Virus qui bloque les sites antivir, le retour
Fermé
antoine136
Messages postés
44
Date d'inscription
mardi 16 juin 2009
Statut
Membre
Dernière intervention
13 septembre 2009
-
2 sept. 2009 à 18:39
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 14 sept. 2009 à 14:17
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 14 sept. 2009 à 14:17
A voir également:
- Virus qui bloque les sites antivir, le retour
- Meilleurs sites de téléchargement - Accueil - Outils
- Code puk bloqué - Guide
- Sites de vente d'occasion - Guide
- Site qui remplace coco - Accueil - Réseaux sociaux
- Pavé tactile bloqué - Guide
54 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
2 sept. 2009 à 18:45
2 sept. 2009 à 18:45
slt
lance dr web et colle un rapport avec:
https://www.commentcamarche.net/telecharger/securite/7749-dr-web-cureit/
lance dr web et colle un rapport avec:
https://www.commentcamarche.net/telecharger/securite/7749-dr-web-cureit/
antoine136
Messages postés
44
Date d'inscription
mardi 16 juin 2009
Statut
Membre
Dernière intervention
13 septembre 2009
7 sept. 2009 à 13:32
7 sept. 2009 à 13:32
bonjour et merci de ta reponse
voici le rapport drweb
[Scanner un chemin] E:\
-----------------------------------------------------------------------------
Statistiques d'analyse
-----------------------------------------------------------------------------
Objets scannés: 878091
Objets infectés: 0
Objets ayant été modifiés: 0
Objets suspects: 0
Adwares détectés: 0
Dialers détectés: 0
Canulars détectés: 0
Riskwares détectés: 0
Hacktools détectés: 1
Désinfecté: 0
Supprimé: 0
Renommé: 0
Déplacé en quarantaine: 0
Ignoré: 0
Vitesse du scan: 5 Kb/s
Durée d'analyse: 20:19:34
-----------------------------------------------------------------------------
C:\SDFix\apps\Process.exe - irréparable - supprimé
=============================================================================
Statistiques totales de la session
=============================================================================
Objets scannés: 880511
Objets infectés: 0
Objets ayant été modifiés: 0
Objets suspects: 0
Adwares détectés: 0
Dialers détectés: 0
Canulars détectés: 0
Riskwares détectés: 0
Hacktools détectés: 1
Désinfecté: 0
Supprimé: 1
Renommé: 0
Déplacé en quarantaine: 0
Ignoré: 0
Vitesse du scan: 13 Kb/s
Durée d'analyse: 20:30:42
=============================================================================
voici le rapport drweb
[Scanner un chemin] E:\
-----------------------------------------------------------------------------
Statistiques d'analyse
-----------------------------------------------------------------------------
Objets scannés: 878091
Objets infectés: 0
Objets ayant été modifiés: 0
Objets suspects: 0
Adwares détectés: 0
Dialers détectés: 0
Canulars détectés: 0
Riskwares détectés: 0
Hacktools détectés: 1
Désinfecté: 0
Supprimé: 0
Renommé: 0
Déplacé en quarantaine: 0
Ignoré: 0
Vitesse du scan: 5 Kb/s
Durée d'analyse: 20:19:34
-----------------------------------------------------------------------------
C:\SDFix\apps\Process.exe - irréparable - supprimé
=============================================================================
Statistiques totales de la session
=============================================================================
Objets scannés: 880511
Objets infectés: 0
Objets ayant été modifiés: 0
Objets suspects: 0
Adwares détectés: 0
Dialers détectés: 0
Canulars détectés: 0
Riskwares détectés: 0
Hacktools détectés: 1
Désinfecté: 0
Supprimé: 1
Renommé: 0
Déplacé en quarantaine: 0
Ignoré: 0
Vitesse du scan: 13 Kb/s
Durée d'analyse: 20:30:42
=============================================================================
antoine136
Messages postés
44
Date d'inscription
mardi 16 juin 2009
Statut
Membre
Dernière intervention
13 septembre 2009
8 sept. 2009 à 09:18
8 sept. 2009 à 09:18
bonjour
je viens de m'apercevoir de nouveaux problemes : de nombreux programmes qui se lancent au demarrage ne se lancent plus, comme par exemple daemon : "error : engine loading was failed"
quelqu'un aurait il une idee ?
merci d'avance
je viens de m'apercevoir de nouveaux problemes : de nombreux programmes qui se lancent au demarrage ne se lancent plus, comme par exemple daemon : "error : engine loading was failed"
quelqu'un aurait il une idee ?
merci d'avance
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
8 sept. 2009 à 14:21
8 sept. 2009 à 14:21
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
______________________
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
antoine136
Messages postés
44
Date d'inscription
mardi 16 juin 2009
Statut
Membre
Dernière intervention
13 septembre 2009
8 sept. 2009 à 14:28
8 sept. 2009 à 14:28
merci beaucoup ! je fais tout ca et te tiens au courant
antoine136
Messages postés
44
Date d'inscription
mardi 16 juin 2009
Statut
Membre
Dernière intervention
13 septembre 2009
8 sept. 2009 à 23:01
8 sept. 2009 à 23:01
bon evidemment le telechargement de ces 2 applis est bloqué
je te tiens au courant des que j'ai pu passer par un autre ordi
je te tiens au courant des que j'ai pu passer par un autre ordi
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
9 sept. 2009 à 09:22
9 sept. 2009 à 09:22
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
antoine136
Messages postés
44
Date d'inscription
mardi 16 juin 2009
Statut
Membre
Dernière intervention
13 septembre 2009
9 sept. 2009 à 12:32
9 sept. 2009 à 12:32
voici deja les resultats pour malwarebyte et RSIT :
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2551
Windows 6.0.6001 Service Pack 1
09/09/2009 12:08:38
mbam-log-2009-09-09 (12-08-38).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 286280
Temps écoulé: 2 hour(s), 29 minute(s), 27 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 18
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
c:\Windows\System32\evdoserver.dll (Backdoor.Bot) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\evdoserver (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\evdoserver (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evdoserver (Backdoor.Bot) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mEv (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\Windows\System32\evdoserver.dll (Backdoor.Bot) -> Delete on reboot.
