Sujet Précédent Sujet Suivant

Probléme à priorie TR/Scar.aakg

Résolu
mandonnaud Messages postés 89 Statut Membre -  
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité -
Bonjour,

J'ai voulus installé un logiciel de conversion, lors de l'installation pour anti virus à clignoté comme un sapin de noel (TR/scar.aakg détecté). J'ai arrêter l'installation lancé un scan de l'anti virus, de spy bot mais je crois que le mal est fait !

A chaque démarage j'ai trois erreure :

Erreure de Chargement de c:\users\Samuel\ntuser.dll

Erreure de Chargement de c:\Window\systme32\calc.dll

plfseti.exe a cessé de fonctionné

Voici deux log

Logfile of random's system information tool 1.06 (written by random/random)
Run by Samuel at 2009-10-11 11:10:50
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 118 GB (52%) free of 225 GB
Total RAM: 3001 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11:02, on 11/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\System32\igfxpers .exe
C:\Windows\System32\hkcmd .exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\rthdvcpl .exe
C:\Program Files\Synaptics\SynTP\syntpenh .exe
C:\Users\Samuel\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Samuel\Desktop\RSIT.exe
C:\Program Files\trend micro\Samuel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Program Files\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [calc] rundll32.exe C:\Windows\system32\calc.dll,_IWMPEvents@0
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [calc] rundll32.exe C:\Users\Samuel\ntuser.dll,_IWMPEvents@0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: scandisk.lnk = ?
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe

--
End of file - 8247 bytes

======Scheduled tasks folder======

C:\Windows\tasks\At1.job
C:\Windows\tasks\At10.job
C:\Windows\tasks\At11.job
C:\Windows\tasks\At12.job
C:\Windows\tasks\At13.job
C:\Windows\tasks\At14.job
C:\Windows\tasks\At15.job
C:\Windows\tasks\At16.job
C:\Windows\tasks\At17.job
C:\Windows\tasks\At18.job
C:\Windows\tasks\At19.job
C:\Windows\tasks\At2.job
C:\Windows\tasks\At20.job
C:\Windows\tasks\At21.job
C:\Windows\tasks\At22.job
C:\Windows\tasks\At23.job
C:\Windows\tasks\At24.job
C:\Windows\tasks\At3.job
C:\Windows\tasks\At4.job
C:\Windows\tasks\At5.job
C:\Windows\tasks\At6.job
C:\Windows\tasks\At7.job
C:\Windows\tasks\At8.job
C:\Windows\tasks\At9.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2474932794-2890477309-324203790-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2474932794-2890477309-324203790-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-03-17 30192]
"Acer ePower Management"=C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe [2009-10-08 30720]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-10-11 30720]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-10-11 30720]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-10-11 30720]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-10-08 30720]
"PLFSetI"=C:\Program Files\PLFSetI.exe [2009-10-08 30720]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-10-08 30720]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2009-10-08 30720]
""= []
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-10-08 198160]
"calc"=C:\Windows\system32\calc.dll,_IWMPEvents@0 []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"calc"=C:\Users\Samuel\ntuser.dll,_IWMPEvents@0 []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-02-27 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-02-27 38768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2009-09-16 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [2008-08-15 378224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe [2009-03-10 250624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Samuel\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-09-21 305440]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-10-17 91432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
C:\Program Files\PACKARD BELL\SetUpMyPC\SmpSys.exe [2009-03-18 1160736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-17 149280]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoWebCamera]
C:\Program Files\VideoWebCamera\VideoWebCamera.exe [2009-03-12 1552497]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]

