Hacked by x4x

Résolu
aikakouki Messages postés 71 Date d'inscription   Statut Membre Dernière intervention   -  
 gen-hackman -
Bonjour,

Depuis peu, mon ordinateur est contaminé par ce virus ( il y a marqué hacked by x4x sur mon navigateur IE ).
Je ne sais pas quoi faire et j'espère que vous pourrez m'aider.

Merci d'avance.

69 réponses

Précédent
Réponse 21 / 69
aikakouki Messages postés 71 Date d'inscription   Statut Membre Dernière intervention   8
 
J'ai un problème, a partir de mon PC portable, je ne peux pas télécharger RSIT, la page de téléchargement ne s'ouvre pas :(
0
Réponse 22 / 69
Utilisateur anonyme
 
il est sous xp ou vista ?



0
Réponse 23 / 69
aikakouki Messages postés 71 Date d'inscription   Statut Membre Dernière intervention   8
 
Windows xp
0
Réponse 24 / 69
Utilisateur anonyme
 
on va passer usbfix direct :

• Télécharge et install UsbFix

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur le raccourci UsbFix présent sur ton bureau .

• Choisis l'option 1 ( Recherche )

• Laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.


• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 69
aikakouki Messages postés 71 Date d'inscription   Statut Membre Dernière intervention   8
 
Voili voilou :


############################## | UsbFix V6.024 |

User : CASAM (Users) # WKST-PRET06
Update on 01/09/09 by Chiquitine29, C_XX & Chimay8
Start at: 18:36:16 | 01/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled

C:\ -> Local Fixed Disk # 48.83 Go (8.74 Go free) [MASTER] # NTFS
D:\ -> Local Fixed Disk # 100.22 Go (96.8 Go free) [DATA] # NTFS
E:\ -> CD-ROM Disc
F:\ -> Removable Disk # 124.94 Mo (58 Mo free) # FAT
G:\ -> Removable Disk # 124.94 Mo (83.83 Mo free) # FAT

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\WINDOWS\system32\ifxspmgt.exe
c:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\win.exe
c:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\WINDOWS\system32\wscript.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\system32\ctfmon.exe
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\CASAM\reader_s.exe
C:\WINDOWS\system32\11.tmp
C:\WINDOWS\TEMP\VRT18.tmp
C:\WINDOWS\fonts\services.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\sofatnet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wiawow32.sys
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

Présent ! C:\Documents and Settings\CASAM\CASAM.exe
Présent ! C:\WINDOWS\system32\win.exe
Présent ! C:\WINDOWS\system32\winjpg.jpg
Présent ! C:\autorun.inf
Présent ! C:\winfile.jpg
Présent ! D:\autorun.inf
Présent ! D:\winfile.jpg
Présent ! F:\autorun.inf
Présent ! F:\RunDll32.exe
Présent ! F:\winfile.jpg
Présent ! G:\autorun.inf
Présent ! G:\winfile.jpg

################## | Suspect ! ... | https://www.virustotal.com/gui/ |


################## | Registre # Clés Run infectieuses |

Présent ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Présent ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Présent ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "smsm"
Présent ! HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run "reader_s"
Présent ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Présent ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Présent ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Présent ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
Présent ! HKLM\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe
Présent ! HKLM\software\microsoft\windows nt\currentversion\image file execution options\rstrui.exe
Présent ! HKLM\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe
Présent ! HKLM\software\microsoft\security center "AntiVirusOverride" ( 0x1 )

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{084cf0b7-9714-11de-a71a-001b3892be92}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

HKCU\..\..\Explorer\MountPoints2\{bc17a550-2d0b-11de-a67a-0013e8f73aa1}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

HKCU\..\..\Explorer\MountPoints2\{d175a45c-4d26-11de-a684-0013e8f73aa1}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

HKCU\..\..\Explorer\MountPoints2\{d175a45e-4d26-11de-a684-0013e8f73aa1}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

HKCU\..\..\Explorer\MountPoints2\{e6951564-3009-11de-a67b-0013e8f73aa1}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

HKCU\..\..\Explorer\MountPoints2\{e6951566-3009-11de-a67b-0013e8f73aa1}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # UsbFix V6.024 ! |
0
Réponse 26 / 69
aikakouki Messages postés 71 Date d'inscription   Statut Membre Dernière intervention   8
 
Voila le rapport d'Usbfix mais il me dit également d'envoyer un fichier qui vient d'apparaitre sur mon bureau ( "UsbFix_Upload_Me_WKST-PRET06" )



############################## | UsbFix V6.024 |

User : CASAM (Users) # WKST-PRET06
Update on 01/09/09 by Chiquitine29, C_XX & Chimay8
Start at: 18:46:41 | 01/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled

C:\ -> Local Fixed Disk # 48.83 Go (8.66 Go free) [MASTER] # NTFS
D:\ -> Local Fixed Disk # 100.22 Go (96.8 Go free) [DATA] # NTFS
E:\ -> CD-ROM Disc
F:\ -> Removable Disk # 124.94 Mo (57.95 Mo free) # FAT
G:\ -> Removable Disk # 124.94 Mo (83.83 Mo free) # FAT

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\WINDOWS\system32\ifxspmgt.exe
c:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
c:\WINDOWS\system32\IfxPsdSv.exe
C:\WINDOWS\system32\sofatnet.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\TEMP\VRT2.tmp
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\10.tmp