C:\Windows\System32\dvdpaly.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\wiwow64.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0C7A2Q73\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LYG7QH8\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LYG7QH8\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LYG7QH8\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LGRJGI8\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LGRJGI8\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9VZ2QE0N\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\t4m0_135458861182.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\t4m0_334173785710.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\t4m0_404057735676.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\VRTA33D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\VRTB29F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\VRTC0F0.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2551
Windows 6.0.6001 Service Pack 1
09/09/2009 12:08:38
mbam-log-2009-09-09 (12-08-38).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 286280
Temps écoulé: 2 hour(s), 29 minute(s), 27 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 18
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
c:\Windows\System32\evdoserver.dll (Backdoor.Bot) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\evdoserver (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\evdoserver (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\evdoserver (Backdoor.Bot) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mEv (Malware.Trace) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
c:\Windows\System32\evdoserver.dll (Backdoor.Bot) -> Delete on reboot.
C:\Windows\System32\dvdpaly.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\wiwow64.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0C7A2Q73\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LYG7QH8\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LYG7QH8\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1LYG7QH8\w[3].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LGRJGI8\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2LGRJGI8\w[2].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9VZ2QE0N\w[1].bin (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\t4m0_135458861182.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\t4m0_334173785710.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\t4m0_404057735676.bk.old (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\VRTA33D.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\VRTB29F.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\Temp\VRTC0F0.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\FInstall.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Windows\System32\wiawow32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
antoine136
Messages postés
44
Date d'inscription
mardi 16 juin 2009
Statut
Membre
Dernière intervention
13 septembre 2009
9 sept. 2009 à 12:32
9 sept. 2009 à 12:32
Logfile of random's system information tool 1.06 (written by random/random)
Run by Peyo at 2009-09-09 12:16:30
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 10 GB (6%) free of 165 GB
Total RAM: 3070 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:12, on 09/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Symantec Shared\NPC\npcLUStb.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Symantec\LiveUpdate\luall.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Peyo\Desktop\RSIT.exe
C:\Users\Peyo\Desktop\downloads\hijackthis\Peyo.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail?u=http%253A//webtv.guidetv.orange.fr/home.do%253Bjsessionid%253D4A54D5011736D1E0B9E3E63EF7CEDA13.otv-as04a
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AsInstCD] C:\Preload\Patch\ASINST.EXE /inst
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ter8m] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ter8m] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #2] C:\Program Files\Windows Sidebar\sidebar.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ter8m] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Application Restart #2] C:\Program Files\Windows Sidebar\sidebar.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_8971.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ADSM Service ADSMServiceAeLookupSvc (ADSMServiceAeLookupSvc) - Unknown owner - C:\Windows\TEMP\ghrhrneony.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: sofatnet Service (sofatnet) - Sigma Designs In - C:\Windows\system32\sofatnet.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
Run by Peyo at 2009-09-09 12:16:30
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 10 GB (6%) free of 165 GB
Total RAM: 3070 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:17:12, on 09/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Symantec Shared\NPC\npcLUStb.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Symantec\LiveUpdate\luall.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Peyo\Desktop\RSIT.exe
C:\Users\Peyo\Desktop\downloads\hijackthis\Peyo.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail?u=http%253A//webtv.guidetv.orange.fr/home.do%253Bjsessionid%253D4A54D5011736D1E0B9E3E63EF7CEDA13.otv-as04a
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [AsInstCD] C:\Preload\Patch\ASINST.EXE /inst
O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ter8m] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [ter8m] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #2] C:\Program Files\Windows Sidebar\sidebar.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ter8m] RUNDLL32.EXE C:\Windows\TEMP\msxm192z.dll,w (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Application Restart #2] C:\Program Files\Windows Sidebar\sidebar.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_8971.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ADSM Service ADSMServiceAeLookupSvc (ADSMServiceAeLookupSvc) - Unknown owner - C:\Windows\TEMP\ghrhrneony.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: sofatnet Service (sofatnet) - Sigma Designs In - C:\Windows\system32\sofatnet.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
antoine136
Messages postés
44
Date d'inscription
mardi 16 juin 2009
Statut
Membre
Dernière intervention
13 septembre 2009
9 sept. 2009 à 12:32
9 sept. 2009 à 12:32
info.txt logfile of random's system information tool 1.06 2009-09-09 12:17:30
======Uninstall list======
-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{74224F8D-4A17-4816-9EDB-7BB854DE532C}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->C:\Program Files\Common Files\Adobe\Installers\1710d324011afc3e7658e969025f4ba\Setup.exe --uninstall=1
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x040c -removeonly
ASUS Data Security Manager-->C:\Program Files\InstallShield Installation Information\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}\Setup.exe -runfromtemp -l0x040c -removeonly
ASUS LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\Setup.exe" -l0x9
ASUS MultiFrame-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\Setup.exe" -l0x9
ASUS Power4Gear eXtreme-->MsiExec.exe /I{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}
ASUS SmartLogon-->MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5}
ASUS Splendid Video Enhancement Technology-->MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D}
ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\Setup.exe -runfromtemp -l0x040c -removeonly
ATK Hotkey-->MsiExec.exe /I{7C05592D-424B-46CB-B505-E0013E8E75C9}
ATK Media-->MsiExec.exe /I{D1E5870E-E3E5-4475-98A6-ADD614524ADF}
ATKOSD2-->MsiExec.exe /I{3B05F2FB-745B-4012-ADF2-439F36B2E70B}
BetClic Poker-->C:\PROGRA~1\BETCLI~1\UNWISE.EXE C:\PROGRA~1\BETCLI~1\INSTALL.LOG
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Brothers in Arms: Hell's Highway-->C:\Program Files\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\uninst.exe
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dolby Control Center-->MsiExec.exe /I{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}
Express Gate-->MsiExec.exe /X{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}
Free Mp3 Wma Converter V 1.81-->"C:\Program Files\Free Audio Pack\unins000.exe"
FujiFilm Photogénie 2.3-->"C:\Program Files\FujiFilm\Photogénie\unins000.exe"
HijackThis 2.0.2-->"C:\Users\Peyo\Desktop\downloads\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
ITECIR-->C:\Program Files\InstallShield Installation Information\{40580068-9B10-40B5-9548-536CE88AB23C}\SETUP.EXE -runfromtemp -l0x040c -removeonly
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
K-Lite Codec Pack 4.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
M50_screensaver-->C:\Windows\system32\M50_screensaver.scr /u
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mount&Blade-->C:\Program Files\Mount&Blade\uninstall.exe
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\Setup.exe" -l0x9
Net4Switch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D6D7811-43B3-463C-BC79-5D1755269989}\Setup.exe" -l0x9
Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\SETUP.EXE" /X
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.04.25-->MsiExec.exe /X{74224F8D-4A17-4816-9EDB-7BB854DE532C}
OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
Orange WebTV Player 1.28971-->"C:\Program Files\Orange\Orange WebTV Player\unins000.exe"
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photo Service Edition-->"C:\Program Files\Photo Service Edition\unins000.exe"
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Quick Zip 4.60.019-->"C:\Program Files\QuickZip4\unins000.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03-->"C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -runfromtemp -l0x040c anything -removeonly
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spotify-->"C:\Program Files\Spotify\uninstall.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Godfather™ The Game-->C:\Program Files\Electronic Arts\The Godfather The Game\EAUninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
USB2.0 UVC 1.3M WebCam-->C:\Windows\snuninst.exe /name='USB2.0 UVC 1.3M WebCam'
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\Setup.exe" -l0x9
Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\Setup.exe -runfromtemp -l0x040c -removeonly
XnView 1.96.2-->"C:\Program Files\XnView\unins000.exe"
======Security center information======
AV: Norton Internet Security (outdated)
FW: Norton Internet Security
AS: Windows Defender
AS: Norton Internet Security (outdated)
======System event log======
Computer Name: PC-de-Peyo
Event Code: 225
Message: L’application \Device\HarddiskVolume1\Windows\explorer.exe avec l’ID de processus 1876 a arrêté le retrait ou l’éjection pour le périphérique USB\VID_05AC&PID_120A\000A2700124520EB.
