093020081001\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"mnmsrvc"=3 (0x3)
"McrdSvc"=2 (0x2)
"lxdi_device"=2 (0x2)
"lxdiCATSCustConnectService"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10758:TCP"= 10758:TCP:mule
"26936:UDP"= 26936:UDP:mule2
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 ptpd;Disk Filter Driver; [x]
R3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-09-02 827008]
R3 Camdrv30;Philips ToUcam XS;c:\windows\system32\Drivers\camdrv30.sys [2001-08-17 171264]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-04-06 38496]
R3 PhnxVcd;PhnxVcd;c:\windows\system32\Drivers\PhnxVcd.sys [2005-07-21 44544]
R3 SecBulk;SECBULK.sys, SEC SOC USBD Driver;c:\windows\system32\Drivers\SECBULK.sys [2008-08-18 10430]
R3 SetupNTGLM7X;SetupNTGLM7X; [x]
R3 ZSMC0305;VIMICRO USB PC Camera V; [x]
R4 CPDDVFWI;CPDDVFWI; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
S2 Machnm32;Machnm32 Driver;c:\windows\system32\Machnm32.sys [2003-08-13 2304]
S2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2005-06-13 7040]
.
Contenu du dossier 'Tâches planifiées'
2009-04-26 c:\windows\Tasks\XoftSpySE 2.job
- c:\programme\XoftSpySE\XoftSpy.exe [2009-04-21 19:45]
2009-04-26 c:\windows\Tasks\XoftSpySE.job
- c:\programme\XoftSpySE\XoftSpy.exe [2009-04-21 19:45]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file)
HKU-Default-Run-Picasa Media Detector - c:\programme\Picasa2\PicasaMediaDetector.exe
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: localhost
TCP: {AA3501D8-B4BF-41D9-9BCA-8A349A0CC421} = 195.50.140.114 195.50.140.252
FF - ProfilePath - c:\dokumente und einstellungen\Heinrich Grimminger\Anwendungsdaten\Mozilla\Firefox\Profiles\da4ufzwd.default\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 20:56
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,d0,5d,1f,e8,21,
6b,80,c7,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,04,1a,3c,8c,9f,
0f,fd,1e,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e1,5d,6b,c6,db,
ce,e6,cb,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,06,c0,90,1b,4e,
6e,5a,de,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,c7,33,91,dc,a2,
7f,49,8d,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,d8,5a,72,dd,66,
3e,9d,ba,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,d5,8b,a5,01,b6,
83,49,c7,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,41,65,d9,57,a0,
15,25,41,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,81,a5,3c,c0,df,
2e,b5,5c,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,6e,6b,be,6f,e0,
a6,fc,5a,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,e0,55,1e,d4,84,
ba,b3,ca,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,06,29,31,4a,a2,
5c,56,55,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-04-26 20:57
ComboFix-quarantined-files.txt 2009-04-26 18:57
Avant-CF: 23 Verzeichnis(se), 19 889 188 864 Bytes frei
Après-CF: 22 Verzeichnis(se), 20 962 222 080 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut
251 --- E O F --- 2009-04-23 04:22
anyway, voici le rapport :
ComboFix 09-04-25.A3 - Heinrich Grimminger 26/04/2009 20:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.33.1031.18.2047.1552 [GMT 2:00]
Lancé depuis: c:\dokumente und einstellungen\Heinrich Grimminger\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled*
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_000008_.tmp.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2009-05-26 au 2009-4-26 ))))))))))))))))))))))))))))))))))))
.
