Win32/Rootkit.Agent.ODG cheval de troie

Résolu
cheralza Messages postés 31 Statut Membre -  
cheralza Messages postés 31 Statut Membre -
Bonjour,
voici mon probleme. j'ai un virus :Win32/Rootkit.Agent.ODG cheval de troie
Mon antivirus NOD32 n'arrive pas a le supprimer et ce virus m'empeche de me connecter a internet. j'ai suivi les intructions sur le forum but nothing. Windows bloque Flash desinfector et quand j'essaye d'installer HijackThis, mon Laptop redemarre et met un message d'erreur. please aidez moi a resoudre ce probleme. Sur le forum, il ya tellement de solutions , lequel suivre? Jattend vos reponses. merci
Configuration: Windows Vista
Firefox 3.0.12

7 réponses

  1.
    Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Bonjour,

    --> Désactive l'UAC le temps de la désinfection.

    /!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

    --> Télécharge ComboFix (de sUBs) sur ton Bureau.
    --> Clique droit sur ComboFix.exe (le .exe n'est pas forcément visible) et choisis Exécuter en tant qu'administrateur afin de le lancer.
    --> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

    Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
    1
    1. cheralza Messages postés 31 Statut Membre
       
      hi Destrio5 j'ai telecharger RSIT et voici les resultats

      info.txt logfile of random's system information tool 1.06 2009-07-26 09:03:54

      ======Uninstall list======

      -->"C:\Program Files\InstallShield Installation Information\{A644254B-92F6-4970-8635-AB0775371E72}\setup.exe" --u:{A644254B-92F6-4970-8635-AB0775371E72}
      -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
      -->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{622E6F16-0904-49B6-BBE1-4CC836314CCF}\setup.exe" -l0x9
      -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{697AFC77-F318-4CD4-BF16-F50F4C1072DA}\setup.exe" -l0x9
      Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
      Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
      Adobe Reader 8.1.6-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
      Amazon Links-->C:\Program Files\InstallShield Installation Information\{224821ED-CADA-4A8A-AC8D-3734CC0F0931}\setup.exe -runfromtemp -l0x0009 -removeonly
      Any Audio Converter 1.1.0-->"C:\Program Files\Any Audio Converter\unins000.exe"
      Any Video Converter 2.7.5-->"C:\Program Files\Any Video Converter\unins000.exe"
      Atheros Driver Installation Program-->C:\Program Files\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe -runfromtemp -l0x0009
      Atheros Wi-Fi Protected Setup Library-->C:\Program Files\InstallShield Installation Information\{B0BCDCBD-863D-4CAB-BF68-8D1F6B1BDC13}\setup.exe -runfromtemp -l0x0009 -removeonly
      BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
      Camera Assistant Software for Toshiba-->C:\Program Files\InstallShield Installation Information\{37C866E4-AA67-4725-9E95-A39968DD7960}\setup.exe -runfromtemp -l0x0009
      CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
      CD/DVD Drive Acoustic Silencer-->C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\setup.exe -runfromtemp -l0x0009 -removeonly
      Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
      Cisco EAP-FAST Module-->MsiExec.exe /I{415B2719-AD3A-4944-B404-C472DB6085B3}
      Cisco LEAP Module-->MsiExec.exe /I{83770D14-21B9-44B3-8689-F7B523F94560}
      Cisco PEAP Module-->MsiExec.exe /I{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}
      Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
      Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
      Desktop Doctor-->MsiExec.exe /I{D87149B3-7A1D-4548-9CBF-032B791E5908}
      DVD MovieFactory for TOSHIBA-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}\setup.exe" -l0x9
      eMule-->"C:\Program Files\eMule\Uninstall.exe"
      FFBestShoppingTipsProgram-->C:\Program Files\Mozilla Firefox\extensions\BestShoppingTipsProgram@BestShoppingTipsProgram\uninstall.exe uninstall=bestshoppingtipsprogramff
      Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
      Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
      HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
      Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
      Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
      Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
      Internet Download Accelerator version 5.7-->"C:\Program Files\IDA\unins000.exe"
      Irregular Verb List-->C:\Windows\uninst.exe -f"C:\Program Files\UsingEnglish.com\Irregular Verb List\DeIsL1.isu" -c"C:\Program Files\UsingEnglish.com\Irregular Verb List\_ISREG32.DLL"
      Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
      Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
      LimeWire 5.1.3-->"C:\Program Files\LimeWire\uninstall.exe"
      Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
      Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
      Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
      Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
      Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
      Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
      Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
      Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
      Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}
      Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
      Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
      Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
      Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
      Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
      Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
      Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
      Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
      Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
      Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}
      Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
      Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
      Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}
      Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
      MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
      MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
      MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
      Newbury House Dictionary-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{86E48542-6333-47EF-B99F-4003A3E65C81}\Setup.exe"
      Picasa 2-->"C:\Program Files\Picasa2\Uninstall.exe"
      Realtek 8169 8168 8101E 8102E Ethernet Driver-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x0009 -removeonly
      Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709
      Realtek USB 2.0 Card Reader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe" -l0x9 -removeonly
      Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
      Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
      Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
      Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
      Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
      Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
      Security Update for Windows Media Encoder (KB954156)-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E} MSIPATCHREMOVE={E836F1B7-43FB-46B0-A0D9-E4D2A5951659} /qb
      Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
      Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
      TeraCopy 1.22-->"C:\Program Files\TeraCopy\unins000.exe"
      TorrentMan Toolbar-->C:\PROGRA~1\TORREN~1\UNWISE.EXE C:\PROGRA~1\TORREN~1\INSTALL.LOG
      TOSHIBA Assist-->C:\Program Files\InstallShield Installation Information\{12B3A009-A080-4619-9A2A-C6DB151D8D67}\setup.exe -runfromtemp -l0x0009 -removeonly
      TOSHIBA ConfigFree-->MsiExec.exe /X{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}
      TOSHIBA Desktop Links-->C:\Program Files\InstallShield Installation Information\{E1E56B8A-1AAF-422A-91DB-625059FB9863}\setup.exe -runfromtemp -l0x0009 -removeonly
      TOSHIBA Disc Creator-->MsiExec.exe /X{5DA0E02F-970B-424B-BF41-513A5018E4C0}
      TOSHIBA DVD PLAYER-->C:\Program Files\InstallShield Installation Information\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}\setup.exe -runfromtemp -l0x0009 -ADDREMOVE -removeonly
      TOSHIBA Extended Tiles for Windows Mobility Center-->C:\Program Files\InstallShield Installation Information\{617C36FD-0CBE-4600-84B2-441CEB12FADF}\setup.exe -runfromtemp -l0x0409
      TOSHIBA Face Recognition-->"C:\Program Files\InstallShield Installation Information\{C730E42C-935A-45BB-A0C5-37E5234D111B}\setup.exe" -runfromtemp -l0x0409 -removeonly
      TOSHIBA Face Recognition-->MsiExec.exe /I{C730E42C-935A-45BB-A0C5-37E5234D111B}
      TOSHIBA Hardware Setup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2883F6F5-0509-43F3-868C-D50330DD9DD3}\setup.exe" -l0x9
      TOSHIBA Recovery Disc Creator-->MsiExec.exe /X{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}
      Toshiba Registration-->MsiExec.exe /I{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}
      TOSHIBA Service Station-->C:\Program Files\InstallShield Installation Information\{AC6569FA-6919-442A-8552-073BE69E247A}\setup.exe -runfromtemp -l0x0009 -removeonly
      TOSHIBA Software Modem-->Tosmreg -U
      TOSHIBA Speech System Applications-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}\Setup.exe" -l0x9
      TOSHIBA Speech System SR Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{008D69EB-70FF-46AB-9C75-924620DF191A}\Setup.exe" -l0x9 UNINSTALL
      TOSHIBA Speech System TTS Engine(U.S.) Version1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}\Setup.exe" -l0x9
      TOSHIBA Supervisor Password-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4B1E87C3-00DE-4898-8E39-E390AAEF2391}\setup.exe" -l0x9
      TOSHIBA Value Added Package-->C:\Program Files\InstallShield Installation Information\{FEDD27A0-B306-45EF-BF58-B527406B42C8}\setup.exe -runfromtemp -l0x0409
      Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
      Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
      Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
      Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
      Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
      Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
      Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
      Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
      VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
      Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
      Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
      Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
      Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
      Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
      Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
      Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
      Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
      Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}
      Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
      Windows Media Encoder 9 Series-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
      Windows Media Encoder 9 Series-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
      Yahoo! Install Manager-->C:\Windows\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
      Yahoo! Search Protection-->C:\PROGRA~1\Yahoo!\SEARCH~1\UNINST~1.EXE
      Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
      Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