C:\Users\Samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
scandisk.lnk - C:\Windows\system32\rundll32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-10-28 221184]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb19b294-a6cc-11de-8f37-00235af076b1}]
shell\AutoRun\command - 2a.exe
shell\open\command - 2a.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1dedfd6-a743-11de-af62-00235af076b1}]
shell\AutoRun\command - E:\WDSetup.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2009-10-11 11:10:50 ----D---- C:\rsit
2009-10-11 11:10:50 ----D---- C:\Program Files\trend micro
2009-10-11 11:01:57 ----D---- C:\Windows\Minidump
2009-10-09 12:24:11 ----D---- C:\Users\Samuel\AppData\Roaming\Grisbi
2009-10-09 12:23:59 ----D---- C:\Program Files\Grisbi
2009-10-08 18:19:07 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-10-08 18:19:07 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-10-08 17:51:44 ----D---- C:\Program Files\Free RM to MP3 Converter
2009-10-08 17:40:49 ----A---- C:\Program Files\plfseti.exe
2009-10-08 17:40:19 ----A---- C:\whpcy.exe
2009-10-08 17:40:03 ----A---- C:\xcnh.exe
2009-10-08 17:36:46 ----D---- C:\Program Files\Real Alternative
2009-10-08 17:31:58 ----D---- C:\Program Files\RM to MP3 Converter
2009-10-08 16:59:50 ----A---- C:\Windows\system32\rmoc3260.dll
2009-10-08 16:59:43 ----A---- C:\Windows\system32\pndx5032.dll
2009-10-08 16:59:43 ----A---- C:\Windows\system32\pndx5016.dll
2009-10-08 16:59:42 ----D---- C:\Program Files\Common Files\xing shared
2009-10-08 16:59:30 ----A---- C:\Windows\system32\pncrt.dll
2009-10-08 16:59:29 ----D---- C:\Program Files\Real
2009-10-08 16:59:28 ----D---- C:\Program Files\Common Files\Real
2009-10-08 16:59:27 ----D---- C:\ProgramData\Real
2009-10-08 16:59:26 ----D---- C:\Users\Samuel\AppData\Roaming\Real
2009-10-06 08:53:15 ----A---- C:\Windows\system32\wups2.dll
2009-10-06 08:53:15 ----A---- C:\Windows\system32\wuauclt.exe
2009-10-06 08:53:14 ----A---- C:\Windows\system32\wucltux.dll
2009-10-06 08:53:14 ----A---- C:\Windows\system32\wuaueng.dll
2009-10-06 08:52:55 ----A---- C:\Windows\system32\wups.dll
2009-10-06 08:52:55 ----A---- C:\Windows\system32\wudriver.dll
2009-10-06 08:52:54 ----A---- C:\Windows\system32\wuapi.dll
2009-10-06 08:52:45 ----A---- C:\Windows\system32\wuwebv.dll
2009-10-06 08:52:45 ----A---- C:\Windows\system32\wuapp.exe
2009-10-05 17:25:40 ----D---- C:\Program Files\Core Services
2009-10-03 13:12:59 ----D---- C:\Program Files\iPod
2009-10-03 13:12:54 ----D---- C:\Program Files\iTunes
2009-10-03 09:42:38 ----N---- C:\Windows\system32\MpSigStub.exe
2009-10-01 13:51:20 ----D---- C:\tmp
2009-10-01 11:16:59 ----D---- C:\Users\Samuel\AppData\Roaming\Blender Foundation
2009-10-01 11:16:56 ----D---- C:\Program Files\Blender Foundation
2009-10-01 09:11:30 ----D---- C:\Windows\Sun
2009-09-24 17:09:06 ----D---- C:\Program Files\Safari
2009-09-21 21:21:35 ----D---- C:\Users\Samuel\AppData\Roaming\Audacity
2009-09-21 21:21:24 ----D---- C:\Program Files\Audacity 1.3 Beta (Unicode)
2009-09-21 16:25:51 ----A---- C:\Windows\system32\devil.dll
2009-09-21 16:25:51 ----A---- C:\Windows\system32\avisynth.dll
2009-09-21 16:25:50 ----A---- C:\Windows\system32\yv12vfw.dll
2009-09-21 16:25:50 ----A---- C:\Windows\system32\i420vfw.dll
2009-09-21 16:25:50 ----A---- C:\Windows\system32\AVSredirect.dll
2009-09-21 16:25:47 ----D---- C:\Program Files\AviSynth 2.5
2009-09-21 16:25:37 ----RSH---- C:\Windows\system32\nbDX.dll
2009-09-21 16:25:37 ----RSH---- C:\Windows\system32\msfDX.dll
