J ai un rapport de hijack ? quelqun peu m'aid

mrco72 -  
 mrco72 -
Bonjour,
mon ordi est infecte de pub
? y a du virus dans l'air !!!! alors j ai donc telecharger hijack, mais le probleme c'est que j'y comprends rien !
je voudrais pas enlever quelques chose d'important !y a t-il quelequn qui peu m'aider.

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:58, on 06/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\tbu05139\ecobar.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.orange.com/en
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
O20 - Winlogon Notify: fcc1cc6b600 - C:\WINDOWS\System32\dpnmodem32.dll
O20 - Winlogon Notify: __c005D7A6 - C:\WINDOWS\system32\__c005D7A6.dat
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe

--
End of file - 6651 bytes
merci de votre aide
Configuration: Windows XP Internet Explorer 8.0

18 réponses

  1. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Salut,

    On va véifier car hijackthis n'est plus aussi performant :

    Telecharges RSIT " Random's System Information Tool " sur ton bureau : http://images.malwareremoval.com/random/RSIT.exe

    - Fermes toutes les applications en cours et double clic sur RSIT.exe
    - Selectionnes " Continue " à l'ecran >> RSIT va analyser le pc et verifier si l'outil hijackthis ( version à jour) est present sur le pc, si ce n'est pas le cas, RSIT le telechargera >> acceptes la license
    - Une fois l'analyse terminée, 2 rapports.txt s'ouvrent, log.txt à l'écran et info.txt dans la barre des taches
    - Postes le contenu des 2 rapports
    0
    1. mrco72
       
      salut et merci de m'aider ced

      Voici les 2 rapports . c'est impressionnant !

      ystem drive C: has 21 GB (28%) free of 76 GB
      Total RAM: 510 MB (49% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:22:51, on 06/06/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Kontiki\KHost.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\WINDOWS\system32\inetsrv\inetinfo.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Kontiki\KService.exe
      C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
      C:\WINDOWS\System32\snmp.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\ehome\mcrdsvc.exe
      C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\Windows Live\Mail\wlmail.exe
      C:\Documents and Settings\marco\My Documents\windows\RSIT.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\Program Files\Trend Micro\HijackThis\marco.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Orange UK
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
      O2 - BHO: TBSB05288 - {6714ADBD-C6C1-42A8-BD84-9C9339059421} - C:\Program Files\IEToolbar\ECO Bar\tbu05139\ecobar.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
      O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O14 - IERESET.INF: START_PAGE_URL=https://www.orange.com/en
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
      O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
      O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll
      O20 - Winlogon Notify: fcc1cc6b600 - C:\WINDOWS\System32\dpnmodem32.dll
      O20 - Winlogon Notify: __c005D7A6 - C:\WINDOWS\system32\__c005D7A6.dat
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Autodata Limited License Service - Unknown owner - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
      O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe
      0
    2. mrco72
       
      Vraiment ? et que dois je faire maintenant ? avec ça ?


      ComboFix 09-06-05.07 - marco 06/06/2009 13:00.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.510.260 [GMT 1:00]
      Running from: c:\documents and settings\marco\My Documents\windows\ComboFix.exe
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\documents and settings\Administrator\Application Data\[u]0/u2000000e034167a593C.manifest
      c:\documents and settings\Administrator\Application Data\[u]0/u2000000e034167a593O.manifest
      c:\documents and settings\Administrator\Application Data\[u]0/u2000000e034167a593P.manifest
      c:\documents and settings\Administrator\Application Data\[u]0/u2000000e034167a593S.manifest
      c:\documents and settings\marco\Application Data\[u]0/u2000000e034167a583C.manifest
      c:\documents and settings\marco\Application Data\[u]0/u2000000e034167a583O.manifest
      c:\documents and settings\marco\Application Data\[u]0/u2000000e034167a583P.manifest
      c:\documents and settings\marco\Application Data\[u]0/u2000000e034167a583S.manifest
      c:\documents and settings\marco\Application Data\[u]0/u2000000e034167a593C.manifest
      c:\documents and settings\marco\Application Data\[u]0/u2000000e034167a593O.manifest
      c:\documents and settings\marco\Application Data\[u]0/u2000000e034167a593P.manifest
      c:\documents and settings\marco\Application Data\[u]0/u2000000e034167a593S.manifest
      c:\documents and settings\marco\Application Data\[u]0/u2000000e034167a600C.manifest
      c:\documents and settings\marco\Application Data\[u]0/u2000000e034167a600O.manifest
      c:\documents and settings\marco\Application Data\[u]0/u2000000e034167a600P.manifest
      c:\documents and settings\marco\Application Data\[u]0/u2000000e034167a600S.manifest
      c:\documents and settings\marco\Application Data\FunWebProducts
      c:\documents and settings\marco\Application Data\FunWebProducts\Data\marco\avatar.dat
      c:\documents and settings\marco\Local Settings\Application Data\ugsaess.dat
      c:\documents and settings\marco\Local Settings\Application Data\ugsaess_navps.dat
      c:\program files\IEToolbar
      c:\program files\IEToolbar\ECO Bar\tbu05139\ecobar.dll
      c:\program files\IEToolbar\ECO Bar\tbu05139\icons.bmp
      c:\program files\IEToolbar\ECO Bar\tbu05139\info.txt
      c:\program files\IEToolbar\ECO Bar\tbu05139\tbhelper.dll
      c:\program files\IEToolbar\ECO Bar\tbu05139\uninstall.exe
      c:\program files\IEToolbar\ECO Bar\tbu05139\version.txt
      c:\program files\IEToolbar\ECO Bar\tbu05139\your_logo.png
      c:\program files\QUAD Utilities
      c:\program files\QUAD Utilities\QUAD Registry Cleaner\Vista Scheduler.dll
      c:\program files\runit
      c:\program files\runit\config.txt
      c:\program files\runit\runit_32.exe
      c:\program files\runit\runitu_32.exe
      c:\windows\eoal2470.exe
      c:\windows\lcggg0805.exe
      c:\windows\nxkg3604.exe
      c:\windows\qnwuh12244.exe
      c:\windows\qqpse4022.exe
      c:\windows\sdbmw4366.exe
      c:\windows\system32\__c0014EE9.dat
      c:\windows\system32\__c005D7A6.dat
      c:\windows\system32\__c0062692.dat
      c:\windows\system32\__c0099FEE.dat
      c:\windows\system32\__c00A9555.dat
      c:\windows\system32\3ejyoyn.vbs
      c:\windows\system32\6l8CSGyhOjd6787.vbs
      c:\windows\system32\ADHA5fOu80Cr7JR.vbs
      c:\windows\system32\Cache
      c:\windows\system32\CZY0Z8IrNI6SsIY.vbs
      c:\windows\System32\dpnmodem32.dll
      c:\windows\system32\GroupPolicy000.dat
      c:\windows\system32\KLHIiS3.vbs
      c:\windows\system32\l6Uw1.vbs
      c:\windows\system32\oNBnzSvid0RSAjh.vbs
      c:\windows\system32\Rb2weOfNy9PFb.vbs
      c:\windows\system32\swfgquydzgrn.exe
      c:\windows\system32\SystemService32
      c:\windows\system32\SystemService32\165.crack.zip
      c:\windows\system32\SystemService32\165.crack.zip.kwd
      c:\windows\system32\SystemService32\166.keygen.zip
      c:\windows\system32\SystemService32\166.keygen.zip.kwd
      c:\windows\system32\SystemService32\167.serial.zip
      c:\windows\system32\SystemService32\167.serial.zip.kwd
      c:\windows\system32\SystemService32\168.setup.zip
      c:\windows\system32\SystemService32\168.setup.zip.kwd
      c:\windows\system32\SystemService32\169.music.au.kwd
      c:\windows\system32\SystemService32\170.music.mp3.kwd
      c:\windows\system32\SystemService32\171.music2.au.kwd
      c:\windows\system32\SystemService32\172.music.snd.kwd
      c:\windows\system32\YJW8u.vbs
      c:\windows\system32\zAacHcU4IUNziW6.vbs
      c:\windows\wnrr74340.exe

      .
      ((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))
      .

