Des trojans toutes les cinq minutes

Résolu
stekap Messages postés 62 Statut Membre -  
stekap Messages postés 62 Statut Membre -
Bonjour,
des alertes toutes les cinq minutes voici mon log

Merci d'avance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:42, on 24/06/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
d:\Programs\Alwil Software\Avast4\aswUpdSv.exe
d:\Programs\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
d:\Programs\Alwil Software\Avast4\ashWebSv.exe
d:\Programs\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
D:\Programs\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ULiRaid\ULiRaid.exe
C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\windows\pp10.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\System32\cmd.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
D:\Programs\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [avast!] d:\Programs\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULiRaid\ULiRaid.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [Internet Connection Wizard Setup Tool] C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe
O4 - HKLM\..\Run: [sysmstray] C:\windows\mstre19.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld10.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: icwsetup.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programs\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{310C24CC-7BCB-417E-AE39-B501C8045976}: NameServer = 213.174.139.72,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7375DC4F-0A4E-4473-B1DF-5704D56EEF59}: NameServer = 213.174.139.72,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ACB5F7D3-5C36-400F-B137-66F425F4E2F2}: NameServer = 213.174.139.72,192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{FB461379-BCF9-439A-9733-047623994521}: NameServer = 213.174.139.72,192.168.1.1
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Programs\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programs\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 8095 bytes
Configuration: Windows XP
Firefox 3.0.11

13 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt

    ton windows est légal????

    ______________

    et effectivement infecté ici

    O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe
    O4 - HKLM\..\Run: [sysmstray] C:\windows\mstre19.exe
    O4 - HKLM\..\Run: [sysldtray] C:\windows\ld10.exe

    _________

    scan avec malwarebyte , fais un scan rapide et colle le rapport obtenu et vire ce qui est trouvé:

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/­

    ______________________

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
    1. Utilisateur anonyme
       
      Bonsoir
      Juste pour suivre
      0
    2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
       
      désactive si present le proxy aussi:

      # Sur Firefox, Menu Editions / Préférences puis onglet Avancés.
      # Cliquez sur Réseau et Paramètres.
      # Choisissez "Ne pas mettre de Proxy".

      # Sur Internet Explorer, c'est le menu Outils / Options Internet.
      # Onglet Connexions puis en bas, vous pouvez désactiver le proxy.
      0
  2. stekap Messages postés 62 Statut Membre
     
    Malwarebytes' Anti-Malware 1.38
    Version de la base de données: 2339
    Windows 5.1.2600 Service Pack 1

    26/06/2009 21:36:58
    mbam-log-2009-06-26 (21-36-58).txt

    Type de recherche: Examen rapide
    Eléments examinés: 138428
    Temps écoulé: 6 minute(s), 30 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 7
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 15
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 53

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    c:\program files\driver\driver.dll (Trojan.Agent) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\driver (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\driver (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\driver (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\driverdrv (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\driverdrv (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\driverdrv (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DbgMgr (Malware.Trace) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\internet connection wizard setup tool (Trojan.Downloader) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\driver (Trojan.Agent) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0fb6d291-e1c2-4011-bc95-c1a6a5bd20e4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{310c24cc-7bcb-417e-ae39-b501c8045976}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7375dc4f-0a4e-4473-b1df-5704d56eef59}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{b52c6813-84dd-4023-8c9c-dc5394e60d81}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{fb461379-bcf9-439a-9733-047623994521}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0fb6d291-e1c2-4011-bc95-c1a6a5bd20e4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{310c24cc-7bcb-417e-ae39-b501c8045976}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7375dc4f-0a4e-4473-b1df-5704d56eef59}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b52c6813-84dd-4023-8c9c-dc5394e60d81}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{fb461379-bcf9-439a-9733-047623994521}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{0fb6d291-e1c2-4011-bc95-c1a6a5bd20e4}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{310c24cc-7bcb-417e-ae39-b501c8045976}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{7375dc4f-0a4e-4473-b1df-5704d56eef59}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{b52c6813-84dd-4023-8c9c-dc5394e60d81}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip\Parameters\Interfaces\{fb461379-bcf9-439a-9733-047623994521}\DhcpNameServer (Trojan.DNSChanger) -> Data: 213.174.139.72 192.168.1.1 -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\program files\driver\driver.dll (Trojan.Agent) -> Delete on reboot.
    C:\Program Files\Internet Explorer\Connection Wizard\icwsetup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\WINDOWS\soc_1245434296.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\WINDOWS\pp10.exe (Worm.Koobface) -> Quarantined and deleted successfully.
    c:\documents and settings\carole.BIG\local settings\temporary internet files\Content.IE5\CCHLELPS\pdrv[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.
    c:\documents and settings\carole.BIG\local settings\temporary internet files\Content.IE5\GX2FC9EB\pp.10[1].exe (Worm.Koobface) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\air_conditioner.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\alpha_clouds.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\anakronism.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\antsypants.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\bellerose.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\bewitched.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\black_jack.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\budmo_jiggler.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\circus.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\desigers.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\digital_kauno.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\earwig_factory.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\fontdinerdotcom.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\hand.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\honey_script.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\mamae_que_nos_faz.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\marketing_script.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\market_deco.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\pez.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\quentincaps.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\quigley_wiggly.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\ragg_mopp.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\scara_conquers_the_universe.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\school_script_dashe.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\showtime.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\tonight.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\two_turtle_doves.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\unicorn_nf.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\vlaanderen.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\Fonts\walrus_gumbo.zip (Worm.Archive) -> Quarantined and deleted successfully.
    c:\WINDOWS\9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.
    bonjour voici le log