Record Number: 49667
Source Name: Microsoft-Windows-Kernel-PnP
Time Written: 20090908232919.801000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-Peyo
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 49680
Source Name: Tcpip
Time Written: 20090909015159.776000-000
Event Type: Avertissement
User:
Computer Name: PC-de-Peyo
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 49711
Source Name: Tcpip
Time Written: 20090909071934.867000-000
Event Type: Avertissement
User:
Computer Name: PC-de-Peyo
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 49752
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090909101218.828736-000
Event Type: Erreur
User:
Computer Name: PC-de-Peyo
Event Code: 1001
Message: L’initialisation de l’application a échoué. Dernière erreur : 0x80070032
Record Number: 49854
Source Name: Microsoft-Windows-LanguagePackSetup
Time Written: 20090909101611.693536-000
Event Type: Erreur
User: AUTORITE NT\SYSTEM
=====Application event log=====
Computer Name: PC-de-Peyo
Event Code: 1000
Message: Application défaillante regedit.exe, version 6.0.6001.18000, horodatage 0xc849bfb9, module défaillant regedit.exe, version 6.0.6001.18000, horodatage 0xc849bfb9, code d’exception 0xc0000005, décalage d’erreur 0x00068d2b, ID du processus 0x2c64, heure de début de l’application 0x01ca313572e04ad0.
Record Number: 3096530
Source Name: Application Error
Time Written: 20090909100816.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Peyo
Event Code: 1000
Message: Application défaillante wiwow64.exe, version 1.2.10066.0, horodatage 0xc849bfb9, module défaillant wiwow64.exe, version 1.2.10066.0, horodatage 0xc849bfb9, code d’exception 0xc0000005, décalage d’erreur 0x00025b4b, ID du processus 0x2bd8, heure de début de l’application 0x01ca3135a350a700.
Record Number: 3096531
Source Name: Application Error
Time Written: 20090909100939.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Peyo
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 3096562
Source Name: Microsoft-Windows-WMI
Time Written: 20090909101322.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Peyo
Event Code: 1000
Message: Application défaillante daemon.exe, version 4.30.4.27, horodatage 0xc849bfb9, module défaillant daemon.exe, version 4.30.4.27, horodatage 0xc849bfb9, code d’exception 0xc0000005, décalage d’erreur 0x0001687f, ID du processus 0xf78, heure de début de l’application 0x01ca31365b2fa064.
Record Number: 3096572
Source Name: Application Error
Time Written: 20090909101556.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Peyo
Event Code: 1000
Message: Application défaillante soffice.exe, version 3.1.9398.500, horodatage 0xc849bfb9, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, code d’exception 0xc0000005, décalage d’erreur 0x00000000, ID du processus 0xd78, heure de début de l’application 0x01ca313682784464.
Record Number: 3096573
Source Name: Application Error
Time Written: 20090909101556.000000-000
Event Type: Erreur
User:
=====Security event log=====
Computer Name: PC-de-Peyo
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.
Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 5164
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090909101709.030536-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Peyo
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.
Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 5165
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090909101709.060536-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Peyo
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.
Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 5166
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090909101709.090536-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Peyo
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.
Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 5167
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090909101709.124536-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Peyo
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.
Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 5168
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090909101709.152536-000
Event Type: Échec de l'audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"configsetroot"=%SystemRoot%\ConfigSetRoot
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
======Uninstall list======
-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->MsiExec /X{74224F8D-4A17-4816-9EDB-7BB854DE532C}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->C:\Program Files\Common Files\Adobe\Installers\1710d324011afc3e7658e969025f4ba\Setup.exe --uninstall=1
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Apple Mobile Device Support-->MsiExec.exe /I{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x040c -removeonly
ASUS Data Security Manager-->C:\Program Files\InstallShield Installation Information\{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}\Setup.exe -runfromtemp -l0x040c -removeonly
ASUS LifeFrame3-->MsiExec.exe /I{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}
ASUS Live Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}\Setup.exe" -l0x9
ASUS MultiFrame-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D48531D-2135-49FC-BC29-ACCDA5396A76}\Setup.exe" -l0x9
ASUS Power4Gear eXtreme-->MsiExec.exe /I{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}
ASUS SmartLogon-->MsiExec.exe /I{64452561-169F-4A36-A2FF-B5E118EC65F5}
ASUS Splendid Video Enhancement Technology-->MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D}
ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
ATK Generic Function Service-->C:\Program Files\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\Setup.exe -runfromtemp -l0x040c -removeonly
ATK Hotkey-->MsiExec.exe /I{7C05592D-424B-46CB-B505-E0013E8E75C9}
ATK Media-->MsiExec.exe /I{D1E5870E-E3E5-4475-98A6-ADD614524ADF}
ATKOSD2-->MsiExec.exe /I{3B05F2FB-745B-4012-ADF2-439F36B2E70B}
BetClic Poker-->C:\PROGRA~1\BETCLI~1\UNWISE.EXE C:\PROGRA~1\BETCLI~1\INSTALL.LOG
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Brothers in Arms: Hell's Highway-->C:\Program Files\Ubisoft\Gearbox Software\Brothers in Arms - Hell's Highway\Binaries\uninst.exe
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Dolby Control Center-->MsiExec.exe /I{DE66EFAD-B9CC-4FD4-9157-6C18E5100161}
Express Gate-->MsiExec.exe /X{2862A3C1-0CD9-4D8B-A28C-8C337D4DD5EB}
Free Mp3 Wma Converter V 1.81-->"C:\Program Files\Free Audio Pack\unins000.exe"
FujiFilm Photogénie 2.3-->"C:\Program Files\FujiFilm\Photogénie\unins000.exe"
HijackThis 2.0.2-->"C:\Users\Peyo\Desktop\downloads\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe
ITECIR-->C:\Program Files\InstallShield Installation Information\{40580068-9B10-40B5-9548-536CE88AB23C}\SETUP.EXE -runfromtemp -l0x040c -removeonly
iTunes-->MsiExec.exe /I{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