      2009-06-06 12:24 . 2009-03-12 09:03 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
      2009-06-06 11:22 . 2009-06-06 11:23 -------- d-----w- C:\rsit
      2009-06-06 10:53 . 2009-06-06 10:53 -------- d-----w- C:\Yoog_Fix
      2009-06-06 10:49 . 2009-06-06 10:49 -------- d-----w- C:\ToolBar SD
      2009-06-06 10:44 . 2009-06-06 10:55 -------- d-----w- c:\program files\Navilog1
      2009-06-06 10:34 . 2009-06-06 10:34 -------- d-----w- C:\GenProc
      2009-06-06 09:01 . 2009-03-08 03:21 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090605.040\NAVENG.SYS
      2009-06-06 09:01 . 2009-03-08 03:21 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090605.040\NAVEX15.SYS
      2009-06-06 09:01 . 2009-03-08 03:21 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090605.040\NAVENG32.DLL
      2009-06-06 09:01 . 2009-03-08 03:21 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090605.040\NAVEX32A.DLL
      2009-06-06 09:01 . 2009-03-08 03:21 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090605.040\EECTRL.SYS
      2009-06-06 09:01 . 2009-03-08 03:21 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090605.040\ECMSVR32.DLL
      2009-06-06 09:01 . 2009-03-08 03:21 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090605.040\CCERASER.DLL
      2009-06-06 09:01 . 2009-03-08 03:21 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090605.040\ERASER.SYS
      2009-06-05 08:01 . 2009-06-05 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Documents
      2009-06-04 08:16 . 2009-06-04 08:16 -------- d-----w- c:\documents and settings\marco\Application Data\Yahoo!
      2009-06-04 08:16 . 2009-06-04 08:36 -------- d-----w- c:\program files\Yahoo!
      2009-06-04 08:16 . 2009-06-04 08:16 -------- d-----w- c:\program files\CCleaner
      2009-06-03 12:08 . 2009-06-03 12:08 -------- d-----w- c:\program files\Trend Micro
      2009-06-03 08:34 . 2009-06-03 08:34 -------- d-----w- c:\windows\system32\wbem\Repository
      2009-06-03 08:34 . 2009-06-03 08:34 -------- d-----w- c:\program files\Bonjour
      2009-05-29 18:43 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\Scxpx86.dll
      2009-05-29 18:43 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSXpx86.sys
      2009-05-29 18:43 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvix86.sys
      2009-05-29 18:43 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.dll
      2009-05-29 18:43 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSviA64.sys
      2009-05-26 16:23 . 2009-05-26 16:23 -------- d-----w- c:\program files\Veoh Networks
      2009-05-21 13:48 . 2009-05-21 13:48 -------- d-----w- c:\documents and settings\marco\Local Settings\Application Data\Ahead
      2009-05-21 13:38 . 2009-05-21 14:26 -------- d-----w- c:\documents and settings\marco\Application Data\Any Video Converter
      2009-05-21 13:38 . 2009-05-21 13:39 -------- d-----w- c:\program files\Any Video Converter
      2009-05-21 13:06 . 2000-06-26 10:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
      2009-05-21 13:06 . 2004-07-26 16:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
      2009-05-21 13:06 . 2004-07-26 16:16 262144 ------w- c:\windows\system32\ImagXR7.dll
      2009-05-21 13:06 . 2004-07-26 16:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
      2009-05-21 13:06 . 2004-07-26 16:16 1568768 ------w- c:\windows\system32\ImagX7.dll
      2009-05-21 13:06 . 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
      2009-05-19 19:00 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\Scxpx86.dll
      2009-05-19 19:00 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSXpx86.sys
      2009-05-19 19:00 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSvix86.sys
      2009-05-19 19:00 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSxpx86.dll
      2009-05-19 19:00 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSviA64.sys
      2009-05-14 16:11 . 2009-05-14 16:11 -------- d-----w- c:\windows\ie8
      2009-05-14 15:47 . 2009-06-03 10:27 -------- d-sh--w- c:\windows\system32\SystemService32(3)
      2009-05-14 15:01 . 2009-06-03 09:38 -------- d-----w- c:\windows\system32\SystemService32(2)
      2009-05-14 14:42 . 2009-05-14 14:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
      2009-05-14 14:13 . 2009-05-14 14:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Leadertech
      2009-05-14 13:53 . 2009-05-14 16:11 -------- d-----w- c:\program files\Common Files\Sonic Shared(2)
      2009-05-14 12:23 . 2009-05-14 12:23 -------- d-----w- c:\program files\Dell
      2009-05-12 12:13 . 2009-05-12 12:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
      2009-05-11 20:31 . 2009-02-20 18:09 78336 ----a-w- c:\windows\system32\ieencode.dll
      2009-05-11 20:31 . 2009-02-20 18:09 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
      2009-05-11 17:02 . 2009-05-14 16:25 -------- d-----w- c:\program files\Sonic
      2009-05-11 11:42 . 2009-05-11 11:42 93696 ----a-w- c:\windows\xfduc50240.exe
      2009-05-11 10:36 . 2009-05-11 10:36 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Apple
      2009-05-11 09:55 . 2009-05-11 09:59 -------- d-----w- c:\documents and settings\marco\Application Data\Ahead
      2009-05-11 09:41 . 2009-05-11 09:41 -------- d-----w- c:\program files\Common Files\Nero
      2009-05-11 09:39 . 2001-03-08 18:30 24064 ------w- c:\windows\system32\msxml3a.dll
      2009-05-11 09:38 . 2009-05-11 09:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
      2009-05-11 09:38 . 2009-05-21 13:06 -------- d-----w- c:\program files\Common Files\Ahead
      2009-05-11 09:38 . 2009-05-21 13:06 -------- d-----w- c:\program files\Ahead
      2009-05-10 13:54 . 2009-05-10 13:54 -------- d-----w- c:\documents and settings\marco\Local Settings\Application Data\Identities
      2009-05-09 12:10 . 2009-05-09 12:10 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
      2009-05-09 10:48 . 2009-03-19 15:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
      2009-05-09 10:48 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
      2009-05-09 10:47 . 2009-06-05 16:50 -------- d-----w- c:\program files\iPod
      2009-05-09 10:46 . 2009-05-09 10:48 -------- d-----w- c:\program files\iTunes
      2009-05-09 10:46 . 2009-05-09 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
      2009-05-09 10:42 . 2009-05-09 10:44 -------- d-----w- c:\program files\QuickTime
      2009-05-09 10:42 . 2009-05-09 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
      2009-05-08 21:56 . 2009-05-08 21:56 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
      2009-05-08 21:56 . 2004-05-28 01:06 266240 ------w- c:\windows\Dit.DLL
      2009-05-08 21:56 . 2004-01-29 08:31 86016 ----a-w- c:\windows\Dit.exe
      2009-05-08 21:56 . 2003-07-11 09:31 61440 ----a-w- c:\windows\DitExp.exe
      2009-05-08 21:50 . 2009-05-08 21:50 -------- d-----w- c:\program files\Multimedia Card Reader
      2009-05-08 21:48 . 2009-05-08 21:48 -------- d-----w- c:\program files\MUSICMATCH
      2009-05-08 21:45 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
      2009-05-08 21:45 . 2009-05-08 21:46 -------- d-----w- c:\program files\CyberLink

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-06-06 12:28 . 2008-10-26 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
      2009-06-05 15:00 . 2008-12-05 19:24 -------- d-----w- c:\documents and settings\marco\Application Data\dvdcss
      2009-06-03 09:44 . 2008-10-21 21:08 -------- d-----w- c:\program files\Symantec
      2009-06-01 09:24 . 2008-11-06 22:08 -------- d-----w- c:\program files\Common Files\Apple
      2009-05-14 16:27 . 2008-10-19 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
      2009-05-14 16:23 . 2008-10-19 15:57 -------- d-----w- c:\program files\DivX
      2009-05-11 07:51 . 2008-10-18 21:49 -------- d-----w- c:\program files\Windows Media Connect 2
      2009-05-09 10:49 . 2008-11-06 22:11 -------- d-----w- c:\documents and settings\marco\Application Data\Apple Computer
      2009-05-08 21:56 . 2008-10-18 19:45 -------- d--h--w- c:\program files\InstallShield Installation Information
      2009-05-08 21:37 . 2008-10-18 17:14 26856 ----a-w- c:\documents and settings\marco\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-05-07 13:05 . 2008-10-19 14:25 -------- d-----w- c:\program files\Microsoft Works
      2009-05-07 12:20 . 2009-05-07 12:20 -------- d-----w- c:\program files\MSBuild
      2009-05-07 12:20 . 2009-05-07 12:20 -------- d-----w- c:\program files\Reference Assemblies
      2009-05-06 18:43 . 2009-05-06 18:43 -------- d-----w- c:\program files\Boots F2CD
      2009-04-22 09:32 . 2008-10-23 19:24 -------- d-----w- c:\program files\Java
      2009-04-22 07:01 . 2009-04-22 07:01 152576 ----a-w- c:\documents and settings\marco\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
      2009-04-19 20:41 . 2009-04-19 20:41 905670 ----a-w- c:\windows\lvif3683.exe
      2009-04-19 20:40 . 2009-04-19 20:40 69697 ----a-w- c:\windows\tjoo53238.exe
      2009-04-19 20:39 . 2009-04-19 20:39 201171 ----a-w- c:\windows\ajhs5668.exe
      2009-04-02 15:29 . 2009-04-02 15:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
      2009-03-20 14:22 . 2008-10-21 21:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
      2009-03-20 14:22 . 2008-10-21 21:08 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
      2009-03-19 15:32 . 2009-03-19 15:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
      2009-03-18 21:53 . 2009-03-18 21:53 503808 ----a-w- c:\documents and settings\marco\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-48c7b06a-n\msvcp71.dll
      2009-03-18 21:53 . 2009-03-18 21:53 499712 ----a-w- c:\documents and settings\marco\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-48c7b06a-n\jmc.dll
      2009-03-18 21:53 . 2009-03-18 21:53 348160 ----a-w- c:\documents and settings\marco\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-48c7b06a-n\msvcr71.dll
      2009-03-18 21:52 . 2009-02-19 18:11 152576 ----a-w- c:\documents and settings\marco\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
      2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
      2009-03-12 09:03 . 2008-12-11 11:28 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
      2009-03-12 09:03 . 2008-10-23 20:10 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
      2009-03-09 04:19 . 2008-10-23 19:25 410984 ----a-w- c:\windows\system32\deploytk.dll
      2008-10-18 17:29 . 2008-10-18 17:29 278528 ----a-w- c:\program files\Common Files\FDEUnInstaller.exe
      .