    c:\WINDOWS\mstre19.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    c:\documents and settings\carole.BIG\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\Program Files\driver\driver.sys (Trojan.Downloader) -> Quarantined and deleted successfully.
    c:\WINDOWS\soc_1245434268.exe (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\WINDOWS\010112010146118114.lso (Worm.KoobFace) -> Quarantined and deleted successfully.
    c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Shortcuts\icwsetup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\jmmark2.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
    c:\WINDOWS\0101120101465452.lso (Worm.KoobFace) -> Quarantined and deleted successfully.
    c:\WINDOWS\0101120101465749.lso (Worm.KoobFace) -> Quarantined and deleted successfully.
    c:\WINDOWS\010112010146115110.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
    c:\WINDOWS\0101120101465452.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
    c:\WINDOWS\0101120101465749.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
    C:\WINDOWS\ld10.exe (Worm.Koobface) -> Quarantined and deleted successfully.
    C:\nm8912.bat (Malware.Trace) -> Quarantined and deleted successfully.
    0
  3. stekap Messages postés 62 Statut Membre
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by steph at 2009-06-26 21:54:28
    Microsoft Windows XP Professionnel Service Pack 1
    System drive C: has 583 MB (6%) free of 10 GB
    Total RAM: 1023 MB (63% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:54:40, on 26/06/2009
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    d:\Programs\Alwil Software\Avast4\aswUpdSv.exe
    d:\Programs\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\WINDOWS\Explorer.EXE
    D:\Programs\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ULiRaid\ULiRaid.exe
    C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    d:\Programs\Alwil Software\Avast4\ashWebSv.exe
    d:\Programs\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\steph.BIG\Bureau\RSIT.exe
    D:\Programs\hijackthis\steph.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [avast!] d:\Programs\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULiRaid\ULiRaid.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = D:\Programs\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Programs\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programs\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\
    0
  4. stekap Messages postés 62 Statut Membre
     
