Infection trojan.. Besoin d'aide SVP!
alexglvr
Messages postés
117
Statut
Membre
-
alexglvr Messages postés 117 Statut Membre -
alexglvr Messages postés 117 Statut Membre -
Bonjour,
Depuis quelques jours, AVIRA me signal que je suis infecté par le troyen TR/Packed.5675...
il est localisé dans G:\System Volume Information\...\A0112996.exe
J'ai essayé de résoudre le problème en sélectionnant l'option delete de AVira, mais l'avertissement revient au bout d'un temps...
comment puis je me débarrasser de cette M.....E?
Merci
Alex
Depuis quelques jours, AVIRA me signal que je suis infecté par le troyen TR/Packed.5675...
il est localisé dans G:\System Volume Information\...\A0112996.exe
J'ai essayé de résoudre le problème en sélectionnant l'option delete de AVira, mais l'avertissement revient au bout d'un temps...
comment puis je me débarrasser de cette M.....E?
Merci
Alex
A voir également:
- Infection trojan.. Besoin d'aide SVP!
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Anti trojan - Télécharger - Antivirus & Antimalwares
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- Csrss.exe trojan fr ✓ - Forum Virus
- Trojan win32 - Forum Virus
6 réponses
Tu as une infection qui se transmet via les ports USB.
Pour cela :
Télécharge et install UsbFix : http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l' option 1 ( Recherche )
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Pour cela :
Télécharge et install UsbFix : http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau .
• Choisis l' option 1 ( Recherche )
• Laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra.
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Bonjour
ce que tu indique ce trouve dans tes points de restauration, pour vérification fait ce qui suit :
Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
* Double-clique sur RSIT.exe afin de lancer RSIT.
* Clique sur Continue à l'écran Disclaimer.
* Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
--> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
Note : Les deux rapports sont également sauvegardés C:\rsit
ce que tu indique ce trouve dans tes points de restauration, pour vérification fait ce qui suit :
Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
* Double-clique sur RSIT.exe afin de lancer RSIT.
* Clique sur Continue à l'écran Disclaimer.
* Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
* Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
--> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
Note : Les deux rapports sont également sauvegardés C:\rsit
Merci de ton aide... C'est vraiment sympa de ta part...
Voila les rapports demandés :
info.txt logfile of random's system information tool 1.06 2009-06-20 12:24:14
======Uninstall list======
-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3114 SATARAID5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E4CF4E6-062E-11D8-BCF1-005004748D87}\Setup.exe" -l0x9
3DMark06-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 7.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
Altium Designer 6-->MsiExec.exe /I{1C4FA629-42F3-40F8-BAB9-72E75CB3F589}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ASUS Probe V2.23.06-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
Audacity 1.3.4 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
BankPerfect 6.21-->"C:\Program Files\BankPerfect\uninstall.exe"
BayesBuilder 0.91-->C:\SNN\BayesBuilder\unins000.exe
BSCW for Windows-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E3E5B9E-293A-4F70-AF5B-A796C04C97E6}\Setup.exe" -l0x9 -uninst
Chronotron Plug-in for Winamp/WMP 9 (remove only)-->"C:\Program Files\Chronotron Inc\Chronotron\uninst-chronotron.exe"
Dell Photo AIO Printer 926-->C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe
Delta-->C:\Program Files\InstallShield Installation Information\{A4810699-E859-43A6-8F40-1743873E72AB}\setup.exe -runfromtemp -l0x0009 -removeonly
Designer de Faces Avant 3.51-->C:\PROGRA~1\FRONTD~1\UNWISE.EXE C:\PROGRA~1\FRONTD~1\INSTALL.LOG
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DR220A-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\uxtobirza\DR220\DeIsL1.isu" -c"C:\Program Files\uxtobirza\DR220\_ISREG32.DLL"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
FTP Expert 3-->C:\WINDOWS\iun6002.exe "C:\Program Files\Visicom Media\FTP Expert 3\irunin.ini"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
GrabIt 1.7.1 Beta (build 960)-->"C:\Program Files\GrabIt\unins000.exe"
Gtk+ Runtime 2.10.3-->"C:\WINDOWS\system32\unins000.exe"
Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Hamachi 1.0.2.5-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Java 2 Runtime Environment, SE v1.4.2_04-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Lecteur CANALPLAY 2.4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9E37358-E3E1-47BA-9E21-375EF3616BC9}\setup.exe" -l0x40c -removeonly
Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