      ------- Sigcheck -------

      [7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
      [7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
      [7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
      [7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
      [7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
      [-] 2004-08-10 11:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\ie7\wininet.dll
      [7] 2007-08-13 17:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB953838-IE7\wininet.dll
      [7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
      [7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
      [7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
      [7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
      [7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
      [-] 2009-03-08 03:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\system32\wininet.dll
      [-] 2009-03-08 03:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\system32\dllcache\wininet.dll
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
      "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
      "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "EditLevel"= 0 (0x0)
      "NoCommonGroups"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
      @="FSFilter Activity Monitor"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusDisableNotify"=dword:00000001
      "UpdatesDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "c:\\Program Files\\Messenger\\msmsgs.exe"=
      "c:\\Program Files\\LimeWire\\LimeWire.exe"=
      "c:\\Program Files\\Kontiki\\KService.exe"=
      "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\MSN Messenger\\livecall.exe"=
      "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
      "c:\\Program Files\\iTunes\\iTunes.exe"=

      R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [20/03/2009 15:22 310320]
      R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [20/03/2009 15:22 258608]
      R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [20/03/2009 15:21 482352]
      R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSXpx86.sys [29/05/2009 19:43 276344]
      R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [20/03/2009 15:21 115560]
      R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [08/05/2009 22:56 13440]
      R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25/02/2009 10:00 101936]

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
      "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
      .
      Contents of the 'Scheduled Tasks' folder

      2009-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
      - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
      .
      - - - - ORPHANS REMOVED - - - -

      HKLM-Run-NWEReboot - (no file)
      Notify-__c005D7A6 - c:\windows\system32\__c005D7A6.dat
      SafeBoot-procexp90.Sys


      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://google.com/
      uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
      uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
      uInternet Settings,ProxyOverride = <local>;*.local
      FF - ProfilePath - c:\documents and settings\marco\Application Data\Mozilla\Firefox\Profiles\fq4w4wdk.default\
      FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
      FF - prefs.js: browser.search.selectedEngine - Yoog Search
      FF - prefs.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
      FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
      FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
      FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
      FF - plugin: c:\program files\Veetle\Player\npvlc.dll
      FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
      FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
      FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll

      ---- FIREFOX POLICIES ----
      FF - user.js: google.toolbar.linkdoctor.enabled - false
      FF - user.js: browser.search.defaultenginename - Yoog Search
      FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
      FF - user.js: browser.search.selectedEngine - Yoog Search
      FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
      FF - user.js: keyword.enabled - true
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-06-06 13:26
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'explorer.exe'(2836)
      c:\windows\system32\ieframe.dll
      c:\windows\system32\OneX.DLL
      c:\windows\system32\eappprxy.dll
      c:\windows\system32\webcheck.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\windows\system32\ati2evxx.exe
      c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
      c:\program files\Bonjour\mDNSResponder.exe
      c:\windows\system32\CTSVCCDA.EXE
      c:\windows\ehome\ehrecvr.exe
      c:\windows\ehome\ehSched.exe
      c:\windows\system32\inetsrv\inetinfo.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\program files\Kontiki\KService.exe
      c:\windows\system32\snmp.exe
      c:\windows\ehome\mcrdsvc.exe
      c:\windows\system32\dllhost.exe
      c:\program files\iPod\bin\iPodService.exe
      .
      **************************************************************************
      .
      Completion time: 2009-06-06 13:40 - machine was rebooted
      ComboFix-quarantined-files.txt 2009-06-06 12:40

      Pre-Run: 22,041,509,888 bytes free
      Post-Run: 35,575,144,448 bytes free

      WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

      345 --- E O F --- 2009-05-14 16:27
      0
  2. eZula Messages postés 3509 Statut Contributeur 392
     
    .
    0
    1. mrco72
       
      merci e-zula je vais essayer et je te raconterai la suite.

      a + et merci encore
      0
  3. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Re,

    Voilà pourquoi je préféres aussi demander RSIT --> afin de vérifier si aucunes lignes n'a été fixé, et là c'est bien le cas --> =====HijackThis Backups=====

    Fixer les lignes n'a jamais supprimé les infections ( ce serait un peu trop facile)

    ------------------------------

    Télécharges et installes ccleaner
    - Durant l'installation, n'installe pas la barre d'outils yahoo ( décoches la case) et celle proposant --> " ajouter l'option des mises à jour"

    - Une fois installé, fermes toutes les applications en cours et lance ccleaner
    - clic >> option >> avancé et decoches " effacer les fichiers etc... plus vieux que 48h
    - Selectionne " nettoyeur " >> clic sur Analyse puis nettoyage, puis referme le programme...
    ---------------------------

    Telecharges Combofix et enregistres le sur ton bureau

    /!\ Désactive la garde résidente de ton antivirus et celle de ton antispyware /!\

    - Déconnectes toi et fermes toutes les applications en cours

    - Double clic sur Combofix.exe >> un message apparait > réponds " oui "

    - ( Il est conseillé d'installer la console de récupérations)

    - Sélectionnes la langue et presse la touche 1 ( yes) pour lancer le scan

    /!\ Ne touche ni à la souris, ni au clavier durant le scan, cela pourrait figer l'ordi /!\

    - A la fin du scan, Combofix aura besoin de redémarrer pour finir la désinfection, laisses le faire

    - Une fois terminé, un rapport s'affiche, poste son contenu que tu peux aussi trouver à c:\combofix.txt
    0
    1. mrco72
       
      Mister king !

      Je tiens a te remercier !
      ça a bien marcher, dumoins je crois ? ca a l'air fluide ! plus de pub !
      merci ! il est bien combo ? je ne le connaisais pas !
      merci encore passe un bon week end et @ bientot .......

      marco
      0
  4. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Ce n'est pas terminé, peux tu poster le rapport stp

    - Combofix est un outil puissant qu'il ne faut pas utiliser à la légère, tu pourrais planté l'ordi

    --> le rapport C:\combofix.txt se trouve à la racine du disque dur
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Peux-tu utiliser le cadre [ répondre ] stp lorsque tu postes, afin que le topic est un sens il faut répondre à la suite...

    - Ton pc est encore infecté, Yoog search entre autre etc...

    Rends toi sur ce site :https://www.virustotal.com/gui/

    - Cliques sur <parcourir> et cherches ces fichiers :

    c:\windows\xfduc50240.exe

    c:\windows\tjoo53238.exe



    - Cliques sur <Send File>.

    - Un rapport va s'élaborer ligne à ligne.

    - Attends la fin. Il doit comprendre la taille du fichier envoyé.

    - Sauvegardes le rapport avec le bloc-note et copies le dans ta réponse.
    0
    1. mrco72
       
      escuse moi mr king mais c est la premiere fois que jutilse se web site.
      0
    2. mrco72
       
      je l'ai bien mis ? oui tu as raison il est encore infecté ? mais est ce que c'est resolus ?

      escuse moi encore....

      File xfduc50240.exe received on 2009.06.06 15:41:33 (UTC)Antivirus Version Last Update Result
      a-squared 4.0.0.101 2009.06.04 -
      AhnLab-V3 5.0.0.2 2009.06.05 Win-Trojan/Clicker.93696
      AntiVir 7.9.0.180 2009.06.06 TR/Click.MSH.2
      Antiy-AVL 2.0.3.1 2009.06.05 -
      Authentium 5.1.2.4 2009.06.05 -
      Avast 4.8.1335.0 2009.06.05 -
      AVG 8.5.0.339 2009.06.06 -
      BitDefender 7.2 2009.06.06 Trojan.Clicker.MSH
      CAT-QuickHeal 10.00 2009.06.06 Trojan.Agent2.fbd
      ClamAV 0.94.1 2009.06.06 -
      Comodo 1272 2009.06.06 -
      DrWeb 5.0.0.12182 2009.06.06 -
      eSafe 7.0.17.0 2009.06.04 -
      eTrust-Vet 31.6.6542 2009.06.05 -
      F-Prot 4.4.4.56 2009.06.05 -
      F-Secure 8.0.14470.0 2009.06.05 -
      Fortinet 3.117.0.0 2009.06.06 PossibleThreat
      GData 19 2009.06.06 Trojan.Clicker.MSH
      Ikarus T3.1.1.59.0 2009.06.06 -
      K7AntiVirus 7.10.754 2009.06.04 -
      Kaspersky 7.0.0.125 2009.06.06 Heur.Trojan.Generic
      McAfee 5637 2009.06.05 -
      McAfee+Artemis 5637 2009.06.05 -
      McAfee-GW-Edition 6.7.6 2009.06.06 Trojan.Click.MSH.2
      Microsoft 1.4701 2009.06.06 -
      NOD32 4135 2009.06.06 -
      Norman 6.01.09 2009.06.05 -
      nProtect 2009.1.8.0 2009.06.06 Trojan-Clicker/W32.Agent.93696
      Panda 10.0.0.14 2009.06.06 Suspicious file
      PCTools 4.4.2.0 2009.06.06 -
      Prevx 3.0 2009.06.06 -
      Rising 21.32.52.00 2009.06.06 -
      Sophos 4.42.0 2009.06.06 -
      Sunbelt 3.2.1858.2 2009.06.06 Trojan-Clicker.MSH
      Symantec 1.4.4.12 2009.06.06 -
      TheHacker 6.3.4.3.340 2009.06.05 -
      TrendMicro 8.950.0.1092 2009.06.06 -
      VBA32 3.12.10.6 2009.06.06 -
      ViRobot 2009.6.5.1771 2009.06.05 -
      VirusBuster 4.6.5.0 2009.06.05 -