    info.txt logfile of random's system information tool 1.06 2009-06-26 21:55:12

    ======Uninstall list======

    -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL
    -->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Gamesurround Fortissimo 4 mixer\Uninst.isu"
    -->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
    -->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
    -->C:\WINDOWS\UNRecode.exe /UNINSTALL
    -->RunDll32 "C:\Program Files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{416DFEDD-9F1B-4EFC-AF70-FCA891AE0251}\zidxp.exe"
    -->RunDll32 "C:\Program Files\Fichiers communs\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}\setup.exe"
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{01958032-9877-4118-B87F-9EFA74B3F15F}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{028EC2AF-F501-4567-9CEA-140030DE8544}\setup.exe" -l0x40c -u
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2580F4DA-324F-4945-B16F-B2B867325085}\setup.exe" -l0x40c -u
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2C0DAEA5-826C-4A76-B176-56959B99D3F0}\setup.exe" -l0x40c
    -->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}\setup.exe" -l0x40c
    -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
    ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
    Ad-Aware SE Personal-->D:\Programs\AD-AWA~1\UNWISE.EXE D:\Programs\AD-AWA~1\INSTALL.LOG
    Ad-Aware-->"C:\Documents and Settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
    Ad-Aware-->C:\Documents and Settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
    Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
    Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch-->MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000001}
    Adobe Acrobat and Reader 6.0.3 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000603}
    Adobe Acrobat and Reader 6.0.4 Update-->MsiExec.exe /I{AC76BA86-0000-7EC8-7489-000000000604}
    Adobe Creative Suite-->C:\PROGRA~1\INSTAL~1\{D52EC~1\setup.exe /Relaunched=yes /Uninstall /Relaunched=yes
    Adobe Flash Player 10 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
    Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
    Adobe Flash Player 9 ActiveX-->C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
    Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
    Adobe SVG Viewer 3.0-->C:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Fichiers communs\Adobe\SVG Viewer 3.0\Uninstall\Install.log
    Agfa ScanWise 2.00-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Agfa\ScanWise 2_00\uninst.isu" -c"C:\Program Files\Agfa\ScanWise 2_00\UNINSTALL.DLL"
    akFontViewer-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program Files\Anatoli Klassen Software\akFontViewer\UnInst.log " "/APPNAME=akFontViewer"
    Apple Software Update-->MsiExec.exe /I{55FA89BD-21D3-42F7-9249-C94C0094A83C}
    Archiveur WinRAR-->D:\Programs\winrar\uninstall.exe
    ArcSoft MediaImpression-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{531F0013-964C-4BE6-B382-4117DC8BCDF9}\SETUP.EXE" -l0x40c
    Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x40c
    avast! Antivirus-->d:\Programs\Alwil Software\Avast4\aswRunDll.exe "d:\Programs\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
    Azureus Vuze-->D:\Programs\Azureus\uninstall.exe
    Barre d'outils MSN-->C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\mtbs.exe c
    Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
    burnatonce-->"C:\Program Files\burnatonce\unins000.exe"
    Canon G.726 WMP-Decoder-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
    CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\ZoomBrowser EX\Program\CRWUnInstall.ini"
    Canon iP5200-->C:\WINDOWS\System32\CNMCP79.exe "-PRINTERNAMECanon iP5200" "-HELPERDLLC:\Documents and Settings\All Users.WINDOWS\Application Data\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP5200 Installer\Inst2\cnmis.dll" "-RCDLLcnmi040c.dll"
    Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\ZoomBrowser EX\Program\MVWUninst.ini"
    Canon RAW Image Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
    Canon RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
    Canon RemoteCapture Task for ZoomBrowser EX-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{822586CA-0B15-428C-859A-64B3728F28E7}
    Canon Setup Utility 2.0-->"C:\Program Files\Canon\Canon Setup Utility 2.0\Maint.exe" /Uninstall C:\Program Files\Canon\Canon Setup Utility 2.0\uninst.ini
    Canon Utilities File Viewer Utility 1.3-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2D1C2321-8FDB-49B8-A66B-4008DC0B6B5D} /x
    Canon Utilities PhotoStitch 3.1-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F11A403B-0DE9-4953-B790-7A2F014FBB2B}
    Canon Utilities RemoteCapture 2.7-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{14220DB1-DD96-4BCD-B3D5-03A4EA6631C4} /x
    Canon Utilities ZoomBrowser EX-->"C:\Program Files\Fichiers communs\Canon\UIW\1.1.0.0\Uninst.exe" "C:\Program Files\ZoomBrowser EX\Program\Uninst.ini"
    CCleaner (remove only)-->"D:\Programs\CCleaner\uninst.exe"
    CDex extraction audio-->"D:\Programs\CDex_170b2\uninstall.exe"
    Correctif Windows XP - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
    Correctif Windows XP - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
    Correctif Windows XP - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
    Correctif Windows XP - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
    Correctif Windows XP - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