      ======Security center information======

      AS: Windows Defender

      ======System event log======

      Computer Name: Aymonne-PC
      Event Code: 134
      Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
      Record Number: 5410
      Source Name: Microsoft-Windows-Time-Service
      Time Written: 20090521193138.000000-000
      Event Type: Warning
      User:

      Computer Name: Aymonne-PC
      Event Code: 134
      Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)
      Record Number: 5409
      Source Name: Microsoft-Windows-Time-Service
      Time Written: 20090521193137.000000-000
      Event Type: Warning
      User:

      Computer Name: Aymonne-PC
      Event Code: 15016
      Message: Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.
      Record Number: 5407
      Source Name: Microsoft-Windows-HttpEvent
      Time Written: 20090521223117.630081-000
      Event Type: Error
      User:

      Computer Name: Aymonne-PC
      Event Code: 4001
      Message: WLAN AutoConfig service has successfully stopped.

      Record Number: 5385
      Source Name: Microsoft-Windows-WLAN-AutoConfig
      Time Written: 20090110005528.336000-000
      Event Type: Warning
      User: NT AUTHORITY\SYSTEM

      Computer Name: Aymonne-PC
      Event Code: 10002
      Message: WLAN Extensibility Module has stopped.

      Module Path: C:\Windows\system32\athihvs.dll

      Record Number: 5384
      Source Name: Microsoft-Windows-WLAN-AutoConfig
      Time Written: 20090110005528.273600-000
      Event Type: Warning
      User: NT AUTHORITY\SYSTEM

      =====Application event log=====

      Computer Name: Aymonne-PC
      Event Code: 1008
      Message: The Open Procedure for service "PNRPsvc" in DLL "C:\Windows\system32\pnrpperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
      Record Number: 1054
      Source Name: Microsoft-Windows-Perflib
      Time Written: 20090521223519.000000-000
      Event Type: Error
      User:

      Computer Name: Aymonne-PC
      Event Code: 1010
      Message: The Collect Procedure for the "EmdCache" service in DLL "C:\Windows\system32\emdmgmt.dll" generated an exception or returned an invalid status. The performance data returned by the counter DLL will not be returned in the Perf Data Block. The first four bytes (DWORD) of the Data section contains the exception code or status code.
      Record Number: 1053
      Source Name: Microsoft-Windows-Perflib
      Time Written: 20090521223517.000000-000
      Event Type: Error
      User:

      Computer Name: Aymonne-PC
      Event Code: 1008
      Message: The Open Procedure for service "BITS" in DLL "C:\Windows\system32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
      Record Number: 1052
      Source Name: Microsoft-Windows-Perflib
      Time Written: 20090521223517.000000-000
      Event Type: Error
      User:

      Computer Name: Aymonne-PC
      Event Code: 10
      Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
      Record Number: 1000
      Source Name: Microsoft-Windows-WMI
      Time Written: 20090521193203.000000-000
      Event Type: Error
      User:

      Computer Name: Aymonne-PC
      Event Code: 1008
      Message: The Windows Search Service is attempting to remove the old catalog.