2009-04-26 06:49 . 2009-04-26 06:57 -------- d-----w c:\programme\XoftSpySE
2009-04-25 14:18 . 2009-04-25 14:18 -------- d-sh--w c:\dokumente und einstellungen\LocalService\IETldCache
2009-04-25 10:44 . 2009-04-25 10:44 -------- d-----w c:\dokumente und einstellungen\Heinrich Grimminger\DoctorWeb
2009-04-25 10:33 . 2009-02-13 09:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-25 10:33 . 2009-04-25 10:33 -------- d-----w c:\programme\Avira
2009-04-25 10:33 . 2009-04-25 10:33 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Avira
2009-04-23 14:12 . 2009-04-26 07:32 -------- d-----w c:\programme\SpeedFan
2009-04-23 14:12 . 2009-04-23 14:12 45 ----a-w c:\windows\system32\initdebug.nfo
2009-04-23 10:01 . 2009-04-23 10:01 -------- d-sha-r C:\autorun.inf
2009-04-23 09:56 . 2009-04-23 14:25 -------- d-----w C:\UsbFix
2009-04-23 08:55 . 2009-04-23 08:55 -------- d-----w c:\programme\CCleaner
2009-04-23 07:21 . 2009-04-23 15:37 -------- d-----w C:\Lop SD
2009-04-22 20:36 . 2009-04-22 20:36 -------- d-----w c:\dokumente und einstellungen\Heinrich Grimminger\Anwendungsdaten\Malwarebytes
2009-04-22 20:36 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-22 20:36 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-22 20:36 . 2009-04-22 20:36 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2009-04-22 20:36 . 2009-04-22 20:36 -------- d-----w c:\programme\Malwarebytes' Anti-Malware
2009-04-22 20:22 . 2009-04-22 20:27 -------- d-----w C:\rsit
2009-04-22 16:01 . 2009-04-22 16:01 -------- d-----w c:\windows\system32\config\systemprofile\Anwendungsdaten\PC Tools
2009-04-19 09:05 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-19 09:05 . 2009-03-06 14:19 286720 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-19 09:05 . 2009-02-09 11:21 111104 -c----w c:\windows\system32\dllcache\services.exe
2009-04-19 09:05 . 2009-02-09 10:51 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-19 09:05 . 2009-02-09 10:51 678400 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-19 09:05 . 2009-02-09 10:51 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-19 09:05 . 2009-02-09 10:51 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-19 07:59 . 2008-04-21 21:13 217600 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-01 09:56 . 2007-05-23 15:54 260248 ----a-w c:\windows\system32\QMO.dll
2009-04-01 09:56 . 2007-05-23 15:54 80024 ----a-w c:\windows\system32\TXGYUploader.dll
2009-04-01 09:56 . 2007-05-23 15:54 92312 ----a-w c:\windows\system32\QMOCameraDll.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 15:37 . 2009-04-23 07:22 16459 ----a-w C:\lopR.txt
2009-04-23 14:26 . 2009-04-23 14:23 2874 ----a-w C:\UsbFix.txt
2009-04-23 11:57 . 2006-03-14 11:13 -------- d--h--w c:\programme\InstallShield Installation Information
2009-04-23 11:50 . 2006-03-05 16:03 -------- d-----w c:\programme\Gemeinsame Dateien\InstallShield
2009-04-23 11:06 . 2006-03-05 15:01 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\QuickTime
2009-04-22 18:53 . 2007-07-15 18:29 -------- d-----w c:\programme\eMule
2009-04-22 18:21 . 2004-08-10 12:00 76972 ----a-w c:\windows\system32\perfc007.dat
2009-04-22 18:21 . 2004-08-10 12:00 421830 ----a-w c:\windows\system32\perfh007.dat
2009-04-22 16:01 . 2009-04-22 16:01 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Messenger Plus!