    Correctif Windows XP - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
    Correctif Windows XP - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
    Correctif Windows XP - KB892944-->"C:\WINDOWS\$NtUninstallKB892944$\spuninst\spuninst.exe"
    Correctif Windows XP - KB911567-->"C:\WINDOWS\$NtUninstallKB911567-OE6SP1-20060316.165634$\spuninst\spuninst.exe"
    Correctif Windows XP - KB918439-->"C:\WINDOWS\$NtUninstallKB918439-IE6SP1-20060530.145346$\spuninst\spuninst.exe"
    Correctif Windows XP - KB918899-->"C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\spuninst\spuninst.exe"
    Correctif Windows XP - KB925486-->"C:\WINDOWS\$NtUninstallKB925486-IE6SP1-20060918.120000$\spuninst\spuninst.exe"
    DC++ 0.7091-->"C:\Program Files\DC++\uninstall.exe"
    e-Carte Bleue VISA Cléo-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\ECBCLEO.INF, DefaultUninstall.ntx86
    eMule-->"D:\Programs\eMule\Uninstall.exe"
    Epson Copy Utility 3.4-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}\SETUP.EXE" -l0x40c -UnInstall
    Epson Event Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48F22622-1CC2-4A83-9C1E-644DD96F832D}\SETUP.EXE" -l0x40c -u
    EPSON PERFECTION V30_V300 PHOTO Manuel-->C:\Program Files\EPSON\TPMANUAL\PerfV30_V300\FRA\USE_G\DOCUNINS.EXE
    EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
    ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe"
    Google Earth1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x40c -removeonly
    HijackThis 2.0.2-->"D:\Programs\hijackthis\HijackThis.exe" /uninstall
    Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
    Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
    LightScribe System Software 1.10.19.1-->MsiExec.exe /X{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}
    Linksys Wireless-G PCI Adapter-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x40c
    Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
    Microsoft Internet Explorer 6 SP1-->rundll32 C:\WINDOWS\System32\setupwbv.dll,IE6Maintenance C:\Program Files\Internet Explorer\IE Uninstall\W2KEXCP.EXE /u
    Microsoft Office XP Standard-->MsiExec.exe /I{9012040C-6000-11D3-8CFE-0050048383C9}
    Mise à jour de sécurité pour Lecteur Windows Media (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP9$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896424)-->"C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899589)-->"C:\WINDOWS\$NtUninstallKB899589$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB904706)-->"C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905495)-->"C:\WINDOWS\$NtUninstallKB905495$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB921398)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
    Mise à jour de sécurité pour Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB835409)-->"C:\WINDOWS\$NtUninstallKB835409$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
    Mise à jour pour Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
    Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
    Nero 8 Essentials-->MsiExec.exe /X{65A54DC3-5FF6-4C75-906E-3EA1A3B71036}
    neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
    Palm Desktop-->MsiExec.exe /X{F1E906E7-1120-428D-A124-4938C306427E}
    Power IEv3-->MsiExec.exe /I{AF7C627C-F354-4FF1-8450-398C806B436E}
    QuickTime-->MsiExec.exe /I{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}
    SA304x Device Manager-->C:\Program Files\InstallShield Installation Information\{0590BB91-B280-4BAB-95D7-D6558117D27C}\setup.exe -runfromtemp -l0x040c -removeonly
    SA304x Media Converter-->C:\Program Files\InstallShield Installation Information\{1E06D48E-5448-4BCC-9F87-9FB4EBD59898}\setup.exe -runfromtemp -l0x040c -removeonly
    SecurDisc Viewer-->MsiExec.exe /X{B941B1C3-40AF-4E1E-AA5F-ED99EDEA1036}
    Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
    Sunbelt Kerio Personal Firewall-->MsiExec.exe /X{E659E0EE-10E6-49B7-8696-60F38D0EB174}
    Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
    Turbo Lister 2-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
    Tweak UI-->"C:\WINDOWS\System32\mshta.exe" "res://C:\WINDOWS\System32\TweakUI.exe/uninstall.hta"
    ULi AGP Driver -->C:\WINDOWS\System32\UnAGP.EXE RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DD0650C-5113-4FEE-BDDA-AC0B76FD0BD1}\Setup.exe" -uninst
    ULi LAN Driver-->C:\WINDOWS\System32\UnLAN.EXE RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{143BE018-D8F8-4014-8CB6-AF63F5799D21}\Setup.exe" -uninst
    ULi SATA Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FDC53DC6-137A-4541-BFA2-A9BAE4A7FE99}\Setup.exe" -l0x9 -removeonly
    UnInstall Gamesurround Fortissimo 4 Audio Device Driver-->RunDll32.exe UnEnvyNT.dll,UninstallAudio C:\WINDOWS\IsUn040c.exe -y-f"C:\PROGRA~1\GAMESU~1/Uninst.isu"
    Unlocker 1.8.6-->C:\Program Files\Unlocker\uninst.exe
    VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
    VideoLAN VLC media player 0.8.4a-->D:\Programs\VLC\uninstall.exe
    Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
    Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\System32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
    WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
    Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
    Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
    Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
    Windows Live Sign-in Assistant-->MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
    Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
    xp-AntiSpy 3.96-8-->d:\Programs\xp-AntiSpy\Uninstall.exe