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\Documents and Settings\CASAM\CASAM.exe
Supprimé ! C:\WINDOWS\system32\win.exe
Supprimé ! C:\WINDOWS\system32\winjpg.jpg
Supprimé ! C:\autorun.inf
Supprimé ! C:\winfile.jpg
Supprimé ! D:\autorun.inf
Supprimé ! D:\winfile.jpg
Supprimé ! F:\autorun.inf
Supprimé ! F:\RunDll32.exe
Supprimé ! F:\winfile.jpg
Supprimé ! G:\autorun.inf
Supprimé ! G:\winfile.jpg

################## | Autres |


################## | Suspect ! ... | https://www.virustotal.com/gui/ |


################## | Registre # Clés Run infectieuses |

Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "CTFMON"
Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "regdiit"
Supprimé ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run "smsm"
Supprimé ! HKUS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run "reader_s"
Supprimé ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe
Supprimé ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe
Supprimé ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe
Supprimé ! HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe
Supprimé ! HKLM\software\microsoft\windows nt\currentversion\image file execution options\drwtsn32.exe
Supprimé ! HKLM\software\microsoft\windows nt\currentversion\image file execution options\rstrui.exe
Supprimé ! HKLM\software\microsoft\windows nt\currentversion\image file execution options\dwwin.exe
# HKLM\software\microsoft\security center "AntiVirusOverride" # -> Reset sucessfully !

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{bc17a550-2d0b-11de-a67a-0013e8f73aa1}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{d175a45e-4d26-11de-a684-0013e8f73aa1}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{e6951564-3009-11de-a67b-0013e8f73aa1}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{e6951566-3009-11de-a67b-0013e8f73aa1}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[19/01/2009 16:14|--a------|0] -> C:\AUTOEXEC.BAT
[19/01/2009 16:08|---hs----|211] -> C:\boot.ini
[19/01/2009 16:14|--a------|0] -> C:\CONFIG.SYS
[19/01/2009 16:14|-rahs----|0] -> C:\IO.SYS
[19/01/2009 16:14|-rahs----|0] -> C:\MSDOS.SYS
[01/03/2006 14:00|-rahs----|47564] -> C:\NTDETECT.COM
[19/01/2009 18:37|-rahs----|250048] -> C:\ntldr
[?|?|?] -> C:\pagefile.sys
[28/06/2009 10:20|--a------|84992] -> C:\pi.exe
[01/09/2009 18:44|--a------|348136] -> C:\ptdebug.txt
[01/09/2009 18:49|--a------|5577] -> C:\UsbFix.txt
[10/08/2009 14:09|--a------|67] -> D:\InvalidKickPlayerLog.txt
[14/12/2007 17:13|--a------|102400] -> F:\Propulsion … poudre.doc
[14/04/2008 02:12|--ah-----|46592] -> F:\MPNOTIFY.EXE
[27/06/2008 11:02|--a------|15086592] -> G:\Presentation2 aurures pol..ppt
[30/05/2009 16:48|--a------|708608] -> G:\LES CAPTEURS A CORDES VIBRANTES.ppt
[01/04/2009 22:25|--a------|1182208] -> G:\Presentation2 aurures pol2..ppt
[01/04/2009 22:42|--a------|1182208] -> G:\Presentation2 aurures pol3..ppt
[01/04/2009 22:45|--a------|7460352] -> G:\Presentation2 aurures pol1..ppt
[02/04/2009 07:50|--a------|1244] -> G:\BOOTEX.LOG
[27/05/2009 13:41|--a------|758] -> G:\tipe 2 courbe f aimant.rw3
[27/05/2009 13:41|--a------|763] -> G:\tipe 2 courbe f vibreur.rw3
[27/05/2009 13:40|--a------|787] -> G:\tipe 2 courbes superpos‚es.rw3
[27/05/2009 12:58|--a------|1007] -> G:\tipe regressi.rw3
[31/05/2009 00:39|--a------|5388066] -> G:\Les_capte..[1].pptx
[31/05/2009 00:39|--a------|128512] -> G:\Presentation1.ppt
[31/05/2009 09:00|--ah-----|165] -> G:\~$Les_capte..[1].pptx
[01/06/2009 20:36|--a------|5462528] -> G:\LES CAPTEURS A CORDES VIBRANTES 22.ppt
[03/07/2009 10:59|--a------|6214656] -> G:\LES CAPTEURS A CORDES VIBRANTES 223.ppt

################## | Cracks / Keygens / Serials |


################## | Upload |

Veuillez envoyer le fichier : C:\DOCUME~1\CASAM\Desktop\UsbFix_Upload_Me_WKST-PRET06.zip : https://www.androidworld.fr/
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.024 ! |
0
Réponse 27 / 69
Utilisateur anonyme
 
pas besoin d envoyer le fichier ;)


on va vacciner tes clé usb et disque

laisse tes clé et disque branché ...*

• Double clic sur le raccourci UsbFix présent sur ton bureau .

• Choisis l'option 3 ( Vaccination )

• Laisse travailler l'outil.

• Ensuite post le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

######

ensuite retire tes clé usb et disque dur externe et met les de coté jusqu a la fin de la désinfection

0
Réponse 28 / 69
aikakouki Messages postés 71 Date d'inscription   Statut Membre Dernière intervention   8
 
Voila :


############################## | UsbFix V6.024 |

User : CASAM (Users) # WKST-PRET06
Update on 01/09/09 by Chiquitine29, C_XX & Chimay8
Start at: 18:57:59 | 01/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Disabled

C:\ -> Local Fixed Disk # 48.83 Go (11.81 Go free) [MASTER] # NTFS
D:\ -> Local Fixed Disk # 100.22 Go (96.88 Go free) [DATA] # NTFS
E:\ -> CD-ROM Disc
F:\ -> Removable Disk # 124.94 Mo (58.11 Mo free) # FAT
G:\ -> Removable Disk # 124.94 Mo (83.94 Mo free) # FAT

################## | Vaccination |

# C:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# D:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# F:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.
# G:\autorun.inf ( # Not infected ) -> Folder created by UsbFix.