LiveProfessor-->MsiExec.exe /I{278518FD-2C81-4B44-9D79-E3E242FC9DC3}
Lock On 1.1-->C:\Program Files\Ubisoft\Eagle Dynamics\Lock On\uninstall.exe
Lock On: Air Combat Simulation-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}\setup.exe" -l0x40c
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash Player 8-->MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
MATLAB R2008a-->C:\Program Files\MATLAB\R2008a\uninstall\uninstall.exe C:\Program Files\MATLAB\R2008a\
MediaInfo 0.7.7.7-->C:\Program Files\MediaInfo\uninst.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Money 2007 Home & Business-->"C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
ModMan 6.3.0.1-->"C:\WINDOWS\ModMan\uninstall.exe" "/U:C:\ModMan\irunin.xml"
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Native Instruments Akoustik Piano-->C:\PROGRA~1\NATIVE~1\AKOUST~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\AKOUST~1\INSTALL.LOG
Native Instruments Guitar Rig 3-->C:\PROGRA~1\NATIVE~1\GUITAR~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\GUITAR~1\INSTALL.LOG
Nero 6 Enterprise Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NoteWorthy Composer-->C:\PROGRA~1\NOTEWO~1\UNINSTAL.EXE C:\PROGRA~1\NOTEWO~1\INSTALL.LOG
Orange (remove only)-->"C:\Python25\lib\site-packages\orange\uninst.exe"
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
Pack GTK+ 2.10-->"C:\Program Files\Pack GTK+\unins000.exe"
Post-it® Software Notes Lite-->"C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini"
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SnIco Edit 2.2-->"C:\Program Files\SnIco Edit\unins000.exe"
Stat package-->"C:\Program Files\StatPackage\unins000.exe"
Stellarium 0.9.1-->"C:\Program Files\Stellarium\unins000.exe"
Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
SUPER © Version 2007.bld.23 (July 4, 2007)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SWI-Prolog (remove only)-->"C:\Program Files\pl\uninstall.exe"
Tanagra 1.4-->"C:\Program Files\Tanagra\unins000.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TurboCAD Learning Edition-->C:\WINDOWS\uninst.exe -fC:\IMSI\TCWLE\DeIsL3.isu
TYPSoft FTP Server-->"C:\TYPSoft FTP Server\unins000.exe"
UltraStar Deluxe-->C:\Program Files\UltraStar Deluxe\Uninstall.exe
Virtual Earth 3D (Beta)-->MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}
VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
Vyzor G-System-->"C:\Program Files\Psicraft\TC Electronic\Vyzor G-System\Win32\unins000.exe"
WampServer 2.0-->"c:\wamp\unins000.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinFast(R) Display Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x40c -removeonly
winLAME prerelease4-->MsiExec.exe /I{062BFFA1-0CCC-400B-B840-F162328D8C00}
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XviD MPEG-4 Codec-->"C:\Program Files\XviD\UninstXviD.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
======Security center information======
AV: Avira AntiVir PersonalEdition
FW: ZoneAlarm Firewall (disabled)
======System event log======
Computer Name: DESKTOP
Event Code: 17
Message: AVGNTFLT successfully loaded
Record Number: 12583
Source Name: avgntflt
Time Written: 20090510213001.000000+120
Event Type: Informations
User:
Computer Name: DESKTOP
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{7EE72C7A-482F-4F4B-8978-684A625313DF} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.
Record Number: 12582
Source Name: Tcpip
Time Written: 20090510212945.000000+120
Event Type: Informations
User:
Computer Name: DESKTOP
Event Code: 2
Message: Device identified.
Record Number: 12581
Source Name: nvatabus
Time Written: 20090510212945.000000+120
Event Type: Informations
User:
Computer Name: DESKTOP
Event Code: 2
Message: Device identified.
Record Number: 12580
Source Name: nvatabus
Time Written: 20090510212945.000000+120
Event Type: Informations
User:
Computer Name: DESKTOP
Event Code: 2
Message: Device identified.
Record Number: 12579
Source Name: nvatabus
Time Written: 20090510212945.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: DESKTOP
Event Code: 301
Message: msnmsgr (3248) \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\fsr012CC.log.
Record Number: 7755
Source Name: ESENT
Time Written: 20090418083302.000000+120
Event Type: Informations
User:
Computer Name: DESKTOP
Event Code: 301
Message: msnmsgr (3248) \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\fsr012CB.log.
Record Number: 7754
Source Name: ESENT
Time Written: 20090418083302.000000+120
Event Type: Informations
User:
Computer Name: DESKTOP
Event Code: 301
Message: msnmsgr (3248) \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\fsr012CA.log.
Record Number: 7753
Source Name: ESENT
Time Written: 20090418083302.000000+120
Event Type: Informations
User:
Computer Name: DESKTOP
Event Code: 301
Message: msnmsgr (3248) \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\fsr012C9.log.