2009-09-21 16:25:37 ----RSH---- C:\Windows\system32\flvDX.dll
2009-09-21 16:25:26 ----D---- C:\Program Files\eRightSoft
2009-09-21 16:24:41 ----D---- C:\Program Files\Xvid
2009-09-21 16:24:41 ----A---- C:\Windows\system32\xvidvfw.dll
2009-09-21 16:24:41 ----A---- C:\Windows\system32\xvidcore.dll
2009-09-21 11:01:57 ----D---- C:\Program Files\CoupeFichier
2009-09-21 10:04:59 ----D---- C:\Users\Samuel\AppData\Roaming\dvdcss
2009-09-20 14:56:27 ----D---- C:\Program Files\epson
2009-09-20 14:56:27 ----A---- C:\Windows\system32\eswiaml.dll
2009-09-20 14:56:27 ----A---- C:\Windows\system32\eswia52.dll
2009-09-20 14:56:27 ----A---- C:\Windows\system32\esint52.dll
2009-09-17 19:44:39 ----D---- C:\Users\Samuel\AppData\Roaming\OpenOffice.org
2009-09-17 17:54:11 ----D---- C:\Users\Samuel\AppData\Roaming\FlashGet
2009-09-17 17:54:06 ----D---- C:\Program Files\FlashGet
2009-09-17 17:50:45 ----D---- C:\Downloads
2009-09-17 17:16:58 ----D---- C:\Program Files\JRE
2009-09-17 17:16:38 ----D---- C:\Program Files\OpenOffice.org 3
2009-09-17 17:15:21 ----A---- C:\Windows\system32\javaws.exe
2009-09-17 17:15:21 ----A---- C:\Windows\system32\javaw.exe
2009-09-17 17:15:21 ----A---- C:\Windows\system32\java.exe
2009-09-17 17:15:21 ----A---- C:\Windows\system32\deploytk.dll
2009-09-17 17:14:51 ----D---- C:\Program Files\Java
2009-09-17 14:16:00 ----D---- C:\Users\Samuel\AppData\Roaming\skypePM
2009-09-17 14:13:52 ----D---- C:\Users\Samuel\AppData\Roaming\Skype
2009-09-17 14:11:07 ----D---- C:\Program Files\Common Files\Skype
2009-09-17 14:11:06 ----RD---- C:\Program Files\Skype
2009-09-17 14:10:59 ----D---- C:\ProgramData\Skype
2009-09-17 11:55:43 ----D---- C:\Users\Samuel\AppData\Roaming\WinRAR
2009-09-17 10:10:20 ----D---- C:\Users\Samuel\AppData\Roaming\vlc
2009-09-17 09:08:16 ----A---- C:\Windows\system32\jscript.dll
2009-09-16 18:55:43 ----D---- C:\Program Files\VideoLAN
2009-09-16 18:54:42 ----D---- C:\Program Files\WinRAR
2009-09-16 15:42:18 ----RA---- C:\Windows\system32\AdobePDFUI.dll
2009-09-16 15:42:18 ----RA---- C:\Windows\system32\AdobePDF.dll
2009-09-16 15:22:05 ----D---- C:\ProgramData\Avira
2009-09-16 15:22:05 ----D---- C:\Program Files\Avira
2009-09-16 14:56:03 ----D---- C:\ProgramData\FLEXnet
2009-09-16 14:06:53 ----D---- C:\Users\Samuel\AppData\Roaming\Apple Computer
2009-09-16 14:06:42 ----DC---- C:\Windows\system32\DRVSTORE
2009-09-16 14:06:42 ----A---- C:\Windows\system32\GEARAspi.dll
2009-09-16 14:06:01 ----D---- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-16 13:38:16 ----D---- C:\Program Files\Bonjour
2009-09-16 13:37:49 ----D---- C:\ProgramData\Apple Computer
2009-09-16 13:37:49 ----D---- C:\Program Files\QuickTime
2009-09-16 13:37:19 ----D---- C:\Program Files\Apple Software Update
2009-09-16 13:36:17 ----D---- C:\Program Files\Common Files\Apple
2009-09-16 13:36:16 ----D---- C:\ProgramData\Apple
2009-09-16 13:28:42 ----D---- C:\travo
2009-09-16 13:27:14 ----D---- C:\ProgramData\ALM
2009-09-16 12:55:51 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-09-16 12:54:44 ----D---- C:\Users\Samuel\AppData\Roaming\Adobe
2009-09-16 12:43:00 ----D---- C:\Users\Samuel\AppData\Roaming\FileZilla
2009-09-16 12:35:43 ----D---- C:\Program Files\FileZilla FTP Client
2009-09-16 12:31:03 ----D---- C:\Windows\acerTemp
2009-09-16 12:24:03 ----A---- C:\Windows\system32\occache.dll
2009-09-16 12:24:03 ----A---- C:\Windows\system32\jsproxy.dll
2009-09-16 12:24:02 ----A---- C:\Windows\system32\msfeedsbs.dll
2009-09-16 12:24:02 ----A---- C:\Windows\system32\msfeeds.dll
2009-09-16 12:24:02 ----A---- C:\Windows\system32\ieui.dll