################## | ! Fin du rapport # UsbFix V6.024 ! |




Maintenant je retire mes Usb.
0
Réponse 29 / 69
Utilisateur anonyme
 
ok :

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe




-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

0
Réponse 30 / 69
aikakouki Messages postés 71 Date d'inscription   Statut Membre Dernière intervention   8
 
Je reçois un message d'alerte quand je veux lancer combofix comme quoi la version que j'ai n'ai pas la bonne et qu'il faut la télécharger depuis bleepingcomputer.com/combofix/how-to-use-combofix.

Je le fais mais je reçois encore ce message d'erreur.

Que faire ?
0
Réponse 31 / 69
Utilisateur anonyme
 
logiquement , tu dois pouvoir ignorer ce message , si c est le cas continu la mainpe
0
Réponse 32 / 69
aikakouki Messages postés 71 Date d'inscription   Statut Membre Dernière intervention   8
 
Je ne peux pas l'ignorer, a chaque fois je le re-télécharge et il y a le même message donc je ne peux pas avancer :(
0
Réponse 33 / 69
Utilisateur anonyme
 
Télécharge Dr.Web CureIt sur ton Bureau : ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe ou https://free.drweb.com/cureit/
- Double clique <drweb-cureit.exe> et ensuite clique sur <Analyse>;
- Clique <Ok> à l'invite de l'analyse rapide. S'il trouve des processus infectés alors clique le bouton <Oui>.
Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" : Quitte en cliquant le "X".
- Lorsque le scan rapide est terminé, clique sur le menu <Options> puis <Changer la configuration> ; Choisis l'onglet <Scanner>, et décoche <Analyse heuristique>. Clique ensuite sur <Ok>.
- De retour à la fenêtre principale : clique pour activer <Analyse complète>
- Clique le bouton avec flèche verte sur la droite, et le scan débutera.
- Clique <Oui> pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique "Désinfecter".
- Lorsque le scan sera complété, regarde si tu peux cliquer sur l' icône, adjacente aux fichiers détectés (plusieurs feuilles l'une sur l'autres). Si oui, alors clique dessus et ensuite clique sur l'icône <Suivant>, au dessous, et choisis <Déplacer en quarantaine l'objet indésirable>.
- Du menu principal de l'outil, au haut à gauche, clique sur le menu <Fichier> et choisis <Enregistrer le rapport>. Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv
- Ferme Dr.Web Cureit
- Redémarre ton ordi (important car certains fichiers peuvent être déplacés/réparés au redémarrage).
- Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de Dr.Web dans ta prochaine réponse.


0
Réponse 34 / 69
aikakouki Messages postés 71 Date d'inscription   Statut Membre Dernière intervention   8
 
Pas moyen d'aller sur ces liens :(

Comme pour RSIT, mon ordi me dit que le serveur est introuvable et donc je peux pas télécharger Dr Web Cureit
0
Réponse 35 / 69
Utilisateur anonyme
 
tu peux telecharger RSIT ici : http://sd-1.archive-host.com/membres/up/127028005715545653/RSIT.exe

?

0
Réponse 36 / 69
aikakouki Messages postés 71 Date d'inscription   Statut Membre Dernière intervention   8
 
oui, tu veux que je t'envoie le rapport ?
0
Réponse 37 / 69
Utilisateur anonyme
 
yes stp

0
Réponse 38 / 69
aikakouki Messages postés 71 Date d'inscription   Statut Membre Dernière intervention   8
 
Rapport log :