Record Number: 7752
Source Name: ESENT
Time Written: 20090418083301.000000+120
Event Type: Informations
User:
Computer Name: DESKTOP
Event Code: 300
Message: msnmsgr (3248) \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\dfsr.db: Le moteur de base de données initialise la procédure de récupération.
Record Number: 7751
Source Name: ESENT
Time Written: 20090418083301.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Altium Designer 6\System;C:\Program Files\MATLAB\R2008a\bin;C:\Program Files\MATLAB\R2008a\bin\win32;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\system32;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Altium Designer 6\System;C:\Program Files\MATLAB\R2008a\bin;C:\Program Files\MATLAB\R2008a\bin\win32;C:\Program Files\QuickTime\QTSystem\;
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=1f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"tvdumpflags"=8
"AltiumPath"=C:\Program Files\Altium Designer 6\System
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
et log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Alex at 2009-06-20 12:23:57
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 4 GB (14%) free of 30 GB
Total RAM: 2047 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:12, on 20/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\DeltaIITray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\incom\RSIT.exe
C:\Program Files\trend micro\Alex.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?nord=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: SATARAID5.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EE72C7A-482F-4F4B-8978-684A625313DF}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BSCW (server) (BSCW_C--BSCW-server-src) - Unknown owner - C:\Python25\lib\site-packages\win32\PythonService.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
Voila les rapports demandés :
info.txt logfile of random's system information tool 1.06 2009-06-20 12:24:14
======Uninstall list======
-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
3114 SATARAID5-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E4CF4E6-062E-11D8-BCF1-005004748D87}\Setup.exe" -l0x9
3DMark06-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\setup.exe" -l0x9 -removeonly
Ad-Aware 2007-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 7.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
Altium Designer 6-->MsiExec.exe /I{1C4FA629-42F3-40F8-BAB9-72E75CB3F589}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assistant de connexion Windows Live-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ASUS Probe V2.23.06-->C:\WINDOWS\uninst.exe -f"C:\Program Files\ASUS\Probe\DeIsL1.isu" -c"C:\Program Files\ASUS\Probe\probunis.dll"
Audacity 1.3.4 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
BankPerfect 6.21-->"C:\Program Files\BankPerfect\uninstall.exe"
BayesBuilder 0.91-->C:\SNN\BayesBuilder\unins000.exe
BSCW for Windows-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E3E5B9E-293A-4F70-AF5B-A796C04C97E6}\Setup.exe" -l0x9 -uninst
Chronotron Plug-in for Winamp/WMP 9 (remove only)-->"C:\Program Files\Chronotron Inc\Chronotron\uninst-chronotron.exe"
Dell Photo AIO Printer 926-->C:\Program Files\Dell Photo AIO Printer 926\Install\x86\Uninst.exe
Delta-->C:\Program Files\InstallShield Installation Information\{A4810699-E859-43A6-8F40-1743873E72AB}\setup.exe -runfromtemp -l0x0009 -removeonly
Designer de Faces Avant 3.51-->C:\PROGRA~1\FRONTD~1\UNWISE.EXE C:\PROGRA~1\FRONTD~1\INSTALL.LOG
Dev-C++ 5 beta 9 release (4.9.9.2)-->"C:\Dev-Cpp\uninstall.exe"
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DR220A-->C:\WINDOWS\unin040c.exe -f"C:\Program Files\uxtobirza\DR220\DeIsL1.isu" -c"C:\Program Files\uxtobirza\DR220\_ISREG32.DLL"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
FTP Expert 3-->C:\WINDOWS\iun6002.exe "C:\Program Files\Visicom Media\FTP Expert 3\irunin.ini"
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
GrabIt 1.7.1 Beta (build 960)-->"C:\Program Files\GrabIt\unins000.exe"
Gtk+ Runtime 2.10.3-->"C:\WINDOWS\system32\unins000.exe"
Guitar Pro 5.0-->"C:\Program Files\Guitar Pro 5\unins000.exe"
Hamachi 1.0.2.5-->C:\Program Files\Hamachi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Java 2 Runtime Environment, SE v1.4.2_04-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142040}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Lecteur CANALPLAY 2.4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E9E37358-E3E1-47BA-9E21-375EF3616BC9}\setup.exe" -l0x40c -removeonly
Lecteur Windows Media 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LimeWire 4.18.8-->"C:\Program Files\LimeWire\uninstall.exe"
LiveProfessor-->MsiExec.exe /I{278518FD-2C81-4B44-9D79-E3E242FC9DC3}