2009-09-16 12:24:02 ----A---- C:\Windows\system32\iesetup.dll
2009-09-16 12:24:02 ----A---- C:\Windows\system32\iepeers.dll
2009-09-16 12:24:01 ----A---- C:\Windows\system32\wininet.dll
2009-09-16 12:24:01 ----A---- C:\Windows\system32\msfeedssync.exe
2009-09-16 12:24:01 ----A---- C:\Windows\system32\iertutil.dll
2009-09-16 12:24:01 ----A---- C:\Windows\system32\iernonce.dll
2009-09-16 12:24:01 ----A---- C:\Windows\system32\ie4uinit.exe
2009-09-16 12:24:00 ----A---- C:\Windows\system32\urlmon.dll
2009-09-16 12:24:00 ----A---- C:\Windows\system32\ieUnatt.exe
2009-09-16 12:24:00 ----A---- C:\Windows\system32\iesysprep.dll
2009-09-16 12:24:00 ----A---- C:\Windows\system32\iedkcs32.dll
2009-09-16 12:23:59 ----A---- C:\Windows\system32\ieframe.dll
2009-09-16 12:23:58 ----A---- C:\Windows\system32\mshtml.dll
2009-09-16 12:21:24 ----A---- C:\Windows\system32\mshtmler.dll
2009-09-16 12:21:24 ----A---- C:\Windows\system32\mshtmled.dll
2009-09-16 12:21:24 ----A---- C:\Windows\system32\icardie.dll
2009-09-16 12:21:24 ----A---- C:\Windows\system32\admparse.dll
2009-09-16 12:21:23 ----A---- C:\Windows\system32\msls31.dll
2009-09-16 12:21:23 ----A---- C:\Windows\system32\licmgr10.dll
2009-09-16 12:21:23 ----A---- C:\Windows\system32\inseng.dll
2009-09-16 12:21:23 ----A---- C:\Windows\system32\imgutil.dll
2009-09-16 12:21:23 ----A---- C:\Windows\system32\ieakeng.dll
2009-09-16 12:21:23 ----A---- C:\Windows\system32\dxtrans.dll
2009-09-16 12:21:23 ----A---- C:\Windows\system32\dxtmsft.dll
2009-09-16 12:21:23 ----A---- C:\Windows\system32\corpol.dll
2009-09-16 12:21:22 ----A---- C:\Windows\system32\WinFXDocObj.exe
2009-09-16 12:21:22 ----A---- C:\Windows\system32\wextract.exe
2009-09-16 12:21:22 ----A---- C:\Windows\system32\webcheck.dll
2009-09-16 12:21:22 ----A---- C:\Windows\system32\mstime.dll
2009-09-16 12:21:22 ----A---- C:\Windows\system32\msrating.dll
2009-09-16 12:21:22 ----A---- C:\Windows\system32\ieakui.dll
2009-09-16 12:21:22 ----A---- C:\Windows\system32\ieaksie.dll
2009-09-16 12:21:21 ----A---- C:\Windows\system32\vbscript.dll
2009-09-16 12:21:21 ----A---- C:\Windows\system32\url.dll
2009-09-16 12:21:21 ----A---- C:\Windows\system32\pngfilt.dll
2009-09-16 12:21:21 ----A---- C:\Windows\system32\ieapfltr.dll
2009-09-16 12:21:21 ----A---- C:\Windows\system32\advpack.dll
2009-09-16 12:21:19 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2009-09-16 12:21:19 ----A---- C:\Windows\system32\SetDepNx.exe
2009-09-16 12:21:19 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2009-09-16 12:21:19 ----A---- C:\Windows\system32\PDMSetup.exe
2009-09-16 12:21:19 ----A---- C:\Windows\system32\mshta.exe
2009-09-16 12:21:19 ----A---- C:\Windows\system32\iexpress.exe
2009-09-16 12:20:20 ----A---- C:\Windows\system32\PortableDeviceApi.dll
2009-09-16 12:20:12 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-16 12:20:11 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-16 12:04:21 ----A---- C:\Windows\system32\tzres.dll
2009-09-16 11:48:26 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-09-16 11:48:26 ----A---- C:\Windows\system32\infocardapi.dll
2009-09-16 11:48:25 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2009-09-16 11:48:25 ----A---- C:\Windows\system32\icardres.dll
2009-09-16 11:48:25 ----A---- C:\Windows\system32\icardagt.exe
2009-09-16 11:48:24 ----A---- C:\Windows\system32\PresentationNative_v0300.dll
2009-09-16 11:48:22 ----A---- C:\Windows\system32\PresentationHost.exe
2009-09-16 11:43:53 ----A---- C:\Windows\system32\dfshim.dll