    =====HijackThis Backups=====

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) [2008-01-26]
    O15 - Trusted Zone: *.trustedantivirus.com [2008-03-01]
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2008-03-01]
    O15 - Trusted Zone: *.onerateld.com (HKLM) [2008-03-01]
    O15 - Trusted Zone: *.amaena.com (HKLM) [2008-03-01]
    O15 - Trusted Zone: *.safetydownload.com [2008-03-01]
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2008-03-01]
    O15 - Trusted Zone: *.safetydownload.com (HKLM) [2008-03-01]
    O15 - Trusted Zone: *.avsystemcare.com (HKLM) [2008-03-01]
    O15 - Trusted Zone: *.onerateld.com [2008-03-01]
    O15 - Trusted Zone: *.avsystemcare.com [2008-03-01]
    O15 - Trusted Zone: *.virusschlacht.com [2008-03-01]
    O4 - HKLM\..\Run: [AdobeVersionCue] D:\Programs\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe [2008-03-01]
    O15 - Trusted Zone: *.trustedantivirus.com (HKLM) [2008-03-01]
    O4 - HKLM\..\Run: [NI.UGA6P_0001_N122M0611] "C:\DOCUME~1\steph.BIG\LOCALS~1\Temp\winvsnet.exe" [2008-03-01]
    O15 - Trusted Zone: *.virusschlacht.com (HKLM) [2008-03-01]
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2008-03-01]
    O15 - Trusted Zone: *.amaena.com [2008-03-01]
    O4 - HKLM\..\Run: [EnvyHFCPL] C:\Program Files\Gamesurround Fortissimo 4 mixer\EnMixCPL.exe [2008-03-01]
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2008-03-10]
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx [2008-03-10]
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens [2008-03-10]
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx [2008-03-10]
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe [2008-03-10]
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) [2008-03-10]
    O4 - HKLM\..\Run: [BM1b948b7d] Rundll32.exe "C:\WINDOWS\System32\uxwuxoqd.dll",s [2008-03-10]
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2008-03-10]
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [2008-03-10]
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing) [2008-03-10]
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - https://www.eset.com/ [2008-03-11]
    O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe [2009-06-26]
    O4 - HKLM\..\Run: [sysldtray] C:\windows\ld11.exe [2009-06-26]
    O4 - HKLM\..\Run: [sysmstray] C:\windows\mstre19.exe [2009-06-26]

    ======Hosts File======

    127.0.0.1 007guard.com
    127.0.0.1 www.007guard.com
    127.0.0.1 008i.com
    127.0.0.1 008k.com
    127.0.0.1 www.008k.com
    127.0.0.1 00hq.com
    127.0.0.1 www.00hq.com
    127.0.0.1 010402.com
    127.0.0.1 032439.com
    127.0.0.1 www.032439.com

    ======System event log======

    Computer Name: BIG
    Event Code: 6005
    Message: Le service d'Enregistrement d'événement a démarré.

    Record Number: 23426
    Source Name: EventLog
    Time Written: 20090516104758.000000+120
    Event Type: Informations
    User:

    Computer Name: BIG
    Event Code: 6009
    Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 1 Uniprocessor Free.

    Record Number: 23425
    Source Name: EventLog
    Time Written: 20090516104758.000000+120
    Event Type: Informations
    User:

    Computer Name: BIG
    Event Code: 1003
    Message: Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
    du serveur DHCP) pour la carte réseau dont l'adresse réseau est 0016B6A04304. Il s'est
    produit l'erreur suivante :
    L'opération a été annulée par l'utilisateur.
    .
    Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
    serveur d'adresse réseau (DHCP).

    Record Number: 23424
    Source Name: Dhcp
    Time Written: 20090516104803.000000+120
    Event Type: Avertissement
    User:

    Computer Name: BIG
    Event Code: 6006
    Message: Le service d'Enregistrement d'événement a été arrêté.

    Record Number: 23423
    Source Name: EventLog
    Time Written: 20090515213253.000000+120
    Event Type: Informations
    User:

    Computer Name: BIG
    Event Code: 26
    Message: Application popup : dwwin.exe - L'initialisation de la DLL a échoué : L'application n'a pas pu s'initialiser car la station de travail est en train d'être arrêtée.