      Additional information
      File size: 93696 bytes
      MD5...: 0ab3b730d698c988d2fba7dfb1894c5f
      SHA1..: a69843375478eace031ed2c6945808504a66d2de
      SHA256: 4b45502b7769520dfb42347c5e70aa1414d8fd0a366cfe81a6f5590177ea5d0b
      ssdeep: -<BR>
      PEiD..: -
      TrID..: File type identification<BR>Win32 Executable Generic (38.4%)<BR>Win32 Dynamic Link Library (generic) (34.1%)<BR>Win16/32 Executable Delphi generic (9.3%)<BR>Generic Win/DOS Executable (9.0%)<BR>DOS Executable Generic (9.0%)
      PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x14250<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 9 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x12148 0x12200 6.54 7b649ba153a3f332e824eb13b4bac8b0<BR>.itext 0x14000 0x304 0x400 4.95 eeffa74e78da4dd9069f7c9844b538db<BR>.data 0x15000 0xc88 0xe00 2.32 7be78e492c3c629991cfdce25b6163d9<BR>.bss 0x16000 0x32e0 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0x1a000 0xa2a 0xc00 4.42 92d009dd41efae282e8b4fb4f56189b0<BR>.tls 0x1b000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0x1c000 0x18 0x200 0.20 327f5cc76968e5de7ebbacb62224fab2<BR>.reloc 0x1d000 0x16a0 0x1800 6.53 c70e98601345ecaeac4ab19d08fe57eb<BR>.rsrc 0x1f000 0x1000 0x1000 3.68 db19866561319c509561fe610b3f3ec0<BR><BR>( 10 imports ) <BR>> oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<BR>> advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey<BR>> user32.dll: GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA<BR>> kernel32.dll: GetACP, Sleep, VirtualFree, VirtualAlloc, GetTickCount, QueryPerformanceCounter, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle<BR>> kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA<BR>> user32.dll: MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA, CharToOemA<BR>> kernel32.dll: WriteFile, VirtualQuery, Sleep, MultiByteToWideChar, LeaveCriticalSection, InitializeCriticalSection, GetVersionExA, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetDiskFreeSpaceA, GetDateFormatA, GetCPInfo, FreeLibrary, FormatMessageA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CompareStringA<BR>> oleaut32.dll: GetErrorInfo, SysFreeString<BR>> ole32.dll: CLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitialize<BR>> oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit<BR><BR>( 0 exports ) <BR>
      PDFiD.: -
      RDS...: NSRL Reference Data Set<BR>-
      CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=0ab3b730d698c988d2fba7dfb1894c5f' target='_blank'>http://research.sunbelt-software.com/...
      0
  7. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Pas de soucis ;))
    0
  8. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Je l'ai bien mis ? oui tu as raison il est encore infecté ? mais est ce que c'est resolus

    --> j'attends le 2ème...
    0
  9. mrco72
     
    ok desole voila le second

    Virustotal est un service qui analyse les fichiers suspects et facilite la détection rapide des virus, vers, chevaux de Troie et toutes sortes de malwares détectés par les moteurs antivirus. Plus d'informations...

    Fichier kfuaa07573.exe reçu le 2009.05.28 12:46:04 (UTC)
    Situation actuelle: terminé

    Résultat: 7/39 (17.95%)
    Formaté Impression des résultats Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.101 2009.05.28 -
    AhnLab-V3 5.0.0.2 2009.05.28 -
    AntiVir 7.9.0.180 2009.05.28 -
    Antiy-AVL 2.0.3.1 2009.05.27 -
    Authentium 5.1.2.4 2009.05.28 -
    Avast 4.8.1335.0 2009.05.27 -
    AVG 8.5.0.339 2009.05.28 -
    BitDefender 7.2 2009.05.28 -
    CAT-QuickHeal 10.00 2009.05.28 -
    ClamAV 0.94.1 2009.05.28 -
    Comodo 1210 2009.05.28 TrojWare.Win32.TrojanDropper.Agent.~RBP
    DrWeb 5.0.0.12182 2009.05.28 -
    eSafe 7.0.17.0 2009.05.27 Win32.MaliciousSoftw
    eTrust-Vet 31.6.6526 2009.05.28 -
    F-Prot 4.4.4.56 2009.05.28 -
    F-Secure 8.0.14470.0 2009.05.28 Suspicious:W32/Malware!Gemini
    Fortinet 3.117.0.0 2009.05.28 -
    GData 19 2009.05.28 -
    Ikarus T3.1.1.57.0 2009.05.28 -
    K7AntiVirus 7.10.746 2009.05.27 -
    Kaspersky 7.0.0.125 2009.05.28 -
    McAfee 5628 2009.05.27 -
    McAfee+Artemis 5628 2009.05.27 -
    McAfee-GW-Edition 6.7.6 2009.05.28 -
    Microsoft 1.4701 2009.05.28 -
    NOD32 4111 2009.05.28 -
    Norman 6.01.05 2009.05.28 -
    nProtect 2009.1.8.0 2009.05.28 -
    Panda 10.0.0.14 2009.05.28 Suspicious file
    PCTools 4.4.2.0 2009.05.21 -
    Prevx 3.0 2009.05.28 Medium Risk Malware
    Rising 21.31.21.00 2009.05.27 -
    Sophos 4.42.0 2009.05.28 -
    Sunbelt 3.2.1858.2 2009.05.28 -
    Symantec 1.4.4.12 2009.05.28 -
    TheHacker 6.3.4.3.333 2009.05.28 -
    TrendMicro 8.950.0.1092 2009.05.28 TROJ_AGENT.ASB
    VBA32 3.12.10.6 2009.05.27 -
    ViRobot 2009.5.28.1758 2009.05.28 Spyware.Lwsta.Do.69697
    Information additionnelle
    File size: 69697 bytes
    MD5 : 71f29a6ce4c9907783301376c7b7a214
    SHA1 : 3165aaf5ca7e6f91541794a721c0d235aef432fa
    SHA256: c72e5f8b875dc7c83a3ccac924701d4089017227da07add3e6bb95b652aa138c
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x30E3
    timedatestamp.....: 0x48A737EC (Sat Aug 16 22:26:20 2008)
    machinetype.......: 0x14C (Intel I386)

    ( 5 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x5B68 0x5C00 6.49 6bfa289fc453f683cf6ad42723acbb61
    .rdata 0x7000 0x129C 0x1400 5.05 165e3e874dc59c8a96748c6f4d0f4207
    .data 0x9000 0x25C58 0x400 4.77 78a50275610b8d77577a9aaa1957d1b6
    .ndata 0x2F000 0x8000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
    .rsrc 0x37000 0xA68 0xC00 3.47 d211484d2bd0bc7cd9fa8208a56e2ff4

    ( 0 imports )

    ( 0 exports )

    TrID : File type identification
    Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    ssdeep: 1536:jYTmwVUsW7dtJMHy0DxmJXNQdHnydrHIepHaLEYdVN25+QB:US17XJiDxmJXK1ydrNhsNzQB
    Prevx Info: http://info.prevx.com/aboutprogramtext.asp?PX5=53CB81C141695ED410F40121E4A6000025BCB8E1
    PEiD : -
    CWSandbox: http://research.sunbelt-software.com/...
    RDS : NSRL Reference Data Set

    toujours infecter ?
    0
  10. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Télécharges ATF Cleaner par Atribune sur ton bureau : http://www.atribune.org/ccount/click.php?id=1
    - Démarres ATF-Cleaner et coche toutes les cases.
    - Cliques sur <Empty Selected> et au message "Done Cleaning" sur <Ok>
    NB : Si tu utilises Firefox ou Opera :
    - Cliques sur Firefox ou Opera en haut puis choisis <Select All>.
    - Cliques sur le bouton <Empty Selected> (NB : Si tu veux conserver tes mots de passe sauvegardés alors cliques sur <No> à l'invite).
    - Cliques sur <Main> pour revenir à menu principal
    - Cliques sur <Exit>, du menu prinicipal, pour quitter ATFcleaner.
    NB : Si le prefetch est nettoyé le redémarrage du PC sera plus lent.

    -----------------------------

    > Avec Combofix :
    - Crée un nouveau document texte : clic droit de souris sur le bureau => Nouveau => Document Texte, et copie/colle dedans les lignes suivantes :

    Files::
    c:\windows\xfduc50240.exe
    c:\windows\lvif3683.exe
    c:\windows\tjoo53238.exe
    c:\windows\ajhs5668.exe

    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000000
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000000
    "UpdatesDisableNotify"=dword:00000000


    - Enregistres ce fichier sous le nom CFScript (Type du fichier : tous les fichiers)

    - Fermes tous tes navigateurs web (donc copies ou imprimes les instructions suivantes avant si necessaire).

    - Désactives ton antivirus et tes autres protections résidentes (ex : Spybot) si tu en as (c'est important).