K-Lite Codec Pack 4.9.5 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "C:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
M50_screensaver-->C:\Windows\system32\M50_screensaver.scr /u
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mount&Blade-->C:\Program Files\Mount&Blade\uninstall.exe
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NB Probe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}\Setup.exe" -l0x9
Net4Switch-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D6D7811-43B3-463C-BC79-5D1755269989}\Setup.exe" -l0x9
Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\SETUP.EXE" /X
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers-->C:\Windows\system32\nvuninst.exe UninstallGUI
NVIDIA PhysX v8.04.25-->MsiExec.exe /X{74224F8D-4A17-4816-9EDB-7BB854DE532C}
OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
Orange WebTV Player 1.28971-->"C:\Program Files\Orange\Orange WebTV Player\unins000.exe"
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photo Service Edition-->"C:\Program Files\Photo Service Edition\unins000.exe"
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Quick Zip 4.60.019-->"C:\Program Files\QuickZip4\unins000.exe"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03-->"C:\Program Files\InstallShield Installation Information\{59F6A514-9813-47A3-948C-8A155460CC2A}\setup.exe" -runfromtemp -l0x040c anything -removeonly
Skype™ 4.0-->MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
Spotify-->"C:\Program Files\Spotify\uninstall.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
Symantec Real Time Storage Protection Component-->MsiExec.exe /I{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Godfather™ The Game-->C:\Program Files\Electronic Arts\The Godfather The Game\EAUninstall.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
USB2.0 UVC 1.3M WebCam-->C:\Windows\snuninst.exe /name='USB2.0 UVC 1.3M WebCam'
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VLC media player 0.9.9-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinFlash-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DE10AB76-4756-4913-BE25-55D1C1051F9A}\Setup.exe" -l0x9
Wireless Console 2-->C:\Program Files\InstallShield Installation Information\{83F73CB1-7705-49D1-9852-84D839CA2A45}\Setup.exe -runfromtemp -l0x040c -removeonly
XnView 1.96.2-->"C:\Program Files\XnView\unins000.exe"
======Security center information======
AV: Norton Internet Security (outdated)
FW: Norton Internet Security
AS: Windows Defender
AS: Norton Internet Security (outdated)
======System event log======
Computer Name: PC-de-Peyo
Event Code: 225
Message: L’application \Device\HarddiskVolume1\Windows\explorer.exe avec l’ID de processus 1876 a arrêté le retrait ou l’éjection pour le périphérique USB\VID_05AC&PID_120A\000A2700124520EB.
Record Number: 49667
Source Name: Microsoft-Windows-Kernel-PnP
Time Written: 20090908232919.801000-000
Event Type: Avertissement
User: AUTORITE NT\SYSTEM
Computer Name: PC-de-Peyo
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 49680
Source Name: Tcpip
Time Written: 20090909015159.776000-000
Event Type: Avertissement
User:
Computer Name: PC-de-Peyo
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 49711
Source Name: Tcpip
Time Written: 20090909071934.867000-000
Event Type: Avertissement
User:
Computer Name: PC-de-Peyo
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 49752
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20090909101218.828736-000
Event Type: Erreur
User:
Computer Name: PC-de-Peyo
Event Code: 1001
Message: L’initialisation de l’application a échoué. Dernière erreur : 0x80070032
Record Number: 49854
Source Name: Microsoft-Windows-LanguagePackSetup
Time Written: 20090909101611.693536-000
Event Type: Erreur
User: AUTORITE NT\SYSTEM
=====Application event log=====
Computer Name: PC-de-Peyo
Event Code: 1000
Message: Application défaillante regedit.exe, version 6.0.6001.18000, horodatage 0xc849bfb9, module défaillant regedit.exe, version 6.0.6001.18000, horodatage 0xc849bfb9, code d’exception 0xc0000005, décalage d’erreur 0x00068d2b, ID du processus 0x2c64, heure de début de l’application 0x01ca313572e04ad0.
Record Number: 3096530
Source Name: Application Error
Time Written: 20090909100816.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Peyo
Event Code: 1000
Message: Application défaillante wiwow64.exe, version 1.2.10066.0, horodatage 0xc849bfb9, module défaillant wiwow64.exe, version 1.2.10066.0, horodatage 0xc849bfb9, code d’exception 0xc0000005, décalage d’erreur 0x00025b4b, ID du processus 0x2bd8, heure de début de l’application 0x01ca3135a350a700.
Record Number: 3096531
Source Name: Application Error
Time Written: 20090909100939.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Peyo
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 3096562
Source Name: Microsoft-Windows-WMI
Time Written: 20090909101322.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Peyo
Event Code: 1000
Message: Application défaillante daemon.exe, version 4.30.4.27, horodatage 0xc849bfb9, module défaillant daemon.exe, version 4.30.4.27, horodatage 0xc849bfb9, code d’exception 0xc0000005, décalage d’erreur 0x0001687f, ID du processus 0xf78, heure de début de l’application 0x01ca31365b2fa064.
Record Number: 3096572
Source Name: Application Error
Time Written: 20090909101556.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Peyo
Event Code: 1000
Message: Application défaillante soffice.exe, version 3.1.9398.500, horodatage 0xc849bfb9, module défaillant unknown, version 0.0.0.0, horodatage 0x00000000, code d’exception 0xc0000005, décalage d’erreur 0x00000000, ID du processus 0xd78, heure de début de l’application 0x01ca313682784464.
Record Number: 3096573
Source Name: Application Error
Time Written: 20090909101556.000000-000
Event Type: Erreur
User:
=====Security event log=====
Computer Name: PC-de-Peyo
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.
Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 5164
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090909101709.030536-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Peyo
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.
Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 5165
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090909101709.060536-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Peyo
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.
Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 5166
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090909101709.090536-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Peyo
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.
Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 5167
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090909101709.124536-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Peyo
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.
Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 5168
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090909101709.152536-000
Event Type: Échec de l'audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"configsetroot"=%SystemRoot%\ConfigSetRoot
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
-----------------EOF-----------------
antoine136
Messages postés
44
Date d'inscription
mardi 16 juin 2009
Statut
Membre
Dernière intervention
13 septembre 2009
9 sept. 2009 à 12:35
9 sept. 2009 à 12:35
merci encore pour ton aide. je lance maintenant combofix
antoine136
Messages postés
44
Date d'inscription
mardi 16 juin 2009
Statut
Membre
Dernière intervention
13 septembre 2009
9 sept. 2009 à 12:41
9 sept. 2009 à 12:41
voici le message qui s'affiche lorsque je lance combofix
!! ALERTE !! il est dangereux de continuer !
le contenu du paquetage combofix a ete deteriore
veuillez telecharger un nouvel exemplaire depluis ....
note : votre pc est peut etre infecte par un virus modifiant les fichiers "virut"
j'hesite a continuer !
!! ALERTE !! il est dangereux de continuer !
le contenu du paquetage combofix a ete deteriore
veuillez telecharger un nouvel exemplaire depluis ....
note : votre pc est peut etre infecte par un virus modifiant les fichiers "virut"
j'hesite a continuer !
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
9 sept. 2009 à 12:46
9 sept. 2009 à 12:46
ok alors fais ceci:
Télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.
(attention bien mettre :files)
:processes
explorer.exe
:files
C:\Windows\TEMP\msxm192z.dll
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ter8m"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12ac709d-60b4-11de-ad67-00248c97bfb3}]
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
___________________________
Télécharge et install UsbFix de C_XX & Chiquitine29
http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
# clic sur le raccourci UsbFix présent sur ton bureau avec le bouton droit et choisi de l'exectuer en administrateur
# Choisis l'option 1 ( Recherche )
# Laisse travailler l'outil.
# Ensuite post le rapport UsbFix.txt qui apparaitra.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.
(attention bien mettre :files)
:processes
explorer.exe
:files
C:\Windows\TEMP\msxm192z.dll
:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ter8m"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12ac709d-60b4-11de-ad67-00248c97bfb3}]
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
___________________________
Télécharge et install UsbFix de C_XX & Chiquitine29
http://sd-1.archive-host.com/membres/up/127028005715545653/UsbFix.exe
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir
# clic sur le raccourci UsbFix présent sur ton bureau avec le bouton droit et choisi de l'exectuer en administrateur
# Choisis l'option 1 ( Recherche )
# Laisse travailler l'outil.
# Ensuite post le rapport UsbFix.txt qui apparaitra.
# Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )
( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
# Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
antoine136
Messages postés
44
Date d'inscription
mardi 16 juin 2009
Statut
Membre
Dernière intervention
13 septembre 2009
9 sept. 2009 à 13:04
9 sept. 2009 à 13:04
parfait
voici deja le rapport OTM
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
DllUnregisterServer procedure not found in C:\Windows\TEMP\msxm192z.dll
C:\Windows\TEMP\msxm192z.dll NOT unregistered.
File move failed. C:\Windows\TEMP\msxm192z.dll scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12ac709d-60b4-11de-ad67-00248c97bfb3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12ac709d-60b4-11de-ad67-00248c97bfb3}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAERRGIU\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W85PZKXT\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USDL83FW\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWGIV1EZ\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAERRGIU\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W85PZKXT\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USDL83FW\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWGIV1EZ\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: Peyo
->Temp folder emptied: 644607881 bytes
File delete failed. C:\Users\Peyo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 176540808 bytes
->Java cache emptied: 27710600 bytes
->FireFox cache emptied: 218046999 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\PROGRESSBAR\ASCALL.EXE scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\PROGRESSBAR\LLKEYBOARDHOOK.DLL scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\PROGRESSBAR\PROGRESSBAR.EXE scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\7623,865.exe scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\8736,688.com scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\9946,798.com scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\FIXPATCH.EXE scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile00.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile01.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ghrhrneony.exe scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\LOCAL.cmd scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\msxm192z.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta118090.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta13187.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta18928.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta27943.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta32770.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta43877.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta73918.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta86100.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta88631.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta99819.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c102233.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c110035.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c124138.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c125053.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c34259.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c38292.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c40635.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c50170.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c51457.dll scheduled to be deleted on reboot.
Windows Temp folder emptied: 35610352 bytes
RecycleBin emptied: 4383398126 bytes
Total Files Cleaned = 1135,84 mb
OTM by OldTimer - Version 3.0.0.6 log created on 09092009_125005
voici deja le rapport OTM
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
DllUnregisterServer procedure not found in C:\Windows\TEMP\msxm192z.dll
C:\Windows\TEMP\msxm192z.dll NOT unregistered.
File move failed. C:\Windows\TEMP\msxm192z.dll scheduled to be moved on reboot.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12ac709d-60b4-11de-ad67-00248c97bfb3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12ac709d-60b4-11de-ad67-00248c97bfb3}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAERRGIU\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W85PZKXT\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USDL83FW\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWGIV1EZ\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAERRGIU\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W85PZKXT\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\USDL83FW\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AWGIV1EZ\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Users\Default User\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: Peyo
->Temp folder emptied: 644607881 bytes
File delete failed. C:\Users\Peyo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 176540808 bytes
->Java cache emptied: 27710600 bytes
->FireFox cache emptied: 218046999 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\PROGRESSBAR\ASCALL.EXE scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\PROGRESSBAR\LLKEYBOARDHOOK.DLL scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\PROGRESSBAR\PROGRESSBAR.EXE scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\7623,865.exe scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\8736,688.com scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\9946,798.com scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\FIXPATCH.EXE scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile00.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\fwtsqmfile01.sqm scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ghrhrneony.exe scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\LOCAL.cmd scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\msxm192z.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta118090.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta13187.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta18928.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta27943.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta32770.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta43877.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta73918.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta86100.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta88631.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta99819.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c102233.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c110035.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c124138.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c125053.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c34259.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c38292.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c40635.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c50170.dll scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\x1c51457.dll scheduled to be deleted on reboot.