      Record Number: 986
      Source Name: Microsoft-Windows-Search
      Time Written: 20090521193138.000000-000
      Event Type: Warning
      User:

      =====Security event log=====

      Computer Name: WIN-X1RNV7SC2ZO
      Event Code: 4672
      Message: Special privileges assigned to new logon.

      Subject:
      Security ID: S-1-5-18
      Account Name: SYSTEM
      Account Domain: NT AUTHORITY
      Logon ID: 0x3e7

      Privileges: SeAssignPrimaryTokenPrivilege
      SeTcbPrivilege
      SeSecurityPrivilege
      SeTakeOwnershipPrivilege
      SeLoadDriverPrivilege
      SeBackupPrivilege
      SeRestorePrivilege
      SeDebugPrivilege
      SeAuditPrivilege
      SeSystemEnvironmentPrivilege
      SeImpersonatePrivilege
      Record Number: 860
      Source Name: Microsoft-Windows-Security-Auditing
      Time Written: 20090110005527.338215-000
      Event Type: Audit Success
      User:

      Computer Name: WIN-X1RNV7SC2ZO
      Event Code: 4624
      Message: An account was successfully logged on.

      Subject:
      Security ID: S-1-5-18
      Account Name: WIN-X1RNV7SC2ZO$
      Account Domain: WORKGROUP
      Logon ID: 0x3e7

      Logon Type: 5

      New Logon:
      Security ID: S-1-5-18
      Account Name: SYSTEM
      Account Domain: NT AUTHORITY
      Logon ID: 0x3e7
      Logon GUID: {00000000-0000-0000-0000-000000000000}

      Process Information:
      Process ID: 0x27c
      Process Name: C:\Windows\System32\services.exe

      Network Information:
      Workstation Name:
      Source Network Address: -
      Source Port: -

      Detailed Authentication Information:
      Logon Process: Advapi
      Authentication Package: Negotiate
      Transited Services: -
      Package Name (NTLM only): -
      Key Length: 0

      This event is generated when a logon session is created. It is generated on the computer that was accessed.

      The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

      The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

      The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

      The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

      The authentication information fields provide detailed information about this specific logon request.
      - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
      - Transited services indicate which intermediate services have participated in this logon request.
      - Package name indicates which sub-protocol was used among the NTLM protocols.
      - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
      Record Number: 859
      Source Name: Microsoft-Windows-Security-Auditing
      Time Written: 20090110005527.338215-000
      Event Type: Audit Success
      User:

      Computer Name: WIN-X1RNV7SC2ZO
      Event Code: 4648
      Message: A logon was attempted using explicit credentials.

      Subject:
      Security ID: S-1-5-18
      Account Name: WIN-X1RNV7SC2ZO$
      Account Domain: WORKGROUP
      Logon ID: 0x3e7
      Logon GUID: {00000000-0000-0000-0000-000000000000}

      Account Whose Credentials Were Used:
      Account Name: SYSTEM
      Account Domain: NT AUTHORITY
      Logon GUID: {00000000-0000-0000-0000-000000000000}

      Target Server:
      Target Server Name: localhost
      Additional Information: localhost

      Process Information:
      Process ID: 0x27c
      Process Name: C:\Windows\System32\services.exe

      Network Information:
      Network Address: -
      Port: -

      This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
      Record Number: 858
      Source Name: Microsoft-Windows-Security-Auditing
      Time Written: 20090110005527.338215-000
      Event Type: Audit Success
      User:

      Computer Name: WIN-X1RNV7SC2ZO
      Event Code: 1100
      Message: The event logging service has shut down.
      Record Number: 857
      Source Name: Microsoft-Windows-Eventlog
      Time Written: 20090110005528.195600-000
      Event Type: Audit Success
      User:

      Computer Name: WIN-X1RNV7SC2ZO
      Event Code: 1102
      Message: The audit log was cleared.
      Subject:
      Security ID: S-1-5-21-2844338048-2687002610-4010198750-500
      Account Name: Administrator
      Domain Name: WIN-X1RNV7SC2ZO
      Logon ID: 0x4abf9
      Record Number: 856
      Source Name: Microsoft-Windows-Eventlog
      Time Written: 20090110005522.876615-000
      Event Type: Audit Success
      User:

      ======Environment variables======

      "ComSpec"=%SystemRoot%\system32\cmd.exe
      "FP_NO_HOST_CHECK"=NO
      "OS"=Windows_NT
      "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG
      "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
      "PROCESSOR_ARCHITECTURE"=x86
      "TEMP"=%SystemRoot%\TEMP
      "TMP"=%SystemRoot%\TEMP
      "USERNAME"=SYSTEM
      "windir"=%SystemRoot%
      "PROCESSOR_LEVEL"=6
      "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
      "PROCESSOR_REVISION"=0f0d
      "NUMBER_OF_PROCESSORS"=2
      "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
      "DFSTRACINGON"=FALSE

      -----------------EOF-----------------



      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Aymonne at 2009-07-26 11:03:04
      Microsoft® Windows Vista™ Home Premium Service Pack 2
      System drive C: has 147 GB (64%) free of 230 GB
      Total RAM: 2939 MB (57% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:03:06 AM, on 7/26/2009
      Platform: Windows Vista SP2 (WinNT 6.00.1906)
      MSIE: Internet Explorer v7.00 (7.00.6002.18005)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Windows\System32\igfxtray.exe
      C:\Windows\System32\hkcmd.exe
      C:\Windows\System32\igfxpers.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
      C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
      C:\Program Files\Toshiba\SmoothView\SmoothView.exe
      C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
      C:\Program Files\Toshiba\TOSHIBA Service Station\TSS.exe
      C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\IDA\ida.exe
      C:\Windows\system32\igfxsrvc.exe
      C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Toshiba\ConfigFree\CFSwMgr.exe
      C:\Windows\system32\igfxext.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Users\Aymonne\Documents\My Received Files\RSIT.exe
      C:\Program Files\trend micro\Aymonne.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.xfinity.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
      O1 - Hosts: ::1 localhost
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
      O2 - BHO: BestShoppingTipsProgram - {4E3A97D3-9F15-4067-D0F9-241CC9CC9541} - C:\Program Files\BestShoppingTipsProgram\BestShoppingTipsProgram.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
      O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll
      O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
      O4 - HKLM\..\Run: [jswtrayutil] "C:\Program Files\Jumpstart\jswtrayutil.exe"
      O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
      O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
      O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
      O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
      O4 - HKLM\..\Run: [cfFncEnabler.exe] cfFncEnabler.exe
      O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files\TOSHIBA\TOSHIBA Service Station\TSS.exe" /hide
      O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
      O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
      O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
      O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
      O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
      O13 - Gopher Prefix:
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
      O17 - HKLM\System\CCS\Services\Tcpip\..\{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB}: NameServer = 85.255.112.125,85.255.112.159
      O17 - HKLM\System\CCS\Services\Tcpip\..\{5BE236FD-3749-4E42-988B-53DC570CF5F6}: NameServer = 85.255.112.125,85.255.112.159
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.125,85.255.112.159
      O17 - HKLM\System\CS1\Services\Tcpip\..\{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB}: NameServer = 85.255.112.125,85.255.112.159
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.125,85.255.112.159
      O17 - HKLM\System\CS2\Services\Tcpip\..\{0A2E6BA9-3B42-4B4C-BBFB-E7D86FD7E9DB}: NameServer = 85.255.112.125,85.255.112.159
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.125,85.255.112.159
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
      O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
      O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
      O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: Jumpstart Wifi Protected Setup (jswpsapi) - Atheros Communications, Inc. - C:\Program Files\Jumpstart\jswpsapi.exe
      O23 - Service: SmartFaceVWatchSrv - Toshiba - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe
      O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
      O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
      O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
      O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
      O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
      O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
      0
  2. Carter
     
    bonjours,

    CCleaner - Nettoyage des fichiers temporaires, Cookies..
    Téléchargement : https://www.ccleaner.com/ccleaner/download