    Record Number: 23422
    Source Name: Application Popup
    Time Written: 20090515213250.000000+120
    Event Type: Informations
    User:

    =====Application event log=====

    Computer Name: BIG
    Event Code: 2002
    Message: Le service EAPOL a été arrêté correctement.

    Record Number: 5
    Source Name: EAPOL
    Time Written: 20090612212121.000000+120
    Event Type: Informations
    User:

    Computer Name: BIG
    Event Code: 2003
    Message: Le service EAPOL est en cours d'exécution

    Record Number: 4
    Source Name: EAPOL
    Time Written: 20090612212121.000000+120
    Event Type: Informations
    User:

    Computer Name: BIG
    Event Code: 1000
    Message: Application défaillante kpf4ss.exe, version 4.3.744.0, module défaillant kpf4ss.exe, version 4.3.744.0, adresse de défaillance 0x0006376b.

    Record Number: 3
    Source Name: Application Error
    Time Written: 20090612212120.000000+120
    Event Type: erreur
    User:

    Computer Name: BIG
    Event Code: 0
    Message:
    Record Number: 2
    Source Name: Nero BackItUp Scheduler 3
    Time Written: 20090612211942.000000+120
    Event Type: Informations
    User:

    Computer Name: BIG
    Event Code: 4
    Message: The LightScribe Service started successfully.

    Record Number: 1
    Source Name: LightScribeService
    Time Written: 20090612211941.000000+120
    Event Type: Informations
    User:

    ======Environment variables======

    "ComSpec"=%SystemRoot%\system32\cmd.exe
    "Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Fichiers communs\ArcSoft\Bin;C:\Program Files\QuickTime\QTSystem
    "windir"=%SystemRoot%
    "OS"=Windows_NT
    "PROCESSOR_ARCHITECTURE"=x86
    "PROCESSOR_LEVEL"=15
    "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
    "PROCESSOR_REVISION"=2f02
    "NUMBER_OF_PROCESSORS"=1
    "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
    "TEMP"=%SystemRoot%\TEMP
    "TMP"=%SystemRoot%\TEMP
    "CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
    "QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

    -----------------EOF-----------------
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    merci de me dire si windows est légal ou pas

    _______________

    vire ce qui est ne quarantaine dans malwarebyte

    ______________

    Pour fusionner:

    http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

    _______________

    telecharge combofix:

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    _________________

    Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

    Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

    File::
    C:\WINDOWS\ld11.exe

    Enregistre ce fichier sous le nom CFscript

    Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

    Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

    Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

    _______________________

    lance javara pour mettre a jour java:
    https://javara.fr.malavida.com/

    _______________________

    colle un scan en ligne avec un des suivant

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr
    ________________________

    remets un rapport RSIT neuf
    0
  7. stekap Messages postés 62 Statut Membre
     
    ComboFix 09-06-26.02 - steph 28/06/2009 11:14.5 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.1.1252.33.1036.18.1023.652 [GMT 2:00]
    Lancé depuis: c:\documents and settings\steph.BIG\Bureau\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\ld11.exe
    c:\windows\system32\drivers\9fa98990.sys

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_driver
    -------\Legacy_driverdrv
    -------\Service_9fa98990

    ((((((((((((((((((((((((((((( Fichiers créés du 2009-05-28 au 2009-06-28 ))))))))))))))))))))))))))))))))))))
    .

    2009-06-26 19:54 . 2009-06-26 19:55 -------- d-----w- C:\rsit
    2009-06-23 19:04 . 2009-06-23 19:04 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
    2009-06-23 19:04 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
    2009-06-23 19:04 . 2009-06-23 19:04 -------- d-----w- c:\program files\Lavasoft
    2009-06-22 22:26 . 2009-06-23 19:04 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
    2009-06-22 19:56 . 2009-06-22 20:08 -------- d-----w- c:\documents and settings\carole.BIG\.housecall6.6
    2009-06-19 17:59 . 2009-06-19 17:59 1 ----a-w- c:\windows\123312sd345fdg.dat
    2009-06-19 17:58 . 2009-06-26 19:40 -------- d-----w- c:\program files\driver