2009-09-16 11:43:50 ----A---- C:\Windows\system32\mscoree.dll
2009-09-16 11:43:49 ----A---- C:\Windows\system32\netfxperf.dll
2009-09-16 11:43:38 ----A---- C:\Windows\system32\mscorier.dll
2009-09-16 11:43:31 ----A---- C:\Windows\system32\mscories.dll
2009-09-16 11:42:41 ----A---- C:\Windows\system32\avifil32.dll
2009-09-16 11:42:37 ----A---- C:\Windows\system32\atl.dll
2009-09-16 11:42:28 ----A---- C:\Windows\system32\t2embed.dll
2009-09-16 11:42:28 ----A---- C:\Windows\system32\fontsub.dll
2009-09-16 11:42:28 ----A---- C:\Windows\system32\dciman32.dll
2009-09-16 11:42:28 ----A---- C:\Windows\system32\atmfd.dll
2009-09-16 11:42:20 ----A---- C:\Windows\system32\wkssvc.dll
2009-09-16 11:42:17 ----A---- C:\Windows\system32\localspl.dll
2009-09-16 11:42:07 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-16 11:42:06 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-16 11:42:06 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-16 11:42:06 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-16 11:42:06 ----A---- C:\Windows\system32\finger.exe
2009-09-16 11:42:06 ----A---- C:\Windows\system32\ARP.EXE
2009-09-16 11:42:05 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-16 11:42:05 ----A---- C:\Windows\system32\netevent.dll
2009-09-16 11:42:05 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-16 11:41:31 ----A---- C:\Windows\system32\ShellManager310E2D762.dll
2009-09-16 11:41:31 ----A---- C:\Windows\system32\kerberos.dll
2009-09-16 11:41:30 ----A---- C:\Windows\system32\wdigest.dll
2009-09-16 11:41:30 ----A---- C:\Windows\system32\schannel.dll
2009-09-16 11:41:30 ----A---- C:\Windows\system32\msv1_0.dll
2009-09-16 11:41:30 ----A---- C:\Windows\system32\lsasrv.dll
2009-09-16 11:41:29 ----A---- C:\Windows\system32\secur32.dll
2009-09-16 11:41:29 ----A---- C:\Windows\system32\lsass.exe
2009-09-16 11:41:24 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-16 11:41:23 ----A---- C:\Windows\system32\mf.dll
2009-09-16 11:41:18 ----A---- C:\Windows\system32\wlansec.dll
2009-09-16 11:41:18 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-16 11:41:18 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-16 11:41:17 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-16 11:41:15 ----A---- C:\Windows\system32\mstscax.dll
2009-09-16 11:40:53 ----A---- C:\Windows\Irremote.ini
2009-09-16 11:40:49 ----D---- C:\Users\Samuel\AppData\Roaming\Nero
2009-09-16 11:38:08 ----A---- C:\Windows\system32\wmp.dll
2009-09-16 11:38:07 ----A---- C:\Windows\system32\wmpdxm.dll
2009-09-16 11:38:06 ----A---- C:\Windows\system32\spwmp.dll
2009-09-16 11:38:06 ----A---- C:\Windows\system32\dxmasf.dll
2009-09-16 11:38:05 ----A---- C:\Windows\system32\wmploc.DLL
2009-09-16 11:35:36 ----A---- C:\Windows\system32\rpcrt4.dll
2009-09-16 11:35:18 ----D---- C:\Users\Samuel\AppData\Roaming\Mozilla
2009-09-16 11:35:09 ----D---- C:\Program Files\Mozilla Firefox
2009-09-16 11:25:36 ----D---- C:\Users\Samuel\AppData\Roaming\Google
2009-09-16 11:23:14 ----D---- C:\Users\Samuel\AppData\Roaming\Macromedia
2009-09-16 11:22:55 ----D---- C:\Users\Samuel\AppData\Roaming\Identities
2009-09-16 11:19:36 ----D---- C:\Windows\oem
2009-09-16 11:19:02 ----D---- C:\ProgramData\Google
2009-09-16 11:18:12 ----SD---- C:\Users\Samuel\AppData\Roaming\Microsoft
2009-09-16 11:17:55 ----SHD---- C:\ProgramData\Modèles
2009-09-16 11:17:55 ----SHD---- C:\ProgramData\Menu Démarrer
2009-09-16 11:17:55 ----SHD---- C:\ProgramData\Favoris
2009-09-16 11:17:55 ----SHD---- C:\ProgramData\Bureau
2009-09-16 11:17:55 ----SHD---- C:\Program Files\Fichiers communs