Logfile of random's system information tool 1.06 (written by random/random)
Run by CASAM at 2009-09-01 19:34:10
Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (24%) free of 50 GB
Total RAM: 2015 MB (63% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-05-26 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA3D342F-FF20-4E31-9E82-22334155730C}]
TBSB00982 Class - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll [2009-06-02 2695168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF21F1DB-80C6-11D3-9483-B03D0EC10000}]
Credential Manager for HP ProtectTools - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll [2006-11-21 71192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{6CD56C02-CB4D-41B5-A0FE-B479061CCB41} - Ant.com Toolbar - C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll [2009-06-02 2695168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 892928]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 749568]
"atchk"=C:\Program Files\Intel\AMT\atchk.exe [2007-05-01 404248]
"AccelerometerSysTrayApplet"=C:\WINDOWS\system32\AccelerometerSt.exe [2007-01-24 145408]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-09-14 122880]
"QlbCtrl"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2007-10-19 177456]
"PTHOSTTR"=c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
"CognizanceTS"=c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll [2003-12-22 17920]
"IFXSPMGT"=c:\WINDOWS\system32\ifxspmgt.exe [2007-02-15 677408]
""= []
"accrdsub"=c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2007-05-03 293168]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-07-12 178712]
"WatchDog"=C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2007-05-23 212992]
"StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 110592]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2004-10-06 159744]
"Network Associates Error Reporting Service"=C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe [2004-02-19 167936]
"McAfeeFireTray"=C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\Firetray.exe [2005-04-12 675840]
"ShStatEXE"=C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE [2004-09-22 94208]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 434176]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-07-13 292128]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"reader_s"=C:\WINDOWS\System32\reader_s.exe [2009-09-01 59904]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"UserFaultCheck"=C:\WINDOWS\system32\dumprep 0 -u []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"exec"=C:\WINDOWS\fonts\services.exe [2008-04-14 147456]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 35840]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1715712]
"reader_s"=C:\Documents and Settings\CASAM\reader_s.exe [2009-09-01 59904]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc]
c:\WINDOWS\system32\ackpbsc.dll [2007-05-03 112640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock]
c:\Program Files\ActivIdentity\ActivClient\acunlock.dll [2007-05-03 281088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-26 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\WINDOWS\system32\DeviceNP.dll [2007-04-30 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [2007-02-07 74240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=SbHpNp
scecli
ASWLNPkg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=FFFFFFFF
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
"C:\Program Files\Eidos\Conflict Denied Ops\ConflictDeniedOps.exe"="C:\Program Files\Eidos\Conflict Denied Ops\ConflictDeniedOps.exe:*:Enabled:Conflict: Denied Ops"
"C:\WINDOWS\Temp\VRT16.tmp"="C:\WINDOWS\Temp\VRT16.tmp:*:Enabled:installer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-09-01 19:34:10 ----D---- C:\rsit
2009-09-01 19:34:10 ----D---- C:\Program Files\trend micro
2009-09-01 19:09:45 ----A---- C:\WINDOWS\system32\14D.tmp
2009-09-01 19:09:43 ----A---- C:\WINDOWS\system32\149.tmp
2009-09-01 19:04:22 ----A---- C:\WINDOWS\system32\146.tmp
2009-09-01 19:04:17 ----A---- C:\WINDOWS\system32\142.tmp
2009-09-01 19:03:08 ----D---- C:\Qoobox
2009-09-01 19:03:08 ----A---- C:\Bug.txt
2009-09-01 18:58:00 ----RASHD---- C:\autorun.inf
2009-09-01 18:57:55 ----A---- C:\UsbFix.txt
2009-09-01 18:52:01 ----D---- C:\Documents and Settings\CASAM\Application Data\WinRAR
2009-09-01 18:46:44 ----A---- C:\WINDOWS\system32\13.tmp
2009-09-01 18:46:36 ----A---- C:\WINDOWS\system32\E.tmp