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-06-26 20:39 . 2007-07-28 17:16 -------- d-----w- c:\documents and settings\steph.BIG\Application Data\Azureus
    2009-06-26 19:28 . 2008-12-17 10:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-06-26 18:45 . 2006-06-25 16:00 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
    2009-06-22 20:39 . 2008-03-11 13:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-06-18 17:28 . 2006-06-25 15:27 -------- d-----w- c:\documents and settings\carole.BIG\Application Data\AdobeUM
    2009-06-17 09:27 . 2008-12-17 10:43 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-06-17 09:27 . 2008-12-17 10:43 18456 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-06-05 18:34 . 2006-11-13 08:32 -------- d-----w- c:\documents and settings\steph.BIG\Application Data\dvdcss
    2009-05-28 19:20 . 2006-09-20 01:12 -------- d-----w- c:\program files\DC++
    2009-05-05 12:04 . 2006-06-25 22:21 -------- d-----w- c:\documents and settings\steph.BIG\Application Data\AdobeUM
    2009-05-03 17:23 . 2009-05-03 17:23 -------- d-----w- c:\program files\NCH Software
    2009-05-03 17:22 . 2008-07-26 10:31 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\NCH Swift Sound
    2009-05-03 17:22 . 2008-07-26 10:31 -------- d-----w- c:\documents and settings\steph.BIG\Application Data\NCH Swift Sound
    2009-05-03 17:22 . 2008-07-26 10:31 -------- d-----w- c:\program files\NCH Swift Sound
    2006-02-07 08:07 . 2006-02-07 08:07 200704 ----a-w- c:\program files\ECB-CLEO.exe
    2006-02-07 08:06 . 2006-02-07 08:06 121 ----a-w- c:\program files\Config.ini
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\ctfmon.exe" [2002-09-07 13312]
    "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="d:\programs\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2002-09-07 208953]
    "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2002-09-07 44032]
    "MSPY2002"="c:\windows\System32\IME\PINTLGNT\ImScInst.exe" [2002-09-07 59392]
    "PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-09-07 455168]
    "PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-09-07 455168]
    "NeroFilterCheck"="c:\program files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
    "ULiRaid"="c:\program files\ULiRaid\ULiRaid.exe" [2006-05-12 630784]
    "ArcSoft Connection Service"="c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
    "EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-23 518488]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2002-09-07 13312]

    c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Shortcuts\
    Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-6-24 110592]
    Assistant d'Acrobat.lnk - d:\programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
    Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2005-5-6 487424]
    Microsoft Office.lnk - d:\programs\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "swg"=c:\program files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
    "LightScribe Control Panel"=c:\program files\Fichiers communs\LightScribe\LightScribeControlPanel.exe -hidden
    "Iomega Automatic Backup Pro"="d:\programs\iab_pro_and_iso-w32-x86-33012\Automatic Backup Pro\LiveSystem.exe" -s

    R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [25/06/2006 18:07 25344]
    R0 m5289;m5289;c:\windows\system32\drivers\m5289.sys [29/07/2008 21:15 52480]
    R0 uliagpkx;ULi AGP Bus Filter Driver;c:\windows\system32\drivers\AGPKX.SYS [24/06/2006 16:54 45056]
    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24/04/2008 19:16 78416]
    R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [16/03/2007 10:56 302000]
    R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [16/03/2007 10:56 72496]
    R3 Envy24HFS;Gamesurround Fortissimo 4 Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [24/06/2006 17:03 575424]
    S0 lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [23/06/2009 21:07 64160]
    S3 EPPSCSIx;Agfa EPPSCSI Driver;c:\windows\system32\drivers\EPPSCAN.sys [21/10/1999 17:10 95336]
    S3 Imasaveraib;Imasaveraib; [x]
    S3 ULI5261XP;ULi M526X Ethernet NT Driver;c:\windows\system32\drivers\ULILAN51.SYS [24/06/2006 16:53 28672]

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    "c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
    .
    Contenu du dossier 'Tâches planifiées'

    2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 13:21]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    SafeBoot-lavasoft ad-aware service

    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.google.fr/
    mWindow Title =
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xporter vers Microsoft Excel - d:\programs\MICROS~1\Office10\EXCEL.EXE/3000
    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    FF - ProfilePath - c:\documents and settings\steph.BIG\Application Data\Mozilla\Firefox\Profiles\fkgh32hw.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
    FF - plugin: d:\programs\Adobe\Adobe Acrobat 6.0\Acrobat\browser\nppdf32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-06-28 11:23
    Windows 5.1.2600 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(420)
    c:\windows\system32\ODBC32.dll
    c:\windows\System32\msctfime.ime