    - Fais un glissé/déposé de ce fichier CFScript sur le programme ComboFix.exe comme sur le lien :
    http://img517.imageshack.us/img517/8662/cfscript10uc2.gif

    ( Cliques sur le fichier CFScript, maintiens le doigt enfoncé et glisses la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relâche alors le bouton de la souris).
    - Combofix va démarrer puis une fenêtre bleue va apparaître.

    - Patientes le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal !

    - Ne touches à rien tant que le scan n'est pas terminé sinon le PC peut planter !

    - Une fois le scan achevé, un rapport va s'afficher: poste le stp.
    0
  11. mrco72
     
    desole il a fallu sortir le chien !!!!! :).
    on y aura passer tout la journee ! j espere que c'est fini ?

    voila le raport : c est

    ComboFix 09-06-05.09 - marco 06/06/2009 18:39.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.510.198 [GMT 1:00]
    Running from: c:\documents and settings\marco\My Documents\windows\ComboFix.exe
    Command switches used :: c:\documents and settings\marco\Desktop\CFScript.txt
    AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .

    ((((((((((((((((((((((((( Files Created from 2009-05-06 to 2009-06-06 )))))))))))))))))))))))))))))))
    .

    2009-06-06 17:37 . 2009-06-06 17:37 -------- d-----w- C:\32788R22FWJFW.0.tmp
    2009-06-06 15:31 . 2009-03-08 03:21 89104 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.003\NAVENG.SYS
    2009-06-06 15:31 . 2009-03-08 03:21 876144 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.003\NAVEX15.SYS
    2009-06-06 15:31 . 2009-03-08 03:21 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.003\EECTRL.SYS
    2009-06-06 15:31 . 2009-03-08 03:21 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.003\ECMSVR32.DLL
    2009-06-06 15:31 . 2009-03-08 03:21 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.003\CCERASER.DLL
    2009-06-06 15:31 . 2009-03-08 03:21 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.003\NAVENG32.DLL
    2009-06-06 15:31 . 2009-03-08 03:21 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.003\NAVEX32A.DLL
    2009-06-06 15:31 . 2009-03-08 03:21 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090606.003\ERASER.SYS
    2009-06-06 12:24 . 2009-03-12 09:03 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
    2009-06-06 11:22 . 2009-06-06 11:23 -------- d-----w- C:\rsit
    2009-06-06 10:53 . 2009-06-06 10:53 -------- d-----w- C:\Yoog_Fix
    2009-06-06 10:49 . 2009-06-06 10:49 -------- d-----w- C:\ToolBar SD
    2009-06-06 10:44 . 2009-06-06 10:55 -------- d-----w- c:\program files\Navilog1
    2009-06-06 10:34 . 2009-06-06 10:34 -------- d-----w- C:\GenProc
    2009-06-05 08:01 . 2009-06-05 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Documents
    2009-06-04 08:16 . 2009-06-04 08:16 -------- d-----w- c:\documents and settings\marco\Application Data\Yahoo!
    2009-06-04 08:16 . 2009-06-04 08:36 -------- d-----w- c:\program files\Yahoo!
    2009-06-04 08:16 . 2009-06-04 08:16 -------- d-----w- c:\program files\CCleaner
    2009-06-03 12:08 . 2009-06-03 12:08 -------- d-----w- c:\program files\Trend Micro
    2009-06-03 08:34 . 2009-06-03 08:34 -------- d-----w- c:\windows\system32\wbem\Repository
    2009-06-03 08:34 . 2009-06-03 08:34 -------- d-----w- c:\program files\Bonjour
    2009-05-29 18:43 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\Scxpx86.dll
    2009-05-29 18:43 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSXpx86.sys
    2009-05-29 18:43 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSvix86.sys
    2009-05-29 18:43 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSxpx86.dll
    2009-05-29 18:43 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSviA64.sys
    2009-05-26 16:23 . 2009-05-26 16:23 -------- d-----w- c:\program files\Veoh Networks
    2009-05-21 13:48 . 2009-05-21 13:48 -------- d-----w- c:\documents and settings\marco\Local Settings\Application Data\Ahead
    2009-05-21 13:38 . 2009-05-21 14:26 -------- d-----w- c:\documents and settings\marco\Application Data\Any Video Converter
    2009-05-21 13:38 . 2009-05-21 13:39 -------- d-----w- c:\program files\Any Video Converter
    2009-05-21 13:06 . 2000-06-26 10:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
    2009-05-21 13:06 . 2004-07-26 16:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
    2009-05-21 13:06 . 2004-07-26 16:16 262144 ------w- c:\windows\system32\ImagXR7.dll
    2009-05-21 13:06 . 2004-07-26 16:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
    2009-05-21 13:06 . 2004-07-26 16:16 1568768 ------w- c:\windows\system32\ImagX7.dll
    2009-05-21 13:06 . 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
    2009-05-19 19:00 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\Scxpx86.dll
    2009-05-19 19:00 . 2009-01-29 21:50 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSXpx86.sys
    2009-05-19 19:00 . 2009-01-29 21:50 292912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSvix86.sys
    2009-05-19 19:00 . 2009-01-29 21:50 447864 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSxpx86.dll
    2009-05-19 19:00 . 2009-01-29 21:50 396848 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSviA64.sys
    2009-05-14 16:11 . 2009-05-14 16:11 -------- d-----w- c:\windows\ie8
    2009-05-14 15:47 . 2009-06-03 10:27 -------- d-sh--w- c:\windows\system32\SystemService32(3)
    2009-05-14 15:01 . 2009-06-03 09:38 -------- d-----w- c:\windows\system32\SystemService32(2)
    2009-05-14 14:42 . 2009-05-14 14:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
    2009-05-14 14:13 . 2009-05-14 14:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\Leadertech
    2009-05-14 13:53 . 2009-05-14 16:11 -------- d-----w- c:\program files\Common Files\Sonic Shared(2)
    2009-05-14 12:23 . 2009-05-14 12:23 -------- d-----w- c:\program files\Dell
    2009-05-12 12:13 . 2009-05-12 12:13 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
    2009-05-11 20:31 . 2009-02-20 18:09 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-05-11 20:31 . 2009-02-20 18:09 78336 ----a-w- c:\windows\system32\dllcache\ieencode.dll
    2009-05-11 17:02 . 2009-05-14 16:25 -------- d-----w- c:\program files\Sonic
    2009-05-11 11:42 . 2009-05-11 11:42 93696 ----a-w- c:\windows\xfduc50240.exe
    2009-05-11 10:36 . 2009-05-11 10:36 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Apple
    2009-05-11 09:55 . 2009-05-11 09:59 -------- d-----w- c:\documents and settings\marco\Application Data\Ahead
    2009-05-11 09:41 . 2009-05-11 09:41 -------- d-----w- c:\program files\Common Files\Nero
    2009-05-11 09:39 . 2001-03-08 18:30 24064 ------w- c:\windows\system32\msxml3a.dll
    2009-05-11 09:38 . 2009-05-11 09:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
    2009-05-11 09:38 . 2009-05-21 13:06 -------- d-----w- c:\program files\Common Files\Ahead
    2009-05-11 09:38 . 2009-05-21 13:06 -------- d-----w- c:\program files\Ahead
    2009-05-10 13:54 . 2009-05-10 13:54 -------- d-----w- c:\documents and settings\marco\Local Settings\Application Data\Identities
    2009-05-09 12:10 . 2009-05-09 12:10 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
    2009-05-09 10:48 . 2009-03-19 15:32 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2009-05-09 10:48 . 2008-04-17 11:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
    2009-05-09 10:47 . 2009-06-05 16:50 -------- d-----w- c:\program files\iPod
    2009-05-09 10:46 . 2009-05-09 10:48 -------- d-----w- c:\program files\iTunes
    2009-05-09 10:46 . 2009-05-09 10:48 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
    2009-05-09 10:42 . 2009-05-09 10:44 -------- d-----w- c:\program files\QuickTime
    2009-05-09 10:42 . 2009-05-09 10:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-05-08 21:56 . 2009-05-08 21:56 13440 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
    2009-05-08 21:56 . 2004-05-28 01:06 266240 ------w- c:\windows\Dit.DLL
    2009-05-08 21:56 . 2004-01-29 08:31 86016 ----a-w- c:\windows\Dit.exe
    2009-05-08 21:56 . 2003-07-11 09:31 61440 ----a-w- c:\windows\DitExp.exe
    2009-05-08 21:50 . 2009-05-08 21:50 -------- d-----w- c:\program files\Multimedia Card Reader
    2009-05-08 21:48 . 2009-05-08 21:48 -------- d-----w- c:\program files\MUSICMATCH
    2009-05-08 21:45 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe
    2009-05-08 21:45 . 2009-05-08 21:46 -------- d-----w- c:\program files\CyberLink