2009-04-22 16:01 . 2009-04-22 16:01 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
2009-04-22 16:01 . 2009-04-22 16:01 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\{66E2F539-12B6-4870-A500-7689CDE75C5E}
2009-04-22 15:30 . 2006-05-26 10:57 32024 ----a-w c:\dokumente und einstellungen\Heinrich Grimminger\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2009-04-22 08:42 . 2009-04-21 20:11 2460 ----a-w C:\aaw7boot.log
2009-04-22 08:08 . 2008-06-04 00:37 -------- d---a-w c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
2009-04-21 08:46 . 2009-04-21 08:46 -------- d-----w c:\programme\VS Revo Group
2009-04-03 14:22 . 2007-07-18 11:40 7835 ----a-w c:\windows\mozver.dat
2009-04-01 09:01 . 2008-05-27 18:16 -------- d-----w c:\programme\Gemeinsame Dateien\Adobe
2009-03-31 19:13 . 2007-08-10 06:23 -------- d-----w c:\programme\Java
2009-03-10 20:46 . 2009-03-10 20:46 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\Pinnacle VideoSpin
2009-03-10 20:43 . 2009-03-10 20:43 -------- d-----w c:\dokumente und einstellungen\All Users\Anwendungsdaten\VideoSpin
2009-03-09 03:19 . 2008-12-05 13:53 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 02:34 . 2004-08-10 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2004-08-10 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2004-08-10 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2004-08-10 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2004-08-10 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2004-08-10 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2004-08-10 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2004-08-10 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2004-08-10 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2004-08-10 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:19 . 2004-08-10 12:00 286720 ----a-w c:\windows\system32\pdh.dll
2009-02-09 14:04 . 2007-07-15 16:03 1846912 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:21 . 2004-08-04 00:50 2026496 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:21 . 2004-08-10 12:00 2147840 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 11:21 . 2004-08-10 12:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-09 10:51 . 2004-08-10 12:00 736768 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:51 . 2004-08-10 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:51 . 2004-08-10 12:00 678400 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:51 . 2004-08-10 12:00 740352 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:39 . 2004-08-10 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:57 . 2004-08-10 12:00 56832 ----a-w c:\windows\system32\secur32.dll
2008-05-22 22:08 . 2006-03-05 14:20 27272 ----a-w c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2006-05-26 10:58 . 2006-05-26 10:57 152 ----a-w c:\dokumente und einstellungen\Heinrich Grimminger\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2006-03-05 07:50 . 2006-03-05 07:50 146 ----a-w c:\dokumente und einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2008-09-29 23:20 . 2008-09-29 23:20 32768 --sha-w c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\MSHist012008093020081001\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"mnmsrvc"=3 (0x3)
"McrdSvc"=2 (0x2)
"lxdi_device"=2 (0x2)
"lxdiCATSCustConnectService"=2 (0x2)
"helpsvc"=2 (0x2)
"gusvc"=2 (0x2)
"AntiVirService"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10758:TCP"= 10758:TCP:mule
"26936:UDP"= 26936:UDP:mule2
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 ptpd;Disk Filter Driver; [x]
R3 3xHybrid;Pinnacle PCTV 300i Stereo DVB-T;c:\windows\system32\DRIVERS\3xHybrid.sys [2005-09-02 827008]
R3 Camdrv30;Philips ToUcam XS;c:\windows\system32\Drivers\camdrv30.sys [2001-08-17 171264]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-04-06 38496]
R3 PhnxVcd;PhnxVcd;c:\windows\system32\Drivers\PhnxVcd.sys [2005-07-21 44544]
R3 SecBulk;SECBULK.sys, SEC SOC USBD Driver;c:\windows\system32\Drivers\SECBULK.sys [2008-08-18 10430]
R3 SetupNTGLM7X;SetupNTGLM7X; [x]
R3 ZSMC0305;VIMICRO USB PC Camera V; [x]
R4 CPDDVFWI;CPDDVFWI; [x]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\programme\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
S2 Machnm32;Machnm32 Driver;c:\windows\system32\Machnm32.sys [2003-08-13 2304]
S2 SBKUPNT;SBKUPNT;c:\windows\system32\Drivers\SBKUPNT.SYS [2001-07-13 14976]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2005-06-13 7040]
.
Contenu du dossier 'Tâches planifiées'
2009-04-26 c:\windows\Tasks\XoftSpySE 2.job
- c:\programme\XoftSpySE\XoftSpy.exe [2009-04-21 19:45]
2009-04-26 c:\windows\Tasks\XoftSpySE.job
- c:\programme\XoftSpySE\XoftSpy.exe [2009-04-21 19:45]
.