Lock On 1.1-->C:\Program Files\Ubisoft\Eagle Dynamics\Lock On\uninstall.exe
Lock On: Air Combat Simulation-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}\setup.exe" -l0x40c
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}
Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB}
Macromedia Flash Player 8-->MsiExec.exe /X{885A63EA-382B-4DD4-A755-14809B8557D6}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
MATLAB R2008a-->C:\Program Files\MATLAB\R2008a\uninstall\uninstall.exe C:\Program Files\MATLAB\R2008a\
MediaInfo 0.7.7.7-->C:\Program Files\MediaInfo\uninst.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Money 2007 Home & Business-->"C:\Program Files\Microsoft Money 2007\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
ModMan 6.3.0.1-->"C:\WINDOWS\ModMan\uninstall.exe" "/U:C:\ModMan\irunin.xml"
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Native Instruments Akoustik Piano-->C:\PROGRA~1\NATIVE~1\AKOUST~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\AKOUST~1\INSTALL.LOG
Native Instruments Guitar Rig 3-->C:\PROGRA~1\NATIVE~1\GUITAR~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\GUITAR~1\INSTALL.LOG
Nero 6 Enterprise Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NoteWorthy Composer-->C:\PROGRA~1\NOTEWO~1\UNINSTAL.EXE C:\PROGRA~1\NOTEWO~1\INSTALL.LOG
Orange (remove only)-->"C:\Python25\lib\site-packages\orange\uninst.exe"
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
Pack GTK+ 2.10-->"C:\Program Files\Pack GTK+\unins000.exe"
Post-it® Software Notes Lite-->"C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini"
PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}
PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"
QuickPar 0.9-->C:\Program Files\QuickPar\uninst.exe
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SnIco Edit 2.2-->"C:\Program Files\SnIco Edit\unins000.exe"
Stat package-->"C:\Program Files\StatPackage\unins000.exe"
Stellarium 0.9.1-->"C:\Program Files\Stellarium\unins000.exe"
Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
SUPER © Version 2007.bld.23 (July 4, 2007)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
SWI-Prolog (remove only)-->"C:\Program Files\pl\uninstall.exe"
Tanagra 1.4-->"C:\Program Files\Tanagra\unins000.exe"
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
TurboCAD Learning Edition-->C:\WINDOWS\uninst.exe -fC:\IMSI\TCWLE\DeIsL3.isu
TYPSoft FTP Server-->"C:\TYPSoft FTP Server\unins000.exe"
UltraStar Deluxe-->C:\Program Files\UltraStar Deluxe\Uninstall.exe
Virtual Earth 3D (Beta)-->MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}
VNC Free Edition 4.1.2-->"C:\Program Files\RealVNC\VNC4\unins000.exe"
Vyzor G-System-->"C:\Program Files\Psicraft\TC Electronic\Vyzor G-System\Win32\unins000.exe"
WampServer 2.0-->"c:\wamp\unins000.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinFast(R) Display Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F69FD33C-8815-46BF-9134-A643DE68F3C0}\setup.exe" -l0x40c -removeonly
winLAME prerelease4-->MsiExec.exe /I{062BFFA1-0CCC-400B-B840-F162328D8C00}
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XviD MPEG-4 Codec-->"C:\Program Files\XviD\UninstXviD.exe"
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe
======Security center information======
AV: Avira AntiVir PersonalEdition
FW: ZoneAlarm Firewall (disabled)
======System event log======
Computer Name: DESKTOP
Event Code: 17
Message: AVGNTFLT successfully loaded
Record Number: 12583
Source Name: avgntflt
Time Written: 20090510213001.000000+120
Event Type: Informations
User:
Computer Name: DESKTOP
Event Code: 4201
Message: Le système a détecté que la carte réseau \DEVICE\TCPIP_{7EE72C7A-482F-4F4B-8978-684A625313DF} était connectée au réseau,
et a lancé une opération normale sur la carte réseau.
Record Number: 12582
Source Name: Tcpip
Time Written: 20090510212945.000000+120
Event Type: Informations
User:
Computer Name: DESKTOP
Event Code: 2
Message: Device identified.
Record Number: 12581
Source Name: nvatabus
Time Written: 20090510212945.000000+120
Event Type: Informations
User:
Computer Name: DESKTOP
Event Code: 2
Message: Device identified.
Record Number: 12580
Source Name: nvatabus
Time Written: 20090510212945.000000+120
Event Type: Informations
User:
Computer Name: DESKTOP
Event Code: 2
Message: Device identified.
Record Number: 12579
Source Name: nvatabus
Time Written: 20090510212945.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: DESKTOP
Event Code: 301
Message: msnmsgr (3248) \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\fsr012CC.log.
Record Number: 7755
Source Name: ESENT
Time Written: 20090418083302.000000+120
Event Type: Informations
User:
Computer Name: DESKTOP
Event Code: 301
Message: msnmsgr (3248) \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\fsr012CB.log.