======List of files/folders modified in the last 1 months======

2009-10-11 11:11:02 ----D---- C:\Windows\Prefetch
2009-10-11 11:10:54 ----D---- C:\Windows\Temp
2009-10-11 11:10:50 ----RD---- C:\Program Files
2009-10-11 11:08:14 ----D---- C:\Windows\System32
2009-10-11 11:08:14 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-10-11 11:08:13 ----D---- C:\Windows\inf
2009-10-11 11:03:30 ----A---- C:\Windows\system32\igfxpers.exe
2009-10-11 11:03:29 ----A---- C:\Windows\system32\hkcmd.exe
2009-10-11 11:03:25 ----A---- C:\Windows\system32\igfxtray.exe
2009-10-11 11:01:57 ----D---- C:\Windows
2009-10-09 21:08:07 ----RSD---- C:\Windows\Fonts
2009-10-09 09:29:57 ----SHD---- C:\System Volume Information
2009-10-09 09:14:59 ----HD---- C:\ProgramData
2009-10-09 09:14:41 ----D---- C:\ProgramData\Adobe
2009-10-09 09:13:39 ----SHD---- C:\Windows\Installer
2009-10-08 17:49:28 ----AD---- C:\ProgramData\Temp
2009-10-08 17:41:10 ----D---- C:\Windows\Tasks
2009-10-08 17:41:10 ----D---- C:\Windows\system32\Tasks
2009-10-08 17:40:57 ----D---- C:\Program Files\Adobe
2009-10-08 17:40:51 ----D---- C:\Program Files\Launch Manager
2009-10-08 16:59:42 ----D---- C:\Program Files\Common Files
2009-10-07 10:52:07 ----D---- C:\Windows\rescache
2009-10-07 10:35:52 ----D---- C:\Windows\system32\fr-FR
2009-10-06 23:28:13 ----D---- C:\Windows\winsxs
2009-10-06 08:53:35 ----D---- C:\Windows\system32\catroot
2009-10-06 08:53:34 ----D---- C:\Windows\system32\catroot2
2009-10-01 17:05:36 ----D---- C:\Windows\system32\drivers
2009-09-28 10:12:10 ----D---- C:\Windows\system32\WDI
2009-09-24 16:02:04 ----D---- C:\Windows\system32\NDF
2009-09-22 12:59:16 ----D---- C:\Windows\LiveKernelReports
2009-09-20 14:56:27 ----D---- C:\Windows\twain_32
2009-09-20 11:44:30 ----D---- C:\Windows\Microsoft.NET
2009-09-20 11:44:24 ----RSD---- C:\Windows\assembly
2009-09-18 20:00:35 ----D---- C:\Windows\Logs
2009-09-17 11:04:10 ----SD---- C:\ProgramData\Microsoft
2009-09-16 14:51:10 ----D---- C:\Program Files\Common Files\Adobe
2009-09-16 13:38:09 ----D---- C:\Program Files\Internet Explorer
2009-09-16 12:36:04 ----D---- C:\Windows\system32\migration
2009-09-16 12:36:02 ----D---- C:\Windows\system32\en-US
2009-09-16 12:36:02 ----D---- C:\Windows\PolicyDefinitions
2009-09-16 12:36:02 ----D---- C:\Windows\AppPatch
2009-09-16 12:31:06 ----D---- C:\Program Files\PACKARD BELL
2009-09-16 12:31:03 ----HD---- C:\Program Files\InstallShield Installation Information
2009-09-16 12:24:46 ----D---- C:\ProgramData\Microsoft Help
2009-09-16 12:24:40 ----D---- C:\Program Files\Microsoft Office
2009-09-16 12:24:40 ----D---- C:\Program Files\Common Files\microsoft shared
2009-09-16 12:24:38 ----D---- C:\Program Files\Microsoft Works
2009-09-16 12:13:03 ----D---- C:\ProgramData\Norton
2009-09-16 12:07:23 ----D---- C:\Program Files\Windows Media Player
2009-09-16 12:07:02 ----D---- C:\Windows\system32\XPSViewer
2009-09-16 12:07:01 ----D---- C:\Windows\system32\wbem
2009-09-16 11:42:54 ----A---- C:\Windows\system32\MsiExec.exe.log
2009-09-16 11:42:02 ----D---- C:\Program Files\Common Files\Nero
2009-09-16 11:42:01 ----D---- C:\ProgramData\Nero
2009-09-16 11:32:48 ----D---- C:\Windows\system32\LogFiles
2009-09-16 11:28:34 ----D---- C:\Program Files\Windows Live
2009-09-16 11:28:12 ----D---- C:\Windows\SoftwareDistribution
2009-09-16 11:25:45 ----D---- C:\Program Files\Google
2009-09-16 11:23:09 ----SHD---- C:\$Recycle.Bin
2009-09-16 11:22:33 ----D---- C:\Windows\system32\OEM
2009-09-16 11:20:04 ----HD---- C:\ACER
2009-09-16 11:18:12 ----RD---- C:\Users
2009-09-16 11:17:55 ----D---- C:\Program Files\Windows NT
2009-09-16 11:17:54 ----D---- C:\Windows\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [2009-02-13 11608]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2009-09-16 28520]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2009-09-16 73312]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2009-09-16 55656]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-18 12672]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio32.sys [2008-11-03 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-05-19 1166848]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-10-28 2476544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-24 2327968]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-09-21 112128]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-09-03 223232]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2008-01-30 14848]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-02-06 205232]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S1 SRTSP;SRTSP; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS []
S1 SRTSPX;SRTSPX; \??\C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS []
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS []
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-09-16 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-09-16 185089]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe [2009-04-15 703008]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2009-03-10 44800]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-09-21 545568]
S2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 []
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2009-09-16 288112]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-16 655624]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-03-17 30192]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.06 2009-10-11 11:11:05