- - - - ORPHELINS SUPPRIMES - - - -
WebBrowser-{196C3A46-4758-433D-A600-802C804AF39C} - (no file)
HKU-Default-Run-Picasa Media Detector - c:\programme\Picasa2\PicasaMediaDetector.exe
ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file)
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: localhost
TCP: {AA3501D8-B4BF-41D9-9BCA-8A349A0CC421} = 195.50.140.114 195.50.140.252
FF - ProfilePath - c:\dokumente und einstellungen\Heinrich Grimminger\Anwendungsdaten\Mozilla\Firefox\Profiles\da4ufzwd.default\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-26 20:56
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,d0,5d,1f,e8,21,
6b,80,c7,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,04,1a,3c,8c,9f,
0f,fd,1e,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,e1,5d,6b,c6,db,
ce,e6,cb,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,06,c0,90,1b,4e,
6e,5a,de,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,c7,33,91,dc,a2,
7f,49,8d,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,d8,5a,72,dd,66,
3e,9d,ba,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,d5,8b,a5,01,b6,
83,49,c7,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,41,65,d9,57,a0,
15,25,41,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,81,a5,3c,c0,df,
2e,b5,5c,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,6e,6b,be,6f,e0,
a6,fc,5a,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,e0,55,1e,d4,84,
ba,b3,ca,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,06,29,31,4a,a2,
5c,56,55,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
Heure de fin: 2009-04-26 20:57
ComboFix-quarantined-files.txt 2009-04-26 18:57
Avant-CF: 23 Verzeichnis(se), 19 889 188 864 Bytes frei
Après-CF: 22 Verzeichnis(se), 20 962 222 080 Bytes frei
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptOut
251 --- E O F --- 2009-04-23 04:22
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
26 avril 2009 à 21:11
26 avril 2009 à 21:11
pour le logiciel meb
tu as bien tapé ceci
"%userprofile%\Bureau\mbr" -f
______________________
Télécharge mbr.exe de Gmer :
http://www2.gmer.net/mbr/mbr.exe
Sur le bureau.
Merci à Malekal pour le tutoriel
Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Double clique sur mbr.exe Un rapport sera généré : mbr.log
En cas d'infection, ce message MBR rootkit code detected va apparaitre.
Dans le menu Démarrer- Exécuter tape : "%userprofile%\Bureau\mbr" -f
Dans le mbr.log cette ligne apparaitra original MBR restored successfully !
Poste ce rapport et supprimes-le ensuite.
Relance mbr.exe et le nouveau mbr.log devrait être celui-ci :
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
* device: opened successfully
* user: MBR read successfully
* kernel: MBR read successfully
* user & kernel MBR OK
Sous Vista, ne pas oublier de lancer mbr.exe par clic droit et Exécuter en tant qu'administrateur.
Note : Si le fichier mbr.exe se trouve dans Téléchargement, cela fonctionne aussi et mbr.log s'y inscrira.
tu as bien tapé ceci
"%userprofile%\Bureau\mbr" -f
______________________
Télécharge mbr.exe de Gmer :
http://www2.gmer.net/mbr/mbr.exe
Sur le bureau.
Merci à Malekal pour le tutoriel
Désactive tes protections et coupe la connexion. (Antivirus et antispywares, HIPS et autre résident)
Double clique sur mbr.exe Un rapport sera généré : mbr.log
En cas d'infection, ce message MBR rootkit code detected va apparaitre.
Dans le menu Démarrer- Exécuter tape : "%userprofile%\Bureau\mbr" -f
Dans le mbr.log cette ligne apparaitra original MBR restored successfully !
Poste ce rapport et supprimes-le ensuite.
Relance mbr.exe et le nouveau mbr.log devrait être celui-ci :
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
* device: opened successfully
* user: MBR read successfully
* kernel: MBR read successfully
* user & kernel MBR OK
Sous Vista, ne pas oublier de lancer mbr.exe par clic droit et Exécuter en tant qu'administrateur.
Note : Si le fichier mbr.exe se trouve dans Téléchargement, cela fonctionne aussi et mbr.log s'y inscrira.