2009-09-01 18:46:11 ----D---- C:\WINDOWS\Minidump
2009-09-01 18:35:25 ----D---- C:\UsbFix
2009-09-01 18:25:59 ----A---- C:\WINDOWS\system32\2A.tmp
2009-09-01 18:25:56 ----A---- C:\WINDOWS\system32\26.tmp
2009-09-01 18:25:46 ----A---- C:\WINDOWS\system32\24.tmp
2009-09-01 18:25:39 ----D---- C:\Documents and Settings\CASAM\Application Data\Mozilla
2009-09-01 18:25:14 ----D---- C:\Program Files\Mozilla Firefox
2009-09-01 18:19:14 ----A---- C:\WINDOWS\system32\1A.tmp
2009-09-01 18:14:35 ----D---- C:\Program Files\Protection System
2009-09-01 18:14:25 ----A---- C:\WINDOWS\system32\14.tmp
2009-09-01 18:14:25 ----A---- C:\WINDOWS\system32\11.tmp
2009-09-01 18:14:21 ----A---- C:\WINDOWS\system32\A.tmp
2009-08-09 17:25:26 ----D---- C:\Program Files\GameShadow
2009-08-09 17:17:21 ----D---- C:\Program Files\Eidos
2009-08-09 17:17:19 ----A---- C:\WINDOWS\system32\xactengine2_9.dll
2009-08-09 17:17:18 ----A---- C:\WINDOWS\system32\xactengine2_8.dll
2009-08-09 17:17:18 ----A---- C:\WINDOWS\system32\x3daudio1_2.dll
2009-08-09 17:17:18 ----A---- C:\WINDOWS\system32\d3dx9_35.dll
2009-08-09 17:17:18 ----A---- C:\WINDOWS\system32\d3dx9_34.dll
2009-08-09 17:17:18 ----A---- C:\WINDOWS\system32\d3dx10_35.dll
2009-08-09 17:17:18 ----A---- C:\WINDOWS\system32\d3dx10_34.dll
2009-08-09 17:17:18 ----A---- C:\WINDOWS\system32\D3DCompiler_35.dll
2009-08-09 17:17:18 ----A---- C:\WINDOWS\system32\D3DCompiler_34.dll
2009-08-09 17:17:17 ----A---- C:\WINDOWS\system32\xinput1_3.dll
2009-08-09 17:17:16 ----A---- C:\WINDOWS\system32\xactengine2_7.dll
2009-08-09 17:17:14 ----A---- C:\WINDOWS\system32\d3dx10_33.dll
2009-08-09 17:17:14 ----A---- C:\WINDOWS\system32\D3DCompiler_33.dll
2009-08-09 17:17:12 ----A---- C:\WINDOWS\system32\xactengine2_6.dll
2009-08-09 17:17:12 ----A---- C:\WINDOWS\system32\xactengine2_5.dll
2009-08-09 17:17:12 ----A---- C:\WINDOWS\system32\xactengine2_4.dll
2009-08-09 17:17:12 ----A---- C:\WINDOWS\system32\x3daudio1_1.dll
2009-08-09 17:17:12 ----A---- C:\WINDOWS\system32\d3dx9_33.dll
2009-08-09 17:17:12 ----A---- C:\WINDOWS\system32\d3dx9_32.dll
2009-08-09 17:17:11 ----A---- C:\WINDOWS\system32\xinput1_2.dll
2009-08-09 17:17:11 ----A---- C:\WINDOWS\system32\xinput1_1.dll
2009-08-09 17:17:11 ----A---- C:\WINDOWS\system32\xactengine2_3.dll
2009-08-09 17:17:11 ----A---- C:\WINDOWS\system32\xactengine2_2.dll
2009-08-09 17:17:11 ----A---- C:\WINDOWS\system32\xactengine2_1.dll
2009-08-09 17:17:11 ----A---- C:\WINDOWS\system32\d3dx9_31.dll
2009-08-09 17:17:07 ----A---- C:\WINDOWS\system32\xactengine2_0.dll
2009-08-09 17:17:07 ----A---- C:\WINDOWS\system32\x3daudio1_0.dll
2009-08-09 17:17:07 ----A---- C:\WINDOWS\system32\d3dx9_29.dll
2009-08-09 17:17:06 ----A---- C:\WINDOWS\system32\xinput9_1_0.dll
2009-08-09 17:17:06 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-08-09 17:17:06 ----A---- C:\WINDOWS\system32\d3dx9_27.dll
2009-08-09 17:17:06 ----A---- C:\WINDOWS\system32\d3dx9_26.dll
2009-08-09 17:17:06 ----A---- C:\WINDOWS\system32\d3dx9_25.dll
2009-08-09 17:17:04 ----A---- C:\WINDOWS\system32\d3dx9_24.dll
2009-08-09 17:17:00 ----D---- C:\Program Files\OpenAL
2009-08-09 17:17:00 ----A---- C:\WINDOWS\system32\wrap_oal.dll
2009-08-09 17:17:00 ----A---- C:\WINDOWS\system32\OpenAL32.dll
2009-08-09 16:56:40 ----D---- C:\Program Files\WinRAR
2009-08-08 11:06:14 ----A---- C:\WINDOWS\system32\C.tmp
2009-08-08 11:06:02 ----A---- C:\WINDOWS\system32\6.tmp
2009-08-08 10:53:21 ----A---- C:\WINDOWS\system32\8.tmp
2009-08-08 10:53:17 ----A---- C:\WINDOWS\system32\4.tmp
2009-08-08 02:54:47 ----A---- C:\WINDOWS\system32\D.tmp
2009-08-08 02:54:45 ----A---- C:\WINDOWS\system32\B.tmp
2009-08-08 01:29:40 ----A---- C:\WINDOWS\system32\9.tmp
2009-08-08 01:29:37 ----A---- C:\WINDOWS\system32\7.tmp
2009-08-08 00:37:37 ----A---- C:\WINDOWS\system32\5.tmp
2009-08-08 00:37:22 ----A---- C:\WINDOWS\system32\3.tmp
2009-08-07 12:09:29 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-08-07 12:08:15 ----A---- C:\WINDOWS\system32\D3DX9_39.dll
2009-08-07 12:08:13 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-08-07 12:08:06 ----D---- C:\WINDOWS\Logs
2009-08-07 11:43:31 ----D---- C:\Program Files\EA SPORTS
2009-08-07 10:50:52 ----A---- C:\WINDOWS\system32\2.tmp
2009-08-07 10:27:15 ----A---- C:\WINDOWS\system32\50.tmp
2009-08-07 09:39:22 ----A---- C:\WINDOWS\system32\4C.tmp
2009-08-07 09:10:57 ----A---- C:\WINDOWS\system32\47.tmp
2009-08-07 09:10:56 ----A---- C:\WINDOWS\system32\reader_s.exe
2009-08-07 09:10:52 ----A---- C:\WINDOWS\system32\44.tmp