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-06 17:50 . 2008-10-26 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
    2009-06-05 15:00 . 2008-12-05 19:24 -------- d-----w- c:\documents and settings\marco\Application Data\dvdcss
    2009-06-03 09:44 . 2008-10-21 21:08 -------- d-----w- c:\program files\Symantec
    2009-06-01 09:24 . 2008-11-06 22:08 -------- d-----w- c:\program files\Common Files\Apple
    2009-05-14 16:27 . 2008-10-19 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2009-05-14 16:23 . 2008-10-19 15:57 -------- d-----w- c:\program files\DivX
    2009-05-11 07:51 . 2008-10-18 21:49 -------- d-----w- c:\program files\Windows Media Connect 2
    2009-05-09 10:49 . 2008-11-06 22:11 -------- d-----w- c:\documents and settings\marco\Application Data\Apple Computer
    2009-05-08 21:56 . 2008-10-18 19:45 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-05-08 21:37 . 2008-10-18 17:14 26856 ----a-w- c:\documents and settings\marco\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-05-07 13:05 . 2008-10-19 14:25 -------- d-----w- c:\program files\Microsoft Works
    2009-05-07 12:20 . 2009-05-07 12:20 -------- d-----w- c:\program files\MSBuild
    2009-05-07 12:20 . 2009-05-07 12:20 -------- d-----w- c:\program files\Reference Assemblies
    2009-05-06 18:43 . 2009-05-06 18:43 -------- d-----w- c:\program files\Boots F2CD
    2009-04-22 09:32 . 2008-10-23 19:24 -------- d-----w- c:\program files\Java
    2009-04-22 07:01 . 2009-04-22 07:01 152576 ----a-w- c:\documents and settings\marco\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
    2009-04-19 20:41 . 2009-04-19 20:41 905670 ----a-w- c:\windows\lvif3683.exe
    2009-04-19 20:40 . 2009-04-19 20:40 69697 ----a-w- c:\windows\tjoo53238.exe
    2009-04-19 20:39 . 2009-04-19 20:39 201171 ----a-w- c:\windows\ajhs5668.exe
    2009-04-02 15:29 . 2009-04-02 15:29 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
    2009-03-20 14:22 . 2008-10-21 21:08 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2009-03-20 14:22 . 2008-10-21 21:08 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2009-03-19 15:32 . 2009-03-19 15:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
    2009-03-18 21:53 . 2009-03-18 21:53 503808 ----a-w- c:\documents and settings\marco\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-48c7b06a-n\msvcp71.dll
    2009-03-18 21:53 . 2009-03-18 21:53 499712 ----a-w- c:\documents and settings\marco\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-48c7b06a-n\jmc.dll
    2009-03-18 21:53 . 2009-03-18 21:53 348160 ----a-w- c:\documents and settings\marco\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-48c7b06a-n\msvcr71.dll
    2009-03-18 21:52 . 2009-02-19 18:11 152576 ----a-w- c:\documents and settings\marco\Application Data\Sun\Java\jre1.6.0_11\lzma.dll
    2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
    2009-03-12 09:03 . 2008-12-11 11:28 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
    2009-03-12 09:03 . 2008-10-23 20:10 554352 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
    2009-03-09 04:19 . 2008-10-23 19:25 410984 ----a-w- c:\windows\system32\deploytk.dll
    2008-10-18 17:29 . 2008-10-18 17:29 278528 ----a-w- c:\program files\Common Files\FDEUnInstaller.exe
    .

    ------- Sigcheck -------

    [7] 2008-06-23 16:01 827904 C66402A06B83B036C195242C0C8CF83C c:\windows\$hf_mig$\KB953838-IE7\SP2QFE\wininet.dll
    [7] 2008-08-26 09:08 827904 77C192FE56A70D7FA0247BA0A6201C32 c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\wininet.dll
    [7] 2008-10-16 20:24 827904 0D5B75171FF51775B630A431B6C667E8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
    [7] 2008-12-20 23:56 827904 044E0A4E9FE97C0FB9AFE9C89E2A82E6 c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\wininet.dll
    [7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
    [-] 2004-08-10 11:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\ie7\wininet.dll
    [7] 2007-08-13 17:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB953838-IE7\wininet.dll
    [7] 2008-06-23 16:57 826368 8C13D4A7479FA0A026EDA8ABCE82C0ED c:\windows\ie7updates\KB956390-IE7\wininet.dll
    [7] 2008-08-26 07:24 826368 EF8EBA98145BFA44E80D17A3B3453300 c:\windows\ie7updates\KB958215-IE7\wininet.dll
    [7] 2008-10-16 20:38 826368 6741EAF7B7F110E803A6E38F6E5FA6B0 c:\windows\ie7updates\KB961260-IE7\wininet.dll
    [7] 2008-12-20 23:15 826368 A82935D32D0672E8FF4E91AE398E901C c:\windows\ie7updates\KB963027-IE7\wininet.dll
    [7] 2008-04-14 00:12 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
    [-] 2009-03-08 03:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\system32\wininet.dll
    [-] 2009-03-08 03:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\system32\dllcache\wininet.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "kdx"="c:\program files\Kontiki\KHost.exe" [2008-02-27 1032376]
    "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "EditLevel"= 0 (0x0)
    "NoCommonGroups"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
    @="FSFilter Activity Monitor"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Kontiki\\KService.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.087\SymEFA.sys [20/03/2009 15:22 310320]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.087\BHDrvx86.sys [20/03/2009 15:22 258608]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.087\cchpx86.sys [20/03/2009 15:21 482352]
    R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528.001\IDSXpx86.sys [29/05/2009 19:43 276344]
    R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe [20/03/2009 15:21 115560]
    R3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [08/05/2009 22:56 13440]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [25/02/2009 10:00 101936]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    Contents of the 'Scheduled Tasks' folder

    2009-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uSearchMigratedDefaultURL = hxxp://search.orange.co.uk/all?brand=ouk&tab=web&p=_adr&q={searchTerms}
    uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
    uInternet Settings,ProxyOverride = <local>;*.local
    FF - ProfilePath - c:\documents and settings\marco\Application Data\Mozilla\Firefox\Profiles\fq4w4wdk.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
    FF - prefs.js: browser.search.selectedEngine - Yoog Search
    FF - prefs.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: google.toolbar.linkdoctor.enabled - false
    FF - user.js: browser.search.defaultenginename - Yoog Search
    FF - user.js: browser.search.defaulturl - hxxp://www14.yoog.com/search.php?q=
    FF - user.js: browser.search.selectedEngine - Yoog Search
    FF - user.js: keyword.URL - hxxp://www14.yoog.com/search.php?q=
    FF - user.js: keyword.enabled - true
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-06 18:48
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.5.0.135\diMaster.dll\" /prefetch:1"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(4228)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2009-06-06 18:55
    ComboFix-quarantined-files.txt 2009-06-06 17:55
    ComboFix2.txt 2009-06-06 12:40

    Pre-Run: 35,603,185,664 bytes free
    Post-Run: 35,575,881,728 bytes free

    230 --- E O F --- 2009-05-14 16:27
    0
  12. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Bon, ça n'a pas l'air d'avoir fonctionner,on va faire autrement :

    - Telecharges Malwarebytes' Anti-Malware :

    - Installes le > double-clic sur Mbam-setup.exe, à la fin de l'installation, il se mettra automatiquement à jour

    - Une fois installé, fermes toutes les applications en cours et lances Malwarebytes

    - Executes un examen rapide du pc ( tu n'auras pas accés à internet pendant l'analyse)

    - A la fin du scan clic sur " Afficher les resultats ",

    - si Malwarebytes a trouvé des infections >> clic sur " Supprimer la selection "

    - Si il a besoin de redemarrer le pc pour finir la desinfection, acceptes

    - Un rapport s'etablira, postes son contenu.
    0
    1. mrco72
       
      j ai comme l'impression que ca a marcher ????

      Malwarebytes' Anti-Malware 1.37
      Version de la base de données: 2238
      Windows 5.1.2600 Service Pack 3

      06/06/2009 19:26:21
      mbam-log-2009-06-06 (19-26-21).txt

      Type de recherche: Examen rapide
      Eléments examinés: 88203
      Temps écoulé: 4 minute(s), 14 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 23
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 2

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\Interface\{255c13ae-4bb0-45c3-bae1-ba6c088c43b3} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{8fbb0d9a-1f7b-465b-8292-1593b880e92a} (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d97fc677-694d-4a75-ac89-a5b85c2bcfed} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6226ba26-c017-4007-928c-de9715c6fa67} (Adware.BullseyeToolbar) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\runit (Adware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\runit (Adware.Trace) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      c:\WINDOWS\tjoo53238.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      c:\WINDOWS\lvif3683.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      0
  13. mrco72
     
    j'en est aucune idee ???? c'est quoi t'en as une idee ? mais que veux dire (utc) ?

    merci pour tout ce que tu fais ......
    marco.
    0
  14. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Et là tu comprends mieux ?