    • Installer et lancer CCleaner,
    • Décochez la mise à jour automatique,
    •.Lancez Ccleaner avec l'icône créé sur le bureau,

    • Cliquez sur Option et --> Avancé et Décochez >>
    >> Effacer uniquement les fichiers temporaire .. de plus de 48 heures,
    • Sélectionnez "Nettoyeur" et cliquez sur -->"Windows", allez à la section "Avancé",
    • Et cochez uniquement la première case "Vieilles données du perfetch",
    • Sélectionnez le bouton [Analyse]..
    • Lorsque complété, cliquer sur [Nettoyage] aussi souvent..que nécessaire, jusqu’à ce que la fenêtre soit vidée.

    Lorsque ce nettoyage est complété.
    Remettre les options standard, pour une utilisation au quotidien.
    • Allez Recocher les dans les Options --> "Avancé" : Effacer uniquement les fichiers temporaire .. de plus de 48 heures
    • Et Décocher "Vieilles données du perfetch" dans Nettoyeur --> Windows

    Utiliser CCleaner après chaque session sur le net, installation de logiciels et/ou avant de fermer le PC.
    _____________________________________________________________________________

    Téléchargez Malwarebytes : http://www.malwarebytes.org/mbam.php
    • Lancez l'installation,
    • Dans [Settings] vous pouvez mettre en Français.
    • Faites la mise à jours de Malwarebytes.
    • Dans [Recherche] sélectionnez [Exécuter un examen Complet],
    • Après le scan, appuyer sur >>>>> [Supprimer la sélection].
    >> Redémarrer si nécessaire..
    Postez le rapport Malwarebytes post.
    _____________________________________________________________________________

    Téléchargez HijackThis : http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    • Installez et Lancer HijackThis, via le raccourci créé sur votre bureau,
    • Appuyer sur [Do a system scan and save a logfile].
    >> Le bloc-note va s'ouvrir avec un rapport,
    Postez le rapport HijackThis.
    0
    1. cheralza Messages postés 31 Statut Membre
       
      merci carter mai je ne peux pas installer Hijack This. mon laptop redemarre instantanement. idem pour Flash disinfector.
      0
    2. cheralza Messages postés 31 Statut Membre
       
      Malwarebytes ne fonctionne pas non plus.
      0
      1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324 > cheralza Messages postés 31 Statut Membre
         
        Oui, c'est normal.
        0
  3. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Le rapport confirme ce que je pensais, fais la manip' avec ComboFix.

    Si ComboFix ne se lance pas, renomme-le en CCM.
    0
    1. cheralza Messages postés 31 Statut Membre
       
      c'est koi le CCM?
      0
    2. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324 > cheralza Messages postés 31 Statut Membre
       
      CCM = CommentÇaMarche

      Pourquoi ces questions ?
      0
    3. cheralza Messages postés 31 Statut Membre
       
      Combix ne fonctionne pas.
      0
    4. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324 > cheralza Messages postés 31 Statut Membre
       
      Tu l'as renommé ?
      0
    5. cheralza Messages postés 31 Statut Membre > Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention  
       
      ComboFix ne fonctionne pas .Qu'est-ce je fait?
      0
  4. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Oui, c'est pas mal.

    ---> Télécharge Malwarebytes' Anti-Malware (MBAM) sur ton Bureau.
    ---> Double-clique sur le fichier téléchargé pour lancer le processus d'installation.
    ---> Dans l'onglet Mise à jour, clique sur le bouton Recherche de mise à jour : si le pare-feu demande l'autorisation à MBAM de se connecter à Internet, accepte.
    ---> Une fois la mise à jour terminée, rends-toi dans l'onglet Recherche.
    ---> Sélectionne Exécuter un examen rapide.
    ---> Clique sur Rechercher. L'analyse démarre.