======List of files/folders modified in the last 1 months======

2009-09-01 19:34:10 ----D---- C:\Program Files
2009-09-01 19:33:47 ----D---- C:\TEMP
2009-09-01 19:18:41 ----D---- C:\WINDOWS\system32
2009-09-01 19:09:56 ----D---- C:\WINDOWS\Temp
2009-09-01 19:09:45 ----D---- C:\WINDOWS\system32\drivers
2009-09-01 19:01:49 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-01 18:51:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-09-01 18:49:20 ----SHD---- C:\RECYCLER
2009-09-01 18:49:13 ----D---- C:\WINDOWS\Prefetch
2009-09-01 18:46:23 ----A---- C:\WINDOWS\system32\log.txt
2009-09-01 18:46:11 ----D---- C:\WINDOWS
2009-09-01 18:44:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-01 18:44:40 ----A---- C:\ptdebug.txt
2009-09-01 18:15:15 ----RSD---- C:\WINDOWS\Fonts
2009-09-01 18:14:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-01 17:41:21 ----D---- C:\Documents and Settings\CASAM\Application Data\vlc
2009-08-22 14:48:59 ----HD---- C:\WINDOWS\inf
2009-08-14 11:49:21 ----A---- C:\WINDOWS\ModemLog_GlobeTrotter 3G+ Modem Interface.txt
2009-08-14 11:35:46 ----SHD---- C:\WINDOWS\Installer
2009-08-09 17:17:19 ----D---- C:\WINDOWS\system32\DirectX
2009-08-09 17:17:09 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-07 09:10:31 ----D---- C:\quarantine
2009-08-07 09:07:45 ----A---- C:\WINDOWS\OEWABLog.txt
2009-08-07 09:07:38 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 FireHook;McAfee Desktop Firewall; \??\C:\WINDOWS\system32\Drivers\Firehk5x.sys []
R1 FireTDI;McAfee Desktop Firewall TDI Driver; \??\C:\WINDOWS\system32\Drivers\FireTDI.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 NaiAvTdi1;NaiAvTdi1; C:\WINDOWS\system32\drivers\mvstdi5x.sys [2005-01-14 58464]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\WINDOWS\System32\drivers\psd.sys [2007-01-23 39080]
R1 RsvLock;RsvLock; C:\WINDOWS\system32\drivers\RsvLock.sys [2007-02-07 5808]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 zipqkxtfuav1;zipqkxtfuav1; C:\WINDOWS\system32\drivers\zipqkxtfuav1.sys [2009-09-01 40192]
R1 zvaxteiyk3;zvaxteiyk3; C:\WINDOWS\system32\drivers\zvaxteiyk3.sys [2009-09-01 40192]
R2 irda;IrDA Protocol; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2007-02-24 39936]
R3 Accelerometer;Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [2006-07-24 22016]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2007-10-01 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-26 2303488]
R3 ATSWPDRV;AuthenTec TruePrint USB Driver (SwipeSensor); C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys [2007-06-16 146824]
R3 BTKRNL;Enumérateur de bus Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-03-09 250776]
R3 firelm01;firelm01; \??\C:\WINDOWS\system32\drivers\firelm01.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2006-06-28 9472]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HECI;Intel(R) Management Engine Interface; C:\WINDOWS\system32\DRIVERS\HECI.sys [2007-04-06 44800]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-04-26 988032]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-04-26 210816]
R3 IFXTPM;IFXTPM; C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-01-23 36608]
R3 NETw4x32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows XP 32 bits; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-06-28 2208512]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rismc32;RICOH Smart Card Reader; C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-20 47616]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SMCIRDA;SMSC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2004-06-16 46080]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2007-09-14 213696]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-04-26 731136]
S3 DAMDrv;DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv.sys [2007-04-23 30008]
S3 GTF32BUS;GT F32 BUS; C:\WINDOWS\system32\DRIVERS\gtf32bus.sys [2005-10-03 32000]
S3 GTPTSER;GT PT SER; C:\WINDOWS\system32\DRIVERS\gtptser.sys [2005-10-03 7936]
S3 GTSCSER;GT SC SER; C:\WINDOWS\system32\DRIVERS\gtscser.sys [2005-10-03 18944]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NaiAvFilter1;NaiAvFilter1; C:\WINDOWS\system32\drivers\naiavf5x.sys [2005-01-14 108480]
S3 TSClient;Tatara Protocol Driver; C:\WINDOWS\system32\drivers\tsclient.sys [2005-10-04 27264]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-07-09 39424]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-13 73472]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 accoca;ActivClient Middleware Service; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [2007-05-03 182576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-07-09 144712]
R2 ASBroker;Logon Session Broker; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ASChannel;Local Communication Channel; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 atchksrv;Intel(R) Active Management Technology System Status Service; C:\Program Files\Intel\AMT\atchksrv.exe [2007-05-01 183064]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-26 483328]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 EvdoServer;EvdoServer; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 FireSvc;McAfee Desktop Firewall Service; C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\FireSvc.exe [2005-04-12 766011]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-03-11 208896]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 155648]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-07-12 354840]
R2 IFXSpMgtSrv;Security Platform Management Service; c:\WINDOWS\system32\ifxspmgt.exe [2007-02-15 677408]
R2 IFXTCS;Trusted Platform Core Service; c:\WINDOWS\system32\ifxtcs.exe [2007-01-23 849440]
R2 Irmon;Infrared Monitor; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files\Intel\AMT\LMS.exe [2007-05-01 121624]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2004-10-06 102463]
R2 McTaskManager;Network Associates Task Manager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [2004-09-22 28672]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 PersonalSecureDriveService;Personal Secure Drive service; c:\WINDOWS\system32\IfxPsdSv.exe [2007-02-15 140832]
R2 sofatnet;sofatnet Service; C:\WINDOWS\system32\sofatnet.exe [2006-03-01 114688]
R2 UNS;Intel(R) Active Management Technology User Notification Service; C:\Program Files\Intel\AMT\UNS.exe [2007-05-01 1489688]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\WINDOWS\system32\flcdlock.exe [2007-04-30 172131]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-07-13 542496]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------


Rapport info :