Windows Temp folder emptied: 35610352 bytes
RecycleBin emptied: 4383398126 bytes
Total Files Cleaned = 1135,84 mb
OTM by OldTimer - Version 3.0.0.6 log created on 09092009_125005
antoine136
Messages postés
44
Date d'inscription
mardi 16 juin 2009
Statut
Membre
Dernière intervention
13 septembre 2009
9 sept. 2009 à 13:26
9 sept. 2009 à 13:26
et voici le rapport usb fix
############################## | UsbFix V6.028 |
User : Peyo (Administrateurs) # PC-DE-PEYO
Update on 08/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 13:11:16 | 09/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Core(TM)2 Duo CPU T5850 @ 2.16GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled
AV : Norton Internet Security 15.5.0.23 [ Enabled | (!) Outdated ]
FW : Norton Internet Security[ Enabled ]15.5.0.23
C:\ -> Disque fixe local # 160,77 Go (14,95 Go free) [VistaOS] # NTFS
D:\ -> Disque fixe local # 137,32 Go (78 Go free) [Data] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque amovible # 3,72 Go (2,8 Go free) [IPOD (JU)] # FAT32
H:\ -> Disque CD-ROM
############################## | Processus actifs |
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\ASUS\SmartLogon\smartlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\TEMP\ghrhrneony.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\TEMP\ghrhrneony.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\TEMP\VRT10F3.tmp
C:\Windows\system32\Rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wiawow32.sys
C:\Program Files\Common Files\Symantec Shared\COH\coh32.exe
################## | Fichiers # Dossiers infectieux |
Présent ! G:\.MS32DLL.dll.vbs
Présent ! G:\autorun.inf
################## | Suspect ! ... | https://www.virustotal.com/gui/ |
[26/08/2009 17:23|--a------|43008] C:\Windows\System32\kbiwkmashqvicn.dll
[02/09/2009 15:38|--a------|43] C:\Windows\System32\kbiwkmbifruvtu.dat
[26/08/2009 17:23|--a------|19456] C:\Windows\System32\kbiwkmbwpiipvr.dll
[02/09/2009 15:42|--a------|86277] C:\Windows\System32\kbiwkmrfoycqrd.dat
[02/09/2009 17:11|--a------|0] C:\Windows\System32\drivers\kbiwkmcepdiieo.sys
[02/09/2009 17:11|--a------|0] C:\Windows\System32\Drivers\kbiwkmcepdiieo.sys
################## | Registre # Clés Run infectieuses |
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{41dd2260-6242-11de-b42d-00248c97bfb3}
shell\AutoRun\command =F:\Autorun.exe
HKCU\..\..\Explorer\MountPoints2\{41dd228d-6242-11de-b42d-00248c97bfb3}
shell\AutoRun\command =G:\DLLHOST.EXE
HKCU\..\..\Explorer\MountPoints2\{876d8a27-6faf-11de-974e-00248c97bfb3}
shell\AutoRun\command =H:\autorun.exe
################## | ! Fin du rapport # UsbFix V6.028 ! |
############################## | UsbFix V6.028 |
User : Peyo (Administrateurs) # PC-DE-PEYO
Update on 08/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 13:11:16 | 09/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Core(TM)2 Duo CPU T5850 @ 2.16GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled
AV : Norton Internet Security 15.5.0.23 [ Enabled | (!) Outdated ]
FW : Norton Internet Security[ Enabled ]15.5.0.23
C:\ -> Disque fixe local # 160,77 Go (14,95 Go free) [VistaOS] # NTFS
D:\ -> Disque fixe local # 137,32 Go (78 Go free) [Data] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque amovible # 3,72 Go (2,8 Go free) [IPOD (JU)] # FAT32
H:\ -> Disque CD-ROM
############################## | Processus actifs |
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\ASUS\SmartLogon\smartlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\TEMP\ghrhrneony.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\TEMP\ghrhrneony.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\TEMP\VRT10F3.tmp
C:\Windows\system32\Rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wiawow32.sys
C:\Program Files\Common Files\Symantec Shared\COH\coh32.exe
################## | Fichiers # Dossiers infectieux |
Présent ! G:\.MS32DLL.dll.vbs
Présent ! G:\autorun.inf
################## | Suspect ! ... | https://www.virustotal.com/gui/ |
[26/08/2009 17:23|--a------|43008] C:\Windows\System32\kbiwkmashqvicn.dll
[02/09/2009 15:38|--a------|43] C:\Windows\System32\kbiwkmbifruvtu.dat
[26/08/2009 17:23|--a------|19456] C:\Windows\System32\kbiwkmbwpiipvr.dll
[02/09/2009 15:42|--a------|86277] C:\Windows\System32\kbiwkmrfoycqrd.dat
[02/09/2009 17:11|--a------|0] C:\Windows\System32\drivers\kbiwkmcepdiieo.sys
[02/09/2009 17:11|--a------|0] C:\Windows\System32\Drivers\kbiwkmcepdiieo.sys
################## | Registre # Clés Run infectieuses |
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{41dd2260-6242-11de-b42d-00248c97bfb3}
shell\AutoRun\command =F:\Autorun.exe
HKCU\..\..\Explorer\MountPoints2\{41dd228d-6242-11de-b42d-00248c97bfb3}
shell\AutoRun\command =G:\DLLHOST.EXE
HKCU\..\..\Explorer\MountPoints2\{876d8a27-6faf-11de-974e-00248c97bfb3}
shell\AutoRun\command =H:\autorun.exe
################## | ! Fin du rapport # UsbFix V6.028 ! |
antoine136
Messages postés
44
Date d'inscription
mardi 16 juin 2009
Statut
Membre
Dernière intervention
13 septembre 2009
9 sept. 2009 à 13:44
9 sept. 2009 à 13:44
jai vu qu'il y avait pas mal de file delete failed dans le rapport otm, donc j'ai repassé une petite couche. voici le nouveau rapport :
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
DllUnregisterServer procedure not found in C:\Windows\TEMP\msxm192z.dll
C:\Windows\TEMP\msxm192z.dll NOT unregistered.
C:\Windows\TEMP\msxm192z.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12ac709d-60b4-11de-ad67-00248c97bfb3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12ac709d-60b4-11de-ad67-00248c97bfb3}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Peyo
->Temp folder emptied: 32233 bytes
->Temporary Internet Files folder emptied: 2301292 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 23852464 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\ghrhrneony.exe scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\JET9A5B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta59546.dll scheduled to be deleted on reboot.
Windows Temp folder emptied: 39152094 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 62,34 mb
OTM by OldTimer - Version 3.0.0.6 log created on 09092009_133633
Files moved on Reboot...
C:\Windows\temp\ghrhrneony.exe moved successfully.
File C:\Windows\temp\JET9A5B.tmp not found!
C:\Windows\temp\mta59546.dll unregistered successfully.
C:\Windows\temp\mta59546.dll moved successfully.
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
DllUnregisterServer procedure not found in C:\Windows\TEMP\msxm192z.dll
C:\Windows\TEMP\msxm192z.dll NOT unregistered.