Record Number: 7754
Source Name: ESENT
Time Written: 20090418083302.000000+120
Event Type: Informations
User:
Computer Name: DESKTOP
Event Code: 301
Message: msnmsgr (3248) \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\fsr012CA.log.
Record Number: 7753
Source Name: ESENT
Time Written: 20090418083302.000000+120
Event Type: Informations
User:
Computer Name: DESKTOP
Event Code: 301
Message: msnmsgr (3248) \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\dfsr.db: Le moteur de base de données commence la relecture du fichier journal \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\fsr012C9.log.
Record Number: 7752
Source Name: ESENT
Time Written: 20090418083301.000000+120
Event Type: Informations
User:
Computer Name: DESKTOP
Event Code: 300
Message: msnmsgr (3248) \\.\C:\Documents and Settings\Alex\Local Settings\Application Data\Microsoft\Messenger\alexglvr@hotmail.com\SharingMetadata\Working\database_8AD4_CEC3_D4CE_B0AD\dfsr.db: Le moteur de base de données initialise la procédure de récupération.
Record Number: 7751
Source Name: ESENT
Time Written: 20090418083301.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Altium Designer 6\System;C:\Program Files\MATLAB\R2008a\bin;C:\Program Files\MATLAB\R2008a\bin\win32;C:\Program Files\QuickTime\QTSystem\;C:\WINDOWS\system32;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Altium Designer 6\System;C:\Program Files\MATLAB\R2008a\bin;C:\Program Files\MATLAB\R2008a\bin\win32;C:\Program Files\QuickTime\QTSystem\;
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 31 Stepping 0, AuthenticAMD
"PROCESSOR_REVISION"=1f00
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"tvdumpflags"=8
"AltiumPath"=C:\Program Files\Altium Designer 6\System
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
et log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Alex at 2009-06-20 12:23:57
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 4 GB (14%) free of 30 GB
Total RAM: 2047 MB (66% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:12, on 20/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\DeltaIITray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\incom\RSIT.exe
C:\Program Files\trend micro\Alex.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/webhp?nord=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\System32\DeltaIITray.exe
O4 - HKLM\..\Run: [DeltaIITaskbarApp] C:\WINDOWS\system32\DeltaIITray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: SATARAID5.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7EE72C7A-482F-4F4B-8978-684A625313DF}: NameServer = 192.168.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BSCW (server) (BSCW_C--BSCW-server-src) - Unknown owner - C:\Python25\lib\site-packages\win32\PythonService.exe
O23 - Service: dlcx_device - - C:\WINDOWS\system32\dlcxcoms.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Service CANALPLAY - Canal+ Distribution - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.8\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.0.51a\bin\mysqld-nt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
############################## [ UsbFix V3.032 ]
# User : Alex (Administrateurs) # DESKTOP
# Update on 15/06/09 by Chiquitine29
# Start at: 16:58:06 | 20/06/2009
# Website : http://pagesperso-orange.fr/NosTools/usbfix.html
# AMD Athlon(tm) 64 Processor 3500+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# FW : ZoneAlarm Firewall[ (!) Disabled ]7.0.462.000
# A:\ # Lecteur de disquettes 3 ½ pouces
# B:\ # Lecteur de disquettes 3 ½ pouces # 1,39 Mo (0,9 Mo free) # FAT
# C:\ # Disque fixe local # 29,29 Go (3,84 Go free) # NTFS
# D:\ # Disque fixe local # 39,06 Go (24,99 Go free) # NTFS
# E:\ # Disque fixe local # 465,76 Go (456,39 Go free) # NTFS
# F:\ # Disque fixe local # 69,4 Go (38,98 Go free) # NTFS
# G:\ # Disque fixe local # 54,69 Go (15,61 Go free) # NTFS
# H:\ # Disque fixe local # 193,82 Go (76,88 Go free) [Nouveau nom] # NTFS
# I:\ # Disque CD-ROM # 4,37 Go (0 Mo free) [CE_QUE_VEULENT_LES_FEMMES] # UDF
# K:\ # Disque CD-ROM
# L:\ # Disque amovible # 238,73 Mo (58,55 Mo free) [PKBACK# 001] # FAT
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\DeltaIITray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\adslTV\adsltv.exe
C:\WINDOWS\System32\deltaIIcpl.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ Registre Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.google.fr/webhp?nord=1"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Alex"
HKLM_logon: "AltDefaultUserName"="Alex"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: M-Audio Taskbar Icon=C:\WINDOWS\System32\DeltaIITray.exe
HKLM_Run: DeltaIITaskbarApp=C:\WINDOWS\system32\DeltaIITray.exe
HKLM_Run: Acrobat Assistant 7.0="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
HKLM_Run: ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
HKLM_Run: NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
HKLM_Run: dlcxmon.exe="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
HKLM_Run: MemoryCardManager="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
HKLM_Run: DLCXCATS=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