    - - - - - - - > 'lsass.exe'(476)
    c:\windows\system32\Dssenh.dll

    - - - - - - - > 'explorer.exe'(3488)
    c:\windows\System32\msctfime.ime
    c:\windows\System32\msi.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    d:\programs\Alwil Software\Avast4\aswUpdSv.exe
    d:\programs\Alwil Software\Avast4\ashServ.exe
    c:\program files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    c:\program files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
    c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    d:\programs\Alwil Software\Avast4\ashMaiSv.exe
    d:\programs\Alwil Software\Avast4\ashWebSv.exe
    c:\program files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
    c:\program files\MSN Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-06-28 11:27 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-06-28 09:27

    Avant-CF: 458 231 808 octets libres
    Après-CF: 735 002 624 octets libres

    160 --- E O F --- 2008-12-17 11:10
    0
  8. stekap Messages postés 62 Statut Membre
     
    Logfile of random's system information tool 1.06 (written by random/random)
    Run by steph at 2009-06-28 16:37:44
    Microsoft Windows XP Professionnel Service Pack 1
    System drive C: has 721 MB (7%) free of 10 GB
    Total RAM: 1023 MB (49% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:37:59, on 28/06/2009
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    d:\Programs\Alwil Software\Avast4\aswUpdSv.exe
    d:\Programs\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    d:\Programs\Alwil Software\Avast4\ashMaiSv.exe
    d:\Programs\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    D:\Programs\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ULiRaid\ULiRaid.exe
    C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\steph.BIG\Bureau\RSIT.exe
    D:\Programs\hijackthis\steph.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [avast!] d:\Programs\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULiRaid\ULiRaid.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = D:\Programs\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Programs\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programs\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    windows est ou pas légal boredl !
    ______________________

    lance javara pour mettre a jour java:
    https://javara.fr.malavida.com/

    _______________________

    colle un scan en ligne avec un des suivant

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr
    ________________________
    0
  10. stekap Messages postés 62 Statut Membre
     
    légal
    0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    alors mets à jour windows avec le sp 2 et sp 3 . En allant dans démarrer puis tous les programmes puis window up date . Puis mets à jour les mise à jour prioritaires . Et fais le reste donné
    0
  12. stekap Messages postés 62 Statut Membre
     
    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2009-07-01 22:14:45
    PROTECTIONS: 0
    MALWARE: 4
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\steph.BIG\Cookies\steph@serving-sys[1].txt
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\steph.BIG\Cookies\steph@bs.serving-sys[2].txt
    00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\steph.BIG\Cookies\steph@adtech[1].txt
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\steph.BIG\Cookies\steph@smartadserver[2].txt
    ;===================================================================================================================================================================================
    SUSPECTS
    Sent Location oXn9
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    VULNERABILITIES
    Id Severity Description oXn9
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================
    0
  13. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    mets à jour windows avec le sp 2 et sp 3 . En allant dans démarrer puis tous les programmes puis window up date . Puis mets à jour les mise à jour prioritaires .

    ______________

    remets un rapport RSIt et dis si encore des soucis
    0
  14. stekap Messages postés 62 Statut Membre
     
    Bonjour voila je n'ai plus de problème visible par contre la mise à jour windows a échoué je vais réessayer
    je poste quand meme le log
    merci beaucoup pour le temps passé !!

    Logfile of random's system information tool 1.06 (written by random/random)
    Run by steph at 2009-07-02 19:05:16
    Microsoft Windows XP Professionnel Service Pack 1
    System drive C: has 401 MB (4%) free of 10 GB
    Total RAM: 1023 MB (53% free)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:05:27, on 02/07/2009
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    d:\Programs\Alwil Software\Avast4\aswUpdSv.exe
    d:\Programs\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    d:\Programs\Alwil Software\Avast4\ashWebSv.exe
    d:\Programs\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\Explorer.EXE
    D:\Programs\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ULiRaid\ULiRaid.exe
    C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\steph.BIG\Bureau\RSIT.exe
    D:\Programs\hijackthis\steph.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\System32\BhoECart.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programs\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [avast!] d:\Programs\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [ULiRaid] C:\Program Files\ULiRaid\ULiRaid.exe
    O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
    O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Assistant d'Acrobat.lnk = D:\Programs\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = D:\Programs\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\Programs\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Programs\Adobe\Adobe Version Cue\service\VersionCue.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - d:\Programs\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - d:\Programs\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service de transfert intelligent en arrière-plan (BITS) - Unknown owner - C:\WINDOWS\
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    O23 - Service: Mises à jour automatiques (wuauserv) - Unknown owner - C:\WINDOWS\
    0