C:\Windows\TEMP\msxm192z.dll moved successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{12ac709d-60b4-11de-ad67-00248c97bfb3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{12ac709d-60b4-11de-ad67-00248c97bfb3}\ not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Peyo
->Temp folder emptied: 32233 bytes
->Temporary Internet Files folder emptied: 2301292 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 23852464 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\ghrhrneony.exe scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\JET9A5B.tmp scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mta59546.dll scheduled to be deleted on reboot.
Windows Temp folder emptied: 39152094 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 62,34 mb
OTM by OldTimer - Version 3.0.0.6 log created on 09092009_133633
Files moved on Reboot...
C:\Windows\temp\ghrhrneony.exe moved successfully.
File C:\Windows\temp\JET9A5B.tmp not found!
C:\Windows\temp\mta59546.dll unregistered successfully.
C:\Windows\temp\mta59546.dll moved successfully.
Registry entries deleted on Reboot...
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
9 sept. 2009 à 14:34
9 sept. 2009 à 14:34
refais usbfix choisi l'option 2 et colle le rapport
puis
Télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.
(attention bien mettre :files)
:processes
explorer.exe
:services
kbiwkmcepdiieo
:files
C:\Windows\System32\kbiwkmashqvicn.dll
C:\Windows\System32\kbiwkmbifruvtu.dat
C:\Windows\System32\kbiwkmbwpiipvr.dll
C:\Windows\System32\kbiwkmrfoycqrd.dat
C:\Windows\System32\drivers\kbiwkmcepdiieo.sys
C:\Windows\System32\Drivers\kbiwkmcepdiieo.sys
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
___________________________
a plus
puis
Télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.
(attention bien mettre :files)
:processes
explorer.exe
:services
kbiwkmcepdiieo
:files
C:\Windows\System32\kbiwkmashqvicn.dll
C:\Windows\System32\kbiwkmbifruvtu.dat
C:\Windows\System32\kbiwkmbwpiipvr.dll
C:\Windows\System32\kbiwkmrfoycqrd.dat
C:\Windows\System32\drivers\kbiwkmcepdiieo.sys
C:\Windows\System32\Drivers\kbiwkmcepdiieo.sys
:commands
[purity]
[emptytemp]
[start explorer]
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
___________________________
a plus
antoine136
Messages postés
44
Date d'inscription
mardi 16 juin 2009
Statut
Membre
Dernière intervention
13 septembre 2009
9 sept. 2009 à 14:55
9 sept. 2009 à 14:55
voila deja pour usbfix
############################## | UsbFix V6.028 |
User : Peyo (Administrateurs) # PC-DE-PEYO
Update on 08/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 14:42:34 | 09/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Core(TM)2 Duo CPU T5850 @ 2.16GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled
AV : Norton Internet Security 15.5.0.23 [ Enabled | (!) Outdated ]
FW : Norton Internet Security[ Enabled ]15.5.0.23
C:\ -> Disque fixe local # 160,77 Go (14,84 Go free) [VistaOS] # NTFS
D:\ -> Disque fixe local # 137,32 Go (78 Go free) [Data] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque amovible # 3,72 Go (2,8 Go free) [IPOD (JU)] # FAT32
H:\ -> Disque CD-ROM
############################## | Processus actifs |
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\ASUS\SmartLogon\smartlogon.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\sofatnet.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\PresentationSettings.exe
################## | Fichiers # Dossiers infectieux |
Supprimé ! G:\.MS32DLL.dll.vbs
Supprimé ! G:\autorun.inf
################## | Suspect ! ... | https://www.virustotal.com/gui/ |
[26/08/2009 17:23|--a------|43008] C:\Windows\System32\kbiwkmashqvicn.dll
[02/09/2009 15:38|--a------|43] C:\Windows\System32\kbiwkmbifruvtu.dat
[26/08/2009 17:23|--a------|19456] C:\Windows\System32\kbiwkmbwpiipvr.dll
[02/09/2009 15:42|--a------|86277] C:\Windows\System32\kbiwkmrfoycqrd.dat
[02/09/2009 17:11|--a------|0] C:\Windows\System32\drivers\kbiwkmcepdiieo.sys
[02/09/2009 17:11|--a------|0] C:\Windows\System32\Drivers\kbiwkmcepdiieo.sys
################## | Registre # Clés Run infectieuses |
################## | Registre # Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{41dd2260-6242-11de-b42d-00248c97bfb3}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{41dd228d-6242-11de-b42d-00248c97bfb3}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{876d8a27-6faf-11de-974e-00248c97bfb3}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[09/09/2009 13:10|--a------|716] C:\1022,913.exe
[03/09/2009 18:20|--a------|204] C:\8954,736.exe
[08/09/2009 09:02|--a------|860] C:\9622,767.exe
[18/09/2006 23:43|--a------|24] C:\autoexec.bat
[21/01/2008 04:24|-rahs----|333203] C:\bootmgr
[16/04/2008 13:27|-ra-s----|8192] C:\BOOTSECT.BAK
[04/04/2007 21:01|--a------|19] C:\CA21.txt
[18/09/2006 23:43|--a------|10] C:\config.sys
[16/08/2009 08:15|--a------|26975] C:\GF_Excpt.txt
[?|?|?] C:\hiberfil.sys
[02/09/2009 16:23|-rahs----|0] C:\IO.SYS
[11/08/2008 15:50|---------|1048576] C:\M50V.BIN
[16/09/2008 08:48|---------|14] C:\M50VN_M50VM_M50VC_VISTA.30
[02/09/2009 16:23|-rahs----|0] C:\MSDOS.SYS
[29/02/2004 17:44|--a------|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[16/09/2008 08:48|---------|21] C:\RECOVERY.DAT
[24/06/2009 11:14|--a------|560] C:\RHDSetup.log
[24/06/2009 11:30|--a------|159] C:\setup.log
[24/06/2009 12:33|--ah-----|46] C:\splash.idx
[09/09/2009 14:47|--a------|5246] C:\UsbFix.txt
[05/09/2008 13:57|--ah-----|4112] C:\version
[22/04/2009 04:42|--a------|1618] G:\BOOTEX.LOG
[12/09/2007 15:07|--ah-----|82] G:\._iPod_Control
[25/01/2007 22:09|--ah-----|15364] G:\.DS_Store
[09/09/2009 01:02|--a------|781909] G:\RSIT.exe
[21/01/2008 04:24|--ah-----|45568] G:\DLLHOST.EXE
[19/12/2006 22:31|--a------|36997] G:\.VolumeIcon.icns
[19/12/2006 22:32|--a------|82] G:\._.VolumeIcon.icns
[09/09/2009 01:06|--a------|3916752] G:\mbam-setup.zip
[21/01/2008 04:24|--ah-----|45568] G:\WMPLAYER.EXE
[21/01/2008 04:24|--ah-----|45568] G:\ATBROKER.EXE
[21/01/2008 04:24|--ah-----|45568] G:\ACOVCNT.EXE
[26/01/2007 15:19|---hs----|348160] G:\msvcr71.dll
[01/02/2007 17:59|--a------|5] G:\RavMonLog
################## | Upload |
Veuillez envoyer le fichier : C:\Users\Peyo\Desktop\UsbFix_Upload_Me_PC-de-Peyo.zip : https://www.androidworld.fr/
Merci pour votre contribution .