HKLM_Run: avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: nwiz=nwiz.exe /install
HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: MsnMsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU_Run: Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
HKCU_Run: BitTorrent DNA="C:\Program Files\DNA\btdna.exe"
################## [ Fichiers # Dossiers infectieux ]
Présent ! C:\DOCUME~1\Alex\LOCALS~1\Temp\031008191715\z4barSpInstall.exe
################## [ Registre # Clés Run infectieuses ]
################## [ Registre # Mountpoints2 ]
HKCU\...\Explorer\MountPoints2\{1b493076-fdb0-11dc-8298-0011d8b94092}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{1b493076-fdb0-11dc-8298-0011d8b94092}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{1b493076-fdb0-11dc-8298-0011d8b94092}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{9eda545d-eeb3-11dc-88da-806d6172696f}\Shell\AutoRun\Command
################## [ ! Fin du rapport # UsbFix V3.032 ! ]
# User : Alex (Administrateurs) # DESKTOP
# Update on 15/06/09 by Chiquitine29
# Start at: 16:58:06 | 20/06/2009
# Website : http://pagesperso-orange.fr/NosTools/usbfix.html
# AMD Athlon(tm) 64 Processor 3500+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
# AV : Avira AntiVir PersonalEdition 8.0.1.30 [ Enabled | Updated ]
# FW : ZoneAlarm Firewall[ (!) Disabled ]7.0.462.000
# A:\ # Lecteur de disquettes 3 ½ pouces
# B:\ # Lecteur de disquettes 3 ½ pouces # 1,39 Mo (0,9 Mo free) # FAT
# C:\ # Disque fixe local # 29,29 Go (3,84 Go free) # NTFS
# D:\ # Disque fixe local # 39,06 Go (24,99 Go free) # NTFS
# E:\ # Disque fixe local # 465,76 Go (456,39 Go free) # NTFS
# F:\ # Disque fixe local # 69,4 Go (38,98 Go free) # NTFS
# G:\ # Disque fixe local # 54,69 Go (15,61 Go free) # NTFS
# H:\ # Disque fixe local # 193,82 Go (76,88 Go free) [Nouveau nom] # NTFS
# I:\ # Disque CD-ROM # 4,37 Go (0 Mo free) [CE_QUE_VEULENT_LES_FEMMES] # UDF
# K:\ # Disque CD-ROM
# L:\ # Disque amovible # 238,73 Mo (58,55 Mo free) [PKBACK# 001] # FAT
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\DeltaIITray.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\adslTV\adsltv.exe
C:\WINDOWS\System32\deltaIIcpl.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
################## [ Registre Startup ]
HKCU_Main: "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
HKCU_Main: "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
HKCU_Main: "Start Page"="https://www.google.fr/webhp?nord=1"
HKLM_logon: "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
HKLM_logon: "DefaultUserName"="Alex"
HKLM_logon: "AltDefaultUserName"="Alex"
HKLM_logon: "LegalNoticeCaption"=""
HKLM_logon: "LegalNoticeText"=""
HKLM_Run: SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM_Run: M-Audio Taskbar Icon=C:\WINDOWS\System32\DeltaIITray.exe
HKLM_Run: DeltaIITaskbarApp=C:\WINDOWS\system32\DeltaIITray.exe
HKLM_Run: Acrobat Assistant 7.0="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
HKLM_Run: ZoneAlarm Client="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
HKLM_Run: NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
HKLM_Run: dlcxmon.exe="C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
HKLM_Run: MemoryCardManager="C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
HKLM_Run: DLCXCATS=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
HKLM_Run: avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKLM_Run: NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM_Run: nwiz=nwiz.exe /install
HKLM_Run: NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM_Run: QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM_Run: HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
HKCU_Run: CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
HKCU_Run: MsnMsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
HKCU_Run: Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
HKCU_Run: BitTorrent DNA="C:\Program Files\DNA\btdna.exe"
################## [ Fichiers # Dossiers infectieux ]
Présent ! C:\DOCUME~1\Alex\LOCALS~1\Temp\031008191715\z4barSpInstall.exe
################## [ Registre # Clés Run infectieuses ]
################## [ Registre # Mountpoints2 ]
HKCU\...\Explorer\MountPoints2\{1b493076-fdb0-11dc-8298-0011d8b94092}\Shell\AutoRun\Command
HKCU\...\Explorer\MountPoints2\{1b493076-fdb0-11dc-8298-0011d8b94092}\Shell\explore\Command
HKCU\...\Explorer\MountPoints2\{1b493076-fdb0-11dc-8298-0011d8b94092}\Shell\open\Command
HKCU\...\Explorer\MountPoints2\{9eda545d-eeb3-11dc-88da-806d6172696f}\Shell\AutoRun\Command
################## [ ! Fin du rapport # UsbFix V3.032 ! ]
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir
• Double clic sur le raccourci UsbFix présent sur ton bureau
• choisis l' option 2 ( Suppression )
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
ensuite
Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69
Ensuite
* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68
=> Installe le
=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport
• Double clic sur le raccourci UsbFix présent sur ton bureau
• choisis l' option 2 ( Suppression )
• Ton bureau disparaitra et le pc redémarrera .
• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.
• Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
ensuite
Télécharge CCleaner
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser
http://www.swl1f.net/viewtopic.php?f=14&t=69
Ensuite
* Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation
http://www.swl1f.net/viewtopic.php?f=14&t=68
=> Installe le
=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport
Salut,
voila le log de USBFIX (option supprimer):
############################## [ UsbFix V3.032 ]
# User : Alex (Administrateurs) # DESKTOP
# Update on 15/06/09 by Chiquitine29
# Start at: 12:16:24 | 24/06/2009
# Website : http://pagesperso-orange.fr/NosTools/usbfix.html
#
#
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
################## [ Fichiers # Dossiers infectieux ]
Supprimé ! C:\DOCUME~1\Alex\LOCALS~1\Temp\031008191715\z4barSpInstall.exe
################## [ Registre # Clés Run infectieuses ]
################## [ Registre # Mountpoints2 ]
Supprimé ! HKCU\...\Explorer\MountPoints2\{1b493076-fdb0-11dc-8298-0011d8b94092}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{9eda545d-eeb3-11dc-88da-806d6172696f}\Shell\AutoRun\Command
################## [ Listing des fichiers présent ]
[10/03/2008 19:16|--a------|1024] - C:\.rnd
[10/03/2008 17:17|--a------|0] - C:\AUTOEXEC.BAT
[25/03/2008 19:11|-rahs----|306] - C:\boot.ini
[28/08/2001 14:00|-rahs----|4952] - C:\Bootfont.bin
[10/03/2008 17:17|--a------|0] - C:\CONFIG.SYS
[01/06/2009 12:45|--a------|6660] - C:\dlcx.log
[10/03/2008 17:17|-rahs----|0] - C:\IO.SYS
[10/03/2008 17:17|-rahs----|0] - C:\MSDOS.SYS
[12/03/2008 13:42|-rahs----|47564] - C:\NTDETECT.COM
[12/03/2008 13:42|-rahs----|251712] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[11/06/2001 12:23|--a------|3370] - C:\QT-LICENSE.txt
[24/06/2009 12:18|--a------|2420] - C:\UsbFix.txt
[21/06/2009 09:54|--ahs----|1610612736] - D:\pagefile.sys
[19/05/2009 21:24|--a------|36352] - F:\Anniv Mumubis(2).xls
[21/03/2009 01:17|--a------|804983640] - G:\Arrete.De.Pleurer.Penelope.2.French.DVDRip.DivX.avi
[21/03/2009 01:11|--a------|723298304] - G:\Arrete.De.Pleurer.Penelope.French.DVDRip.XviD.avi
[26/05/2009 19:40|--a------|39936] - G:\Native KOMplete.doc
[18/08/2005 21:45|--a------|737446634] - G:\Quatre.Garcons.Plein.d.Avenir.-.XviD.FR.by.Manutudescends.[DVD].-teste.DivXovore.com-.avi
[06/04/2009 16:35|--a------|1526119140] - G:\RTL9 - Le pr‚sident et miss Wade - 06-04-2008 16h25 2h10m.ts
[21/05/2008 20:55|--a------|3051449996] - G:\TMC - Le flic de Beverly Hills - 21-05-2007 20h45 2h10m.ts
[28/05/2008 20:36|--a------|2602112324] - G:\TMC - Le flic de Beverly Hills 2 - 28-05-2007 20h45 2h.ts
[04/07/2008 14:22|--a------|26112] - L:\La lune Rousse.doc
[09/08/2008 15:25|--a------|28160] - L:\La vie … terre lyrics.doc
[15/11/2008 11:05|--a------|20480] - L:\Analyse loto.xls
[14/12/2008 10:06|--a------|2666] - L:\Sans Scrupule.gp5
[15/12/2008 09:43|--a------|10023003] - L:\loto.zip
[04/03/2009 21:00|--a------|10595] - L:\LOTO_num2.pl
[15/07/2007 19:43|--a------|27213429] - L:\Seth Riggs - Chantez comme les stars.pdf
[12/05/2009 17:58|--a------|605166] - L:\conception_formateur_de_voies.rar
[19/05/2009 21:24|--a------|36352] - L:\Anniv Mumubis(2).xls
################## [ Vaccination ]
# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# E:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# F:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# G:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# H:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# L:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