    Fichier kfuaa07573.exe reçu le 2009.05.28 12:46:04 (UTC)
    Situation actuelle: terminé

    Résultat: 7/39 (17.95%)
    Formaté Impression des résultats Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.101 2009.05.28 -
    AhnLab-V3 5.0.0.2 2009.05.28 -
    AntiVir 7.9.0.180 2009.05.28 -
    Antiy-AVL 2.0.3.1 2009.05.27 -
    Authentium 5.1.2.4 2009.05.28 -
    Avast 4.8.1335.0 2009.05.27 -
    AVG 8.5.0.339 2009.05.28 -
    BitDefender 7.2 2009.05.28 -
    CAT-QuickHeal 10.00 2009.05.28 -
    ClamAV 0.94.1 2009.05.28 -
    Comodo 1210 2009.05.28 TrojWare.Win32.TrojanDropper.Agent.~RBP
    DrWeb 5.0.0.12182 2009.05.28 -
    eSafe 7.0.17.0 2009.05.27Win32.MaliciousSoftw

    * Le nom du fichier

    * La date de l'analyse

    * Les dates de mises à jour virale

    Voici les fichiers que je t'ai demandé d'analyser ( aujourd'hui)

    c:\windows\xfduc50240.exe

    c:\windows\tjoo53238.exe


    ???
    0
    1. mrco72
       
      hello mister king

      Desole pour samedi mais alors j ai pas bien saisis ce qu'il c'est passe , j ai vraiment applique a la lettre tes conseils et je ne sais pas d'ou ce fichier est apparu.
      que me conseil tu de faire ? je suppose que mon ordi est encore infecter?
      merci pour se que tu fais ?
      marco.
      0
    2. mrco72
       
      voila le test du c:\windows\xfduc50240.exe ? et le c:\windows\tjoo53238.exe ? je ne le trouve plus ?
      merci de m'aider ?

      Antivirus Version Last Update Result
      a-squared 4.0.0.101 2009.06.04 -
      AhnLab-V3 5.0.0.2 2009.06.08 Win-Trojan/Clicker.93696
      AntiVir 7.9.0.180 2009.06.08 TR/Click.MSH.2
      Antiy-AVL 2.0.3.1 2009.06.08 Trojan/Win32.heuristic
      Authentium 5.1.2.4 2009.06.08 -
      Avast 4.8.1335.0 2009.06.07 Win32:Trojan-gen {Other}
      AVG 8.5.0.339 2009.06.08 -
      BitDefender 7.2 2009.06.08 Trojan.Clicker.MSH
      CAT-QuickHeal 10.00 2009.06.08 Trojan.Agent2.fbd
      ClamAV 0.94.1 2009.06.08 -
      Comodo 1283 2009.06.08 -
      DrWeb 5.0.0.12182 2009.06.08 -
      eSafe 7.0.17.0 2009.06.07 Win32.TRClick.Msh
      eTrust-Vet 31.6.6547 2009.06.08 -
      F-Prot 4.4.4.56 2009.06.08 -
      F-Secure 8.0.14470.0 2009.06.08 -
      Fortinet 3.117.0.0 2009.06.08 PossibleThreat
      GData 19 2009.06.08 Trojan.Clicker.MSH
      Ikarus T3.1.1.59.0 2009.06.08 -
      K7AntiVirus 7.10.754 2009.06.04 -
      Kaspersky 7.0.0.125 2009.06.08 Heur.Trojan.Generic
      McAfee 5639 2009.06.07 -
      McAfee+Artemis 5639 2009.06.07 Artemis!0AB3B730D698
      McAfee-GW-Edition 6.7.6 2009.06.08 Trojan.Click.MSH.2
      Microsoft 1.4701 2009.06.08 -
      NOD32 4137 2009.06.08 -
      Norman 6.01.09 2009.06.05 -
      nProtect 2009.1.8.0 2009.06.08 Trojan-Clicker/W32.Agent.93696
      Panda 10.0.0.14 2009.06.07 Suspicious file
      PCTools 4.4.2.0 2009.06.06 -
      Prevx 3.0 2009.06.08 High Risk Cloaked Malware
      Rising 21.33.02.00 2009.06.08 -
      Sophos 4.42.0 2009.06.08 Mal/Generic-A
      Sunbelt 3.2.1858.2 2009.06.07 Trojan-Clicker.MSH
      Symantec 1.4.4.12 2009.06.08 -
      TheHacker 6.3.4.3.342 2009.06.08 -
      TrendMicro 8.950.0.1092 2009.06.08 -
      VBA32 3.12.10.6 2009.06.08 -
      ViRobot 2009.6.5.1771 2009.06.05 -
      Additional information
      File size: 93696 bytes
      MD5...: 0ab3b730d698c988d2fba7dfb1894c5f
      SHA1..: a69843375478eace031ed2c6945808504a66d2de
      SHA256: 4b45502b7769520dfb42347c5e70aa1414d8fd0a366cfe81a6f5590177ea5d0b
      ssdeep: -

      PEiD..: -
      TrID..: File type identification
      Win32 Executable Generic (38.4%)
      Win32 Dynamic Link Library (generic) (34.1%)
      Win16/32 Executable Delphi generic (9.3%)
      Generic Win/DOS Executable (9.0%)
      DOS Executable Generic (9.0%)
      PEInfo: PE Structure information

      ( base data )
      entrypointaddress.: 0x14250
      timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)
      machinetype.......: 0x14c (I386)

      ( 9 sections )
      name viradd virsiz rawdsiz ntrpy md5
      .text 0x1000 0x12148 0x12200 6.54 7b649ba153a3f332e824eb13b4bac8b0
      .itext 0x14000 0x304 0x400 4.95 eeffa74e78da4dd9069f7c9844b538db
      .data 0x15000 0xc88 0xe00 2.32 7be78e492c3c629991cfdce25b6163d9
      .bss 0x16000 0x32e0 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
      .idata 0x1a000 0xa2a 0xc00 4.42 92d009dd41efae282e8b4fb4f56189b0
      .tls 0x1b000 0x8 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
      .rdata 0x1c000 0x18 0x200 0.20 327f5cc76968e5de7ebbacb62224fab2
      .reloc 0x1d000 0x16a0 0x1800 6.53 c70e98601345ecaeac4ab19d08fe57eb
      .rsrc 0x1f000 0x1000 0x1000 3.68 db19866561319c509561fe610b3f3ec0

      ( 10 imports )
      > oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen
      > advapi32.dll: RegQueryValueExA, RegOpenKeyExA, RegCloseKey
      > user32.dll: GetKeyboardType, DestroyWindow, LoadStringA, MessageBoxA, CharNextA
      > kernel32.dll: GetACP, Sleep, VirtualFree, VirtualAlloc, GetTickCount, QueryPerformanceCounter, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
      > kernel32.dll: TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
      > user32.dll: MessageBoxA, LoadStringA, GetSystemMetrics, CharNextA, CharToOemA
      > kernel32.dll: WriteFile, VirtualQuery, Sleep, MultiByteToWideChar, LeaveCriticalSection, InitializeCriticalSection, GetVersionExA, GetThreadLocale, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetDiskFreeSpaceA, GetDateFormatA, GetCPInfo, FreeLibrary, FormatMessageA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CompareStringA
      > oleaut32.dll: GetErrorInfo, SysFreeString
      > ole32.dll: CLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitialize
      > oleaut32.dll: SafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit

      ( 0 exports )

      PDFiD.: -
      RDS...: NSRL Reference Data Set
      -
      CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=0ab3b730d698c988d2fba7dfb1894c5f' target='_blank'>http://research.sunbelt-software.com/...
      Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=7A52783100ED9C166E23014EC0AD6E00A99FE632' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=7A52783100ED9C166E23014EC0AD6E00A99FE632</a>
      0
  15. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Bonjour,

    1) Télécharge ToolsCleaner .sur le bureau
    http://pc-system.fr/

    Double-clique sur ToolsCleaner2.exe
    - Cliques sur :

    --> Recherche
    Puis,
    --> Suppression.

    Postes le rapport qui se trouve aussi dans C:\TCleaner.txt
    0
    1. mrco72
       
      bonjour et merci encore

      voici le rapport que tu m'as dit :

      [ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]

      --> Recherche:

      C:\Combofix.txt: trouvé !
      C:\fixnavi.txt: trouvé !
      C:\gennavi.txt: trouvé !
      C:\GenProc: trouvé !
      C:\Qoobox: trouvé !
      C:\Toolbar SD: trouvé !
      C:\Rsit: trouvé !
      C:\Yoog_Fix: trouvé !
      C:\Documents and Settings\marco\My Documents\windows\HijackThis.lnk: trouvé !
      C:\Documents and Settings\marco\My Documents\windows\Navilog1.exe: trouvé !
      C:\Documents and Settings\marco\My Documents\windows\ComboFix.exe: trouvé !
      C:\Documents and Settings\marco\My Documents\windows\HJTInstall.exe: trouvé !
      C:\Documents and Settings\marco\My Documents\windows\Rsit.exe: trouvé !
      C:\Documents and Settings\marco\My Documents\windows\Genproc.exe: trouvé !
      C:\GenProc\outil\mbr.exe: trouvé !
      C:\GenProc\Page\GenProc[*].html: trouvé !
      C:\Program Files\Navilog1: trouvé !
      C:\Program Files\Trend Micro\HijackThis.exe: trouvé !
      C:\Program Files\Trend Micro\HijackThis: trouvé !
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
      C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

      ---------------------------------
      --> Suppression:

      C:\Documents and Settings\marco\My Documents\windows\HijackThis.lnk: supprimé !
      C:\Documents and Settings\marco\My Documents\windows\Navilog1.exe: supprimé !
      C:\Documents and Settings\marco\My Documents\windows\ComboFix.exe: ERREUR DE SUPPRESSION !!
      C:\Documents and Settings\marco\My Documents\windows\HJTInstall.exe: supprimé !
      C:\Program Files\Trend Micro\HijackThis.exe: supprimé !
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
      C:\Combofix.txt: supprimé !
      C:\fixnavi.txt: supprimé !
      C:\gennavi.txt: supprimé !
      C:\Documents and Settings\marco\My Documents\windows\Rsit.exe: supprimé !
      C:\Documents and Settings\marco\My Documents\windows\Genproc.exe: supprimé !
      C:\GenProc\outil\mbr.exe: supprimé !
      C:\GenProc\Page\GenProc[*].html: ERREUR DE SUPPRESSION !!
      C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
      C:\GenProc: supprimé !
      C:\Qoobox: supprimé !
      C:\Toolbar SD: supprimé !
      C:\Rsit: supprimé !
      C:\Yoog_Fix: supprimé !
      C:\Program Files\Navilog1: supprimé !
      C:\Program Files\Trend Micro\HijackThis: supprimé !
      0
  16. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Ok,

    Clique sur Démarrer puis Exécuter. Tape combofix /u dans la zone de saisie puis OK.
    - ( il y a un espace entre combofix et /u)

    Ensuite,

    /!\Désactive ton antivirus le temps de la manipulation car OTM est détecté comme une infection à tort./!\

    * Télécharge OTM (OldTimer) sur ton Bureau.