############################## | UsbFix V6.028 |
User : Peyo (Administrateurs) # PC-DE-PEYO
Update on 08/09/2009 by Chiquitine29, C_XX & Chimay8
Start at: 14:42:34 | 09/09/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Intel(R) Core(TM)2 Duo CPU T5850 @ 2.16GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Disabled
AV : Norton Internet Security 15.5.0.23 [ Enabled | (!) Outdated ]
FW : Norton Internet Security[ Enabled ]15.5.0.23
C:\ -> Disque fixe local # 160,77 Go (14,84 Go free) [VistaOS] # NTFS
D:\ -> Disque fixe local # 137,32 Go (78 Go free) [Data] # NTFS
E:\ -> Disque CD-ROM
F:\ -> Disque CD-ROM
G:\ -> Disque amovible # 3,72 Go (2,8 Go free) [IPOD (JU)] # FAT32
H:\ -> Disque CD-ROM
############################## | Processus actifs |
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\ASUS\SmartLogon\smartlogon.exe
C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Hotkey\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\sofatnet.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\runonce.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\PresentationSettings.exe
################## | Fichiers # Dossiers infectieux |
Supprimé ! G:\.MS32DLL.dll.vbs
Supprimé ! G:\autorun.inf
################## | Suspect ! ... | https://www.virustotal.com/gui/ |
[26/08/2009 17:23|--a------|43008] C:\Windows\System32\kbiwkmashqvicn.dll
[02/09/2009 15:38|--a------|43] C:\Windows\System32\kbiwkmbifruvtu.dat
[26/08/2009 17:23|--a------|19456] C:\Windows\System32\kbiwkmbwpiipvr.dll
[02/09/2009 15:42|--a------|86277] C:\Windows\System32\kbiwkmrfoycqrd.dat
[02/09/2009 17:11|--a------|0] C:\Windows\System32\drivers\kbiwkmcepdiieo.sys
[02/09/2009 17:11|--a------|0] C:\Windows\System32\Drivers\kbiwkmcepdiieo.sys
################## | Registre # Clés Run infectieuses |
################## | Registre # Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{41dd2260-6242-11de-b42d-00248c97bfb3}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{41dd228d-6242-11de-b42d-00248c97bfb3}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{876d8a27-6faf-11de-974e-00248c97bfb3}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[09/09/2009 13:10|--a------|716] C:\1022,913.exe
[03/09/2009 18:20|--a------|204] C:\8954,736.exe
[08/09/2009 09:02|--a------|860] C:\9622,767.exe
[18/09/2006 23:43|--a------|24] C:\autoexec.bat
[21/01/2008 04:24|-rahs----|333203] C:\bootmgr
[16/04/2008 13:27|-ra-s----|8192] C:\BOOTSECT.BAK
[04/04/2007 21:01|--a------|19] C:\CA21.txt
[18/09/2006 23:43|--a------|10] C:\config.sys
[16/08/2009 08:15|--a------|26975] C:\GF_Excpt.txt
[?|?|?] C:\hiberfil.sys
[02/09/2009 16:23|-rahs----|0] C:\IO.SYS
[11/08/2008 15:50|---------|1048576] C:\M50V.BIN
[16/09/2008 08:48|---------|14] C:\M50VN_M50VM_M50VC_VISTA.30
[02/09/2009 16:23|-rahs----|0] C:\MSDOS.SYS
[29/02/2004 17:44|--a------|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[16/09/2008 08:48|---------|21] C:\RECOVERY.DAT
[24/06/2009 11:14|--a------|560] C:\RHDSetup.log
[24/06/2009 11:30|--a------|159] C:\setup.log
[24/06/2009 12:33|--ah-----|46] C:\splash.idx
[09/09/2009 14:47|--a------|5246] C:\UsbFix.txt
[05/09/2008 13:57|--ah-----|4112] C:\version
[22/04/2009 04:42|--a------|1618] G:\BOOTEX.LOG
[12/09/2007 15:07|--ah-----|82] G:\._iPod_Control
[25/01/2007 22:09|--ah-----|15364] G:\.DS_Store
[09/09/2009 01:02|--a------|781909] G:\RSIT.exe
[21/01/2008 04:24|--ah-----|45568] G:\DLLHOST.EXE
[19/12/2006 22:31|--a------|36997] G:\.VolumeIcon.icns
[19/12/2006 22:32|--a------|82] G:\._.VolumeIcon.icns
[09/09/2009 01:06|--a------|3916752] G:\mbam-setup.zip
[21/01/2008 04:24|--ah-----|45568] G:\WMPLAYER.EXE
[21/01/2008 04:24|--ah-----|45568] G:\ATBROKER.EXE
[21/01/2008 04:24|--ah-----|45568] G:\ACOVCNT.EXE
[26/01/2007 15:19|---hs----|348160] G:\msvcr71.dll
[01/02/2007 17:59|--a------|5] G:\RavMonLog
################## | Upload |
Veuillez envoyer le fichier : C:\Users\Peyo\Desktop\UsbFix_Upload_Me_PC-de-Peyo.zip : https://www.androidworld.fr/
Merci pour votre contribution .
antoine136
Messages postés
44
Date d'inscription
mardi 16 juin 2009
Statut
Membre
Dernière intervention
13 septembre 2009
9 sept. 2009 à 15:01
9 sept. 2009 à 15:01
en revanche OTM plante systematiquement au bout d'une dizaine de secondes....
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
9 sept. 2009 à 15:43
9 sept. 2009 à 15:43
ok il est tenace ce rootkit
lance ce combofix renommé en killfix et colle le rapport (désactive antiviurs, antiespion...) et debranche le net
et ne touche a rien pendant le scan
http://sd-1.archive-host.com/membres/up/193094576412487685/Killfix.exe
lance ce combofix renommé en killfix et colle le rapport (désactive antiviurs, antiespion...) et debranche le net
et ne touche a rien pendant le scan
http://sd-1.archive-host.com/membres/up/193094576412487685/Killfix.exe