    A la fin de l'analyse, un message s'affiche :

    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.

    ---> Clique sur OK pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
    ---> Ferme tes navigateurs.
    Si des malwares ont été détectés, clique sur Afficher les résultats.
    ---> Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre infectés et en mettre une copie dans la quarantaine.
    ---> MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport dans ta prochaine réponse.
    0
    1. cheralza Messages postés 31 Statut Membre
       
      voici le rapport:
      Qu'en penses-tu?

      Malwarebytes' Anti-Malware 1.39
      Version de la base de données: 2421
      Windows 6.0.6002 Service Pack 2

      7/26/2009 12:35:43 PM
      mbam-log-2009-07-26 (12-35-43).txt

      Type de recherche: Examen rapide
      Eléments examinés: 78512
      Temps écoulé: 3 minute(s), 20 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0

  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    --> Désinstalle Java 6 Update 6.

    --> Mets à jour Java.

    Le PC va bien ?
    0
    1. cheralza Messages postés 31 Statut Membre
       
      Pourkoi desinstaller Java?
      Je crois ke le PC va bien. rien a signaler
      0
  7. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    "Pourkoi desinstaller Java?"
    --> Car c'est une ancienne version et que tu installes la nouvelle.
    0
    1. cheralza Messages postés 31 Statut Membre
       
      Ok. Ou puis-je trouver la nvelle version?
      0
      1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324 > cheralza Messages postés 31 Statut Membre
         
        En cliquant sur le mot Java en bleu dans ma phrase "Mets à jour Java".
        0
      2. cheralza Messages postés 31 Statut Membre > Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention  
         
        ok j crois k c'est fait. Je te remercie beaucoup pour ton aide Destrio5.
        0
  8. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    1/

    ---> Désinstalle HijackThis.

    ---> Télécharge ToolsCleaner2 sur ton Bureau.
    * Clique droit sur ToolsCleaner2.exe et choisis Exécuter en tant qu'administrateur.
    * Clique sur Recherche et laisse le scan agir.
    * Clique sur Suppression pour finaliser.
    * Tu peux, si tu le souhaites, te servir des Options Facultatives.
    * Clique sur Quitter pour obtenir le rapport.
    * Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    2/

    ---> Télécharge et installe CCleaner (N'installe pas la Yahoo Toolbar) :
    * Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
    * Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.

    3/

    ---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

    ==Prévention==

    Réactive l'UAC si ce n'est pas déjà fait.

    Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

    Par rapport au P2P : Lien

    Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien

    Sois plus vigilant(e) sur Internet ;)
    0
    1. cheralza Messages postés 31 Statut Membre
       
      hi Destrio5, i was out of town. Concernant la restauration, peux-tu m'en dire plus? j'ai lu le lien mai j'ai peur de perdre des donnees importantes lors de la restauration.
      0
    2. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324 > cheralza Messages postés 31 Statut Membre
       
      Je ne t'ai pas demandé de faire une restauration système.
      0
    3. cheralza Messages postés 31 Statut Membre > Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention  
       
      ah bon mai dans ton previous message tu parles de restauration.
      0
    4. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324 > cheralza Messages postés 31 Statut Membre
       
      Oui, je te parle d'effacer les points de restauration en désactivant/réactivant la restauration système. Cela ne supprime pas tes documents.
      0
    5. cheralza Messages postés 31 Statut Membre > Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention  
       
      ok je le ferai alors, merci
      0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Cheval de Troie- e.tre456.worm.windows
Ninou037 -
Ninou037 -

13 réponses
cheval dans oblivion
sernaldo53 -
sernaldo53 -

12 réponses
PUADlManager:Win32/OfferCore
tenmalade -
tenmalade -

2 réponses
virus et ou cheval de troie
FLORE+60 -
bazfile -

1 réponse