info.txt logfile of random's system information tool 1.06 2009-09-01 19:34:20

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{69333A04-5134-40A5-A055-9166A7AA1EC8}\setup.exe -runfromtemp -l0x0009 -removeonly
-->MsiExec.exe /I{977FBE6C-AE9A-4429-B249-814F0B3A4CB1}
-->MsiExec.exe /I{AEB9948B-4FF2-47C9-990E-47014492A0FE}
-->MsiExec.exe /I{EC2ADB7C-8A45-40C9-BFD1-18F22D9A7DF5}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ActivClient 6.1 x86-->MsiExec.exe /I{AC194855-F7AC-4D04-B4C9-07BA46FCB697}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Age of Mythology - The Titans Expansion-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTXP.EXE" /runtemp /addremove
Age of Mythology-->"C:\Program Files\Microsoft Games\Age of Mythology\UNINSTAL.EXE" /runtemp /addremove
ALShow-->"C:\Program Files\ESTsoft\ALShow\unins000.exe"
ALZip-->"C:\Program Files\ALZip\unins000.exe"
Ant.com Toolbar-->regsvr32 /u /s "C:\Program Files\Antbar\Ant.com Toolbar\tbcore3.dll"
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AuthenTec Fingerprint Sensor Minimum Install-->MsiExec.exe /I{EB4DF30B-102B-4F0C-927A-D50E037A325D}
BIOS Configuration for HP ProtectTools-->MsiExec.exe /X{617093CF-0B62-4B8B-87D0-DB8FD2A5156B}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Catalyst Control Center - Branding-->MsiExec.exe /I{3F93B2BA-18EC-462B-9ACD-396599353EE1}
Citrix Presentation Server Client - Web Only-->MsiExec.exe /X{23E8D2D6-F7C8-4A35-816C-6C914EE0A601}
Conflict Denied Ops-->MsiExec.exe /X{EE4BA4C3-6DE4-404C-9B69-A84709BED752}
Credential Manager for HP ProtectTools-->MsiExec.exe /X{377E3D59-C8FB-4E16-B3D1-E1D92D30DA00}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Device Access Manager for HP ProtectTools-->MsiExec.exe /X{55B52830-024A-443E-AF61-61E1E71AFA1B}
Drive Encryption for HP ProtectTools-->MsiExec.exe /X{1CF925D3-1E33-4447-889B-0751D2CF886D}
Embedded Security for HP ProtectTools-->MsiExec.exe /I{20A1D306-CE83-492A-8525-D6DF50B5944A}
GameShadow-->MsiExec.exe /I{16393B5A-43A8-434B-B22A-0724581F7873}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows Movie Maker (KB892312)-->"C:\WINDOWS\$NtUninstallKB892312$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP 3D DriveGuard-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{429E92A4-159F-4AEC-85A1-D693E1E4274D}\Setup.exe" -l0x9 UNINSTALL
HP Integrated Module with Bluetooth wireless technology-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
HP ProtectTools Security Manager-->MsiExec.exe /I{2DB165DC-DDB4-403F-B985-19F3EC7D0357}
HP Quick Launch Buttons 6.30 F1-->C:\Program Files\InstallShield Installation Information\{34D2AB40-150D-475D-AE32-BD23FB5EE355}\Setup.exe -runfromtemp -l0x0009 -removeonly uninst
HumanConcepts OrgPlus 6 Reader-->MsiExec.exe /I{43C66F26-EC2F-404D-B2DD-421FF26E3278}
INDEX EDUCATION - ProfNOTE 2008-->C:\Program Files\InstallShield Installation Information\{5DD31E03-4843-4352-9F8B-919430E80C98}\setup.exe -runfromtemp -l0x040c -uninst -removeonly
Intel(R) Active Management Technology Device Software-->C:\WINDOWS\system32\mesoludlg.exe -uninstall
Intel(R) Management Engine Interface-->C:\WINDOWS\system32\heciudlg.exe -uninstall
Intel(R) Matrix Storage Manager-->C:\WINDOWS\System32\Imsmudlg.exe
Intel(R) PRO Network Connections Drivers-->Prounstl.exe
InterVideo DVD Check-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5D97A4A7-C274-4B63-86D9-07A33435F505}\setup.exe" REMOVEALL
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java Card Security for HP ProtectTools-->MsiExec.exe /I{77130095-2039-424F-A633-4FAF0261258A}
LFP MANAGER 09-->C:\Program Files\EA SPORTS\LFP MANAGER 09\eauninstall.exe
McAfee Desktop Firewall 8.5-->"C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows XP\McAfeefire.exe" addremove
McAfee VirusScan Enterprise-->MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
OpenAL-->"C:\Program Files\OpenAL\oalinst.exe" /U
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RICOH R5C853 Driver WXP Ver.1.01.05-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -l0x9 anything
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpqZ3795\UIU32m.exe -U -IhpqZ3795.inf
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x9 -removeonly
SUPER © Version 2009.bld.35 (Jan 5, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
UsbFix-->C:\UsbFix\Uninstal.exe
Video Converter Studio V2.1.0-->"C:\Program Files\Apowersoft\Video Converter Studio\unins000.exe"
VLC media player 1.0.0-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vodafone Mobile Connect-->MsiExec.exe /I{7F3616A3-7CD8-493A-9F77-08DF469DE730}
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"

======Hosts File======

127.0.0.1 jL.chura.pl

======System event log======

Computer Name: WKST-PRET06
Event Code: 10000
Message: Unable to start a DCOM Server: {5E248397-8614-4EC5-8926-BD242DC9830A}.
The error:
"%2"
Happened while starting this command:
"c:\Program Files\ActivIdentity\ActivClient\acevents.exe" -Embedding

Record Number: 2825
Source Name: DCOM
Time Written: 20090816160559.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: WKST-PRET06
Event Code: 240
Message: A request to suspend power was denied by winlogon.exe.

Record Number: 2797
Source Name: Win32k
Time Written: 20090816102534.000000+120
Event Type: warning
User:

Computer Name: WKST-PRET06
Event Code: 240
Message: A request to suspend power was denied by ati2evxx.exe.

Record Number: 2663
Source Name: Win32k
Time Written: 20090815210021.000000+120
Event Type: warning
User:

Computer Name: WKST-PRET06
Event Code: 240
Message: A request to suspend power was denied by ati2evxx.exe.

Record Number: 2662
Source Name: Win32k
Time Written: 20090815205506.000000+120
Event Type: warning
User:

Computer Name: WKST-PRET06
Event Code: 240
Message: A request to suspend power was denied by Manager09.exe.

Record Number: 2594
Source Name: Win32k
Time Written: 20090815140011.000000+120
Event Type: warning
User:

=====Application event log=====

Computer Name: WKST-PRET06
Event Code: 2001
Message: [UNS] Failed to get EAC Status.