################## [ ! Fin du rapport # UsbFix V3.032 ! ]
voila le log de USBFIX (option supprimer):
############################## [ UsbFix V3.032 ]
# User : Alex (Administrateurs) # DESKTOP
# Update on 15/06/09 by Chiquitine29
# Start at: 12:16:24 | 24/06/2009
# Website : http://pagesperso-orange.fr/NosTools/usbfix.html
#
#
# Internet Explorer 6.0.2900.2180
# Windows Firewall Status : Disabled
############################## [ Processus actifs ]
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\dlcxcoms.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
################## [ Fichiers # Dossiers infectieux ]
Supprimé ! C:\DOCUME~1\Alex\LOCALS~1\Temp\031008191715\z4barSpInstall.exe
################## [ Registre # Clés Run infectieuses ]
################## [ Registre # Mountpoints2 ]
Supprimé ! HKCU\...\Explorer\MountPoints2\{1b493076-fdb0-11dc-8298-0011d8b94092}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{9eda545d-eeb3-11dc-88da-806d6172696f}\Shell\AutoRun\Command
################## [ Listing des fichiers présent ]
[10/03/2008 19:16|--a------|1024] - C:\.rnd
[10/03/2008 17:17|--a------|0] - C:\AUTOEXEC.BAT
[25/03/2008 19:11|-rahs----|306] - C:\boot.ini
[28/08/2001 14:00|-rahs----|4952] - C:\Bootfont.bin
[10/03/2008 17:17|--a------|0] - C:\CONFIG.SYS
[01/06/2009 12:45|--a------|6660] - C:\dlcx.log
[10/03/2008 17:17|-rahs----|0] - C:\IO.SYS
[10/03/2008 17:17|-rahs----|0] - C:\MSDOS.SYS
[12/03/2008 13:42|-rahs----|47564] - C:\NTDETECT.COM
[12/03/2008 13:42|-rahs----|251712] - C:\ntldr
[?|?|?] - C:\pagefile.sys
[11/06/2001 12:23|--a------|3370] - C:\QT-LICENSE.txt
[24/06/2009 12:18|--a------|2420] - C:\UsbFix.txt
[21/06/2009 09:54|--ahs----|1610612736] - D:\pagefile.sys
[19/05/2009 21:24|--a------|36352] - F:\Anniv Mumubis(2).xls
[21/03/2009 01:17|--a------|804983640] - G:\Arrete.De.Pleurer.Penelope.2.French.DVDRip.DivX.avi
[21/03/2009 01:11|--a------|723298304] - G:\Arrete.De.Pleurer.Penelope.French.DVDRip.XviD.avi
[26/05/2009 19:40|--a------|39936] - G:\Native KOMplete.doc
[18/08/2005 21:45|--a------|737446634] - G:\Quatre.Garcons.Plein.d.Avenir.-.XviD.FR.by.Manutudescends.[DVD].-teste.DivXovore.com-.avi
[06/04/2009 16:35|--a------|1526119140] - G:\RTL9 - Le pr‚sident et miss Wade - 06-04-2008 16h25 2h10m.ts
[21/05/2008 20:55|--a------|3051449996] - G:\TMC - Le flic de Beverly Hills - 21-05-2007 20h45 2h10m.ts
[28/05/2008 20:36|--a------|2602112324] - G:\TMC - Le flic de Beverly Hills 2 - 28-05-2007 20h45 2h.ts
[04/07/2008 14:22|--a------|26112] - L:\La lune Rousse.doc
[09/08/2008 15:25|--a------|28160] - L:\La vie … terre lyrics.doc
[15/11/2008 11:05|--a------|20480] - L:\Analyse loto.xls
[14/12/2008 10:06|--a------|2666] - L:\Sans Scrupule.gp5
[15/12/2008 09:43|--a------|10023003] - L:\loto.zip
[04/03/2009 21:00|--a------|10595] - L:\LOTO_num2.pl
[15/07/2007 19:43|--a------|27213429] - L:\Seth Riggs - Chantez comme les stars.pdf
[12/05/2009 17:58|--a------|605166] - L:\conception_formateur_de_voies.rar
[19/05/2009 21:24|--a------|36352] - L:\Anniv Mumubis(2).xls
################## [ Vaccination ]
# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# E:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# F:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# G:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# H:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# L:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
################## [ ! Fin du rapport # UsbFix V3.032 ! ]