    - Double- Clique sur OTM.exe

    - Copie (Ctrl+C) le texte en gras ci-dessous :

    :processes
    explorer.exe

    :Files
    c:\windows\xfduc50240.exe
    c:\windows\ajhs5668.exe

    :commands
    [purity]
    [emptytemp]
    [reboot]


    ---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

    ---> Clique maintenant sur le bouton MoveIt! puis ferme OTM.

    Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
    Accepte en cliquant sur YES.

    ---> le rapport est situé dans ce dossier : C:\_OTM\MovedFiles\
    Le nom du rapport correspond au moment de sa création : date_heure.log

    *pour poster les rapports, tu vas utiliser ci-joint :

    http://www.cijoint.fr/

    Clique sur <Parcourir> et cherche le fichier C:\_OTM\MovedFiles\

    Clique sur <Ouvrir>.

    Clique sur "Cliquez ici pour déposer le fichier".

    Un lien te sera présenté, Copie le dans ta prochaine réponse
    0
    1. mrco72
       
      hello ced_king,

      le site fichier.fr ne prends pas en compte les fichiers exe ? et je profite de l'occaze pour te dire que mon ordi ne marche pas comme avant depuis OMT , et j ai pourtant eteint l'antivirus mais mon ordi rame grave as tu une astuce stp pour que mon ordi reprends de la vitessse ?

      merci
      marco
      0
      1. mrco72 > mrco72
         
        pardon ce n'est pas fichier.fr mais cijoint.fr ???
        0
  17. Ced_King Messages postés 3519 Date d'inscription   Statut Contributeur Dernière intervention   667
     
    Bonjour,

    le site fichier.fr ne prends pas en compte les fichiers exe ?

    De quel fichier parles-tu ? je t'ai demandé de m'envoyer le rapport OTM avec ci-joint..
    0
  18. mrco72
     
    j ai un rapport de rsi ? quelelquun peu m'aider, j ai de grave probleme sur mon ordi.

    merci !

    info.txt logfile of random's system information tool 1.06 2009-07-08 12:37:16

    ======Uninstall list======

    -->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AFFF09F-386B-4F7A-B3E0-EC24C13893AA}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8A3F2ADE-DEF2-4A50-866A-6B9357B5590F}\setup.exe" -l0x40c /remove
    -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    4oD-->MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
    7 in 1 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EA1CB7AC-E221-4822-A789-0ADB051DC498}\Setup.exe" -l0x9 -wUninst
    ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
    Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
    Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
    Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
    Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
    Any Video Converter 2.5.8-->"C:\Program Files\Any Video Converter\unins000.exe"
    Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
    ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
    ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
    ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
    BBC iPlayer Download Manager-->MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}
    Conexant D850 56K V.9x DFVc Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSETUP.EXE -U -Idel200fk.inf
    Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}\SETUP.EXE" -l0x40c /remove
    Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
    Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
    Driver Detective-->C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
    EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
    EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
    EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}\SETUP.EXE" -l0x9 UNINST
    EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x9 UNINST
    EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
    EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
    EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
    ESDX5000_CX4900 User's Guide-->C:\Program Files\EPSON\TPMANUAL\ESDX5000_CX4900\USE_G\DOCUNINS.EXE
    High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
    HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
    Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
    Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
    Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
    Intel(R) PRO Network Connections Drivers-->Prounstl.exe
    iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
    Java(TM) 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
    LimeWire PRO 4.12.3-->"C:\Program Files\LimeWire\uninstall.exe"
    Macromedia Flash Player 8-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\swflash.inf,DefaultUninstall,5
    Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
    Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
    Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
    Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
    Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
    Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
    Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
    Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
    Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
    Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
    Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
    Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
    Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
    Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
    Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
    Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
    Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
    Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
    Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
    Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
    Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
    Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
    Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
    Mixer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7E9BE6D1-680B-49B2-A2B0-CBC32D20DF04}\setup.exe" -l0x9 /remove
    Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
    MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
    Multimedia Card Reader-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{13B97BA0-1765-4EBA-8902-C6E30291F67B}
    Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""
    Norton Internet Security-->C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS\562C4DD5\16.5.0.135\InstStub.exe /X
    QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
    RegCure 1.6.0.0-->C:\Program Files\RegCure\uninst.exe
    Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
    Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
    Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
    Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
    Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
    Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
    Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
    Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
    Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
    Security Update for Windows XP (KB970483)-->"C:\WINDOWS\$NtUninstallKB970483$\spuninst\spuninst.exe"
    SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
    Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
    Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
    Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
    Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
    Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
    Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
    Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
    Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
    USB20 PC Camera-268-->C:\Program Files\InstallShield Installation Information\{75438C0E-9925-412E-AD85-D0E71C6CE2ED}\setup.exe -runfromtemp -l0x0009 -removeonly -u
    Veetle TV 0.9.14-->C:\Program Files\Veetle\UninstallVeetleTV.exe
    Veoh Web Player-->"C:\Program Files\Veoh Networks\VeohWebPlayer\uninst.exe"
    Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
    Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
    Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
    VLC media player 0.9.4-->C:\Program Files\VideoLAN\VLC\uninstall.exe
    Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
    Windows Live Mail-->MsiExec.exe /I{184E7118-0295-43C4-B72C-1D54AA75AAF7}
    Windows Live Messenger-->MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
    Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
    Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
    Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
    Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
    Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
    Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

    ======Security center information======

    AV: Norton Internet Security
    FW: Norton Internet Security

    ======System event log======

    Computer Name: JACK
    Event Code: 7005
    Message: The LoadUserProfile call failed with the following error:
    Incorrect function.

    Record Number: 23901
    Source Name: Service Control Manager
    Time Written: 20090609002258.000000+060
    Event Type: error
    User:

    Computer Name: JACK
    Event Code: 7005
    Message: The LoadUserProfile call failed with the following error:
    Incorrect function.

    Record Number: 23890
    Source Name: Service Control Manager
    Time Written: 20090608235013.000000+060
    Event Type: error
    User:

    Computer Name: JACK
    Event Code: 7000
    Message: The iPod Service service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Record Number: 23889
    Source Name: Service Control Manager
    Time Written: 20090608234951.000000+060
    Event Type: error
    User:

    Computer Name: JACK
    Event Code: 7009
    Message: Timeout (30000 milliseconds) waiting for the iPod Service service to connect.

    Record Number: 23888
    Source Name: Service Control Manager
    Time Written: 20090608234951.000000+060
    Event Type: error
    User:

    Computer Name: JACK
    Event Code: 10005
    Message: DCOM got error "%1053" attempting to start the service iPod Service with arguments ""
    in order to run the server:
    {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

    Record Number: 23887
    Source Name: DCOM
    Time Written: 20090608234951.000000+060
    Event Type: error
    User: JACK\marco

    =====Application event log=====

    Computer Name: JACK
    Event Code: 1002
    Message: Hanging application wmplayer.exe, version 11.0.5721.5145, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Record Number: 9105
    Source Name: Application Hang
    Time Written: 20090522165720.000000+060
    Event Type: error
    User:

    Computer Name: JACK
    Event Code: 1002
    Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Record Number: 9088
    Source Name: Application Hang
    Time Written: 20090522134733.000000+060
    Event Type: error
    User:

    Computer Name: JACK
    Event Code: 1002
    Message: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

    Record Number: 9087
    Source Name: Application Hang
    Time Written: 20090522134720.000000+060
    Event Type: error
    User:

    Computer Name: JACK
    Event Code: 215
    Message: wlmail (4164) WindowsLiveMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

    Record Number: 9074
    Source Name: ESENT
    Time Written: 20090522092146.000000+060
    Event Type: error
    User:

    Computer Name: JACK
    Event Code: 1500
    Message: Windows cannot log you on because your profile cannot be loaded. Check that you are connected to the network, or that your network is functioning correctly. If this problem persists, contact your network administrator.

    DETAIL - Incorrect function.

    Record Number: 9065
    Source Name: Userenv
    Time Written: 20090521191622.000000+060
    Event Type: error
    User: NT AUTHORITY\NETWORK SERVICE

    ======Environment variables======

    "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "FP_NO_HOST_CHECK"=NO
    "NUMBER_OF_PROCESSORS"=2
    "OS"=Windows_NT
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_REVISION"=0403
    "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "windir"=%SystemRoot%

    -----------------EOF-----------------
    0