Record Number: 22
Source Name: Intel(R) AMT
Time Written: 20090808105224.000000+120
Event Type: warning
User:

Computer Name: WKST-PRET06
Event Code: 2
Message: LMS Service lost connection to HECI driver

Record Number: 12
Source Name: LMS
Time Written: 20090808032806.000000+120
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: WKST-PRET06
Event Code: 2002
Message: [UNS] Failed to subscribe to local Intel(R) AMT.


Record Number: 11
Source Name: Intel(R) AMT
Time Written: 20090808003648.000000+120
Event Type: error
User:

Computer Name: WKST-PRET06
Event Code: 2001
Message: [UNS] Failed to get EAC Status.


Record Number: 10
Source Name: Intel(R) AMT
Time Written: 20090808003643.000000+120
Event Type: warning
User:

Computer Name: WKST-PRET06
Event Code: 2002
Message: [UNS] Failed to subscribe to local Intel(R) AMT.


Record Number: 9
Source Name: Intel(R) AMT
Time Written: 20090808003643.000000+120
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\Hewlett-Packard\IAM\bin;c:\Program Files\ActivIdentity\ActivClient\;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\ALZip\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0b
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip

-----------------EOF-----------------
0
Réponse 39 / 69
Utilisateur anonyme
 
▶ Télécharge OTM de OldTimer sur ton Bureau.

• Double-clique sur OTM.exe afin de le lancer.

• Copie (Ctrl+C) le texte suivant ci-dessous :



:processes
explorer.exe
reader_s.exe
C:\WINDOWS\fonts\services.exe



:files
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\fonts\services.exe
C:\WINDOWS\system32\*.tmp
%userprofile%\reader_s.exe

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"exec"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio­n\Run]
"reader_s"=-
"Regedit32"=-

:commands
[emptytemp]
[reboot]



• Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

• Clique maintenant sur le bouton MoveIt! puis ferme OTM.

▶ Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
▶ Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

0
Réponse 40 / 69
aikakouki Messages postés 71 Date d'inscription   Statut Membre Dernière intervention   8
 
Voila :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named reader_s.exe was found!
No active process named C:\WINDOWS\fonts\services.exe was found!
========== FILES ==========
C:\WINDOWS\System32\reader_s.exe moved successfully.
C:\WINDOWS\fonts\services.exe moved successfully.
C:\WINDOWS\system32\11.tmp moved successfully.
C:\WINDOWS\system32\13.tmp moved successfully.
C:\WINDOWS\system32\14.tmp moved successfully.
C:\WINDOWS\system32\142.tmp moved successfully.
C:\WINDOWS\system32\146.tmp moved successfully.
C:\WINDOWS\system32\149.tmp moved successfully.
C:\WINDOWS\system32\14D.tmp moved successfully.
C:\WINDOWS\system32\1A.tmp moved successfully.
C:\WINDOWS\system32\2.tmp moved successfully.
C:\WINDOWS\system32\24.tmp moved successfully.
C:\WINDOWS\system32\26.tmp moved successfully.
C:\WINDOWS\system32\2A.tmp moved successfully.
C:\WINDOWS\system32\3.tmp moved successfully.
C:\WINDOWS\system32\4.tmp moved successfully.
C:\WINDOWS\system32\44.tmp moved successfully.
C:\WINDOWS\system32\47.tmp moved successfully.
C:\WINDOWS\system32\4C.tmp moved successfully.
C:\WINDOWS\system32\5.tmp moved successfully.
C:\WINDOWS\system32\50.tmp moved successfully.
C:\WINDOWS\system32\6.tmp moved successfully.
C:\WINDOWS\system32\7.tmp moved successfully.
C:\WINDOWS\system32\8.tmp moved successfully.
C:\WINDOWS\system32\9.tmp moved successfully.
C:\WINDOWS\system32\A.tmp moved successfully.
C:\WINDOWS\system32\B.tmp moved successfully.
C:\WINDOWS\system32\C.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\D.tmp moved successfully.
C:\WINDOWS\system32\E.tmp moved successfully.
C:\Documents and Settings\CASAM\reader_s.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\exec deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio­n\Run not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio­n\Run not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 151974 bytes

User: All Users

User: CASAM
->Temp folder emptied: 10360532 bytes
File delete failed. C:\Documents and Settings\CASAM\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 43883341 bytes
->FireFox cache emptied: 37089916 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 504722 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: Rémi
->Temp folder emptied: 1453188420 bytes
->Temporary Internet Files folder emptied: 966509 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2216479 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\bnnnpuhfvx.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mta48153.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\vdfuaxucsvel.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 1160192 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1477.80 mb


OTM by OldTimer - Version 3.0.0.6 log created on 09012009_194951

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\bnnnpuhfvx.tmp scheduled to be moved on reboot.
C:\WINDOWS\temp\mta48153.dll unregistered successfully.
C:\WINDOWS\temp\mta48153.dll moved successfully.
File move failed. C:\WINDOWS\temp\vdfuaxucsvel.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...
0

Discussions similaires

mail rejeté
biljp -
biljp -

7 réponses
To Be Filled By O.E.M...
xav|865 -
Bus!ll!s -

3 réponses
SHOESBYIARA est ce une arnaque Svpp????
Anais -
Scarlett -

13 réponses
Comment voir les commentaires d'une personne sur Facebook ?
elbarto -
Mounii -

8 réponses
ads by images+
Fildyr -
bazfile -

5 réponses