======Uninstall list======

-->MsiExec /X{1C4551A6-4743-4093-91E4-1477CD655043}
Adobe Acrobat 9 Pro - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7760-000000000004}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS4-->MsiExec.exe /I{B9F4561A-924D-4510-A85A-BB0960C338CB}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Creative Suite 4 Design Premium-->C:\Program Files\Common Files\Adobe\Installers\55230b0b70661df0f212e88f0b655f7\Setup.exe --uninstall=1
Adobe Creative Suite 4 Design Premium-->MsiExec.exe /I{A2881E09-38DB-4F79-9135-00FDA01768A7}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS4-->MsiExec.exe /I{30C8AA56-4088-426F-91D1-0EDFD3A25678}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe Dynamiclink Support-->MsiExec.exe /I{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Fireworks CS4-->MsiExec.exe /I{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}
Adobe Flash CS4 Extension - Flash Lite STI fr-->MsiExec.exe /I{BD423B54-8668-44B6-8610-D24514445E88}
Adobe Flash CS4 STI-fr-->MsiExec.exe /I{48F9998C-3BA0-42D3-82E6-5882441EB8CE}
Adobe Flash CS4-->MsiExec.exe /I{F6E99614-F042-4459-82B7-8B38B2601356}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 ActiveX-->MsiExec.exe /X{3A6829EF-0791-4FDD-9382-C690DD0821B9}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Illustrator CS4-->MsiExec.exe /I{87532CAB-7932-4F84-8937-823337622807}
Adobe InDesign CS4 Application Feature Set Files (Roman)-->MsiExec.exe /I{2BAF2B96-7560-48B4-87D4-10178DDBE217}
Adobe InDesign CS4 Common Base Files-->MsiExec.exe /I{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}
Adobe InDesign CS4 Icon Handler-->MsiExec.exe /I{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}
Adobe InDesign CS4-->MsiExec.exe /I{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Encoder CS4 Importer-->MsiExec.exe /I{8186FF34-D389-4B7E-9A2F-C197585BCFBD}
Adobe Media Encoder CS4-->MsiExec.exe /I{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Reader 9.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A91000000001}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{A128921B-D03F-4BFB-8141-C365AA48D660}
Adobe SGM CS4-->MsiExec.exe /I{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}
Adobe SING CS4-->MsiExec.exe /I{4A52555C-032A-4083-BDD9-6A85ABFB39A8}
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS4 Server-->MsiExec.exe /I{1B7C06E1-4888-47A6-992A-0990B9683486}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Audacity 1.3.8 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Blender (remove only)-->"C:\Program Files\Blender Foundation\Blender\uninstall.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
CoupeFichier 1.1-->"C:\Program Files\CoupeFichier\uninstall.exe"
CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
CyberLink PowerDVD 8-->"C:\Program Files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\setup.exe" /z-uninstall
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
FileZilla Client 3.2.7.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe
Free RM to MP3 Converter 1.12-->"C:\Program Files\Free RM to MP3 Converter\unins000.exe"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Grisbi 0.5.9-->C:\Program Files\Grisbi\uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Identity Card-->C:\Program Files\Packard Bell\Identity Card\Uninstall.exe
IETester v0.2.2 (remove only)-->"C:\Program Files\Core Services\IETester\uninstall.exe"
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{3CCB732A-E472-4CF9-B1EE-F18365341FE0}
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI
Logiciel d'archivage WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Works-->MsiExec.exe /I{0214A441-A4AB-43A8-8DEF-2F73C5364673}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Mozilla Firefox (3.5.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NVIDIA PhysX-->MsiExec.exe /X{1C4551A6-4743-4093-91E4-1477CD655043}
OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Packard Bell Customer Registration-->C:\Program Files\Packard Bell\Packard Bell Customer Registration\Uninstall.exe
Packard Bell MyBackup-->C:\Program Files\InstallShield Installation Information\{72B776E5-4530-4C4B-9453-751DF87D9D93}\setup.exe -runfromtemp -l0x040c
Packard Bell PowerSave Solution-->"C:\Program Files\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x040c -removeonly
PackardBell ScreenSaver-->C:\Windows\Screensavers\PackardBell\Uninstall.exe
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Pixel Bender Toolkit-->MsiExec.exe /I{43509E18-076E-40FE-AF38-CA5ED400A5A9}
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
Real Alternative 1.9.0 Lite-->"C:\Program Files\Real Alternative\unins000.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -removeonly
Realtek USB 2.0 Card Reader-->C:\Program Files\InstallShield Installation Information\{DC24971E-1946-445D-8A82-CE685433FA7D}\setup.exe -runfromtemp -l0x040c -removeonly
Safari-->MsiExec.exe /I{E56D39F8-2A9F-44B4-B068-A72E45A073E6}
SetUpMyPC-->C:\Program Files\Packard Bell\SetUpMyPC\Uninstall.exe
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SUPER © Version 2009.bld.36 (June 10, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Updator-->C:\Program Files\Packard Bell\Updator\Uninstall.exe
Video Web Camera-->C:\Program Files\InstallShield Installation Information\{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}\setup.exe -runfromtemp -l0x040c -removeonly
VLC media player 1.0.1-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{01523985-2098-43AF-9C97-12B07BE02A9B}
Windows Live Communications Platform-->MsiExec.exe /I{F69E83CF-B440-43F8-89E6-6EA80712109B}
Windows Live Messenger-->MsiExec.exe /X{059C042E-796A-4ACC-A81A-ECC2010BB78C}
Windows Live Sync-->MsiExec.exe /X{67D0313C-4F15-437D-9A2D-C1564088A26A}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Xvid 1.2.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Portable-Sam
Event Code: 15016
Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur.
Record Number: 32224
Source Name: Microsoft-Windows-HttpEvent
Time Written: 20091011090225.425666-000
Event Type: Erreur
User:

Computer Name: Portable-Sam
Event Code: 7009
Message: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service HsfXAudioService.
Record Number: 32272
Source Name: Service Control Manager
Time Written: 20091011090256.000000-000
Event Type: Erreur
User:

Computer Name: Portable-Sam
Event Code: 7000
Message: Le service HsfXAudioService n'a pas pu démarrer en raison de l'erreur :
Le service n'a pas répondu assez vite à la demande de lancement ou de contrôle.
Record Number: 32273
Source Name: Service Control Manager
Time Written: 20091011090256.000000-000
Event Type: Erreur
User:

Computer Name: Portable-Sam
Event Code: 7000
Message: Le service Norton Internet Security n'a pas pu démarrer en raison de l'erreur :
Le chemin d'accès spécifié est introuvable.
Record Number: 32274
Source Name: Service Control Manager
Time Written: 20091011090256.000000-000
Event Type: Erreur
User:

Computer Name: Portable-Sam
Event Code: 7026
Message: Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se charger :
SRTSP
SRTSPX
Record Number: 32294
Source Name: Service Control Manager
Time Written: 20091011090256.000000-000
Event Type: Erreur
User:

=====Application event log=====

Computer Name: Portable-Sam
Event Code: 33
Message: La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksdb.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.
Record Number: 6167
Source Name: SideBySide
Time Written: 20091011090325.000000-000
Event Type: Erreur
User:

Computer Name: Portable-Sam
Event Code: 33
Message: La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksCal.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.
Record Number: 6168
Source Name: SideBySide
Time Written: 20091011090326.000000-000
Event Type: Erreur
User:

Computer Name: Portable-Sam
Event Code: 33
Message: La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\wksss.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.
Record Number: 6169
Source Name: SideBySide
Time Written: 20091011090326.000000-000
Event Type: Erreur
User:

Computer Name: Portable-Sam
Event Code: 33
Message: La création du contexte d’activation a échoué pour « C:\Windows\Installer\{0214A441-A4AB-43A8-8DEF-2F73C5364673}\WksWP.exe ». Assembly dépendant msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" introuvable. Utilisez sxstrace.exe pour un diagnostic détaillé.
Record Number: 6170
Source Name: SideBySide
Time Written: 20091011090326.000000-000
Event Type: Erreur
User:

Computer Name: Portable-Sam
Event Code: 1000
Message: Application défaillante plfseti.exe, version 0.0.0.0, horodatage 0x4acbfdc2, module défaillant msvcrt.dll, version 7.0.6001.18000, horodatage 0x4791a727, code d’exception 0xc0000005, décalage d’erreur 0x0000f3e7, ID du processus 0xb94, heure de début de l’application 0x01ca4a51a025d499.
Record Number: 6174
Source Name: Application Error
Time Written: 20091011090346.000000-000
Event Type: Erreur
User:

=====Security event log=====

Computer Name: Portable-Sam
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 6170
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091011091102.338666-000
Event Type: Échec de l'audit
User:

Computer Name: Portable-Sam
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 6171
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091011091102.386666-000
Event Type: Échec de l'audit
User:

Computer Name: Portable-Sam
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.

Nom du fichier : \Device\Har

32 réponses

  • 1
  • 2
Réponse 1 / 32
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
Salut,
En effet le mal est fait ( quel jeu de mot ) mais tout problème a sa solution ;)

-+-+-+-> Lop S&D <-+-+-+-

[x] Télécharge Lop S&D (par Eric_71 & Angeldark) à cette adresse : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

[x] /!\ Désactive les protections résidentes : Antivirus, antispywares, controleurs d'intégrité, etc... pour que l'outil puisse s'exécuter correctement.

[x] Double clique sur " LopSD.exe " ( Vista : Clique droit -> Executer en tant qu'administrateur )

[x] Choisis l'option F pour français

[x] Ensuite, Choisis l'option 1 ( Recherche )

[x] Laisse l'outil travailler

[x] Copie/Colle le contenu du rapport qui s'ouvrira et poste le dans ton prochain message.
0
Réponse 2 / 32
mandonnaud Messages postés 89 Statut Membre 1
 
Voilou :)

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Pentium(R) Dual-Core CPU T4200 @ 2.00GHz )
BIOS : InsydeH2O Version V1.05
USER : Samuel ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:219 Go (Free:115 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 11/10/2009|11:25 )

[ UAC => 1 ]

--------------------\\ Listing des dossiers dans Local

[16/09/2009|11:23] C:\Users\Samuel\AppData\Local\Acer ePower Management V4
[24/09/2009|11:10] C:\Users\Samuel\AppData\Local\Adobe
[16/09/2009|13:37] C:\Users\Samuel\AppData\Local\Apple
[11/10/2009|11:00] C:\Users\Samuel\AppData\Local\Apple Computer
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Application Data
[10/10/2009|11:28] C:\Users\Samuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[10/10/2009|11:05] C:\Users\Samuel\AppData\Local\GDIPFONTCACHEV1.DAT
[17/09/2009|13:03] C:\Users\Samuel\AppData\Local\Google
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Historique
[09/10/2009|21:46] C:\Users\Samuel\AppData\Local\IconCache.db
[16/09/2009|12:27] C:\Users\Samuel\AppData\Local\Microsoft
[16/09/2009|11:35] C:\Users\Samuel\AppData\Local\Mozilla
[16/09/2009|11:32] C:\Users\Samuel\AppData\Local\Packard Bell
[08/10/2009|17:36] C:\Users\Samuel\AppData\Local\Real
[11/10/2009|11:22] C:\Users\Samuel\AppData\Local\Temp
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Temporary Internet Files
[16/09/2009|12:29] C:\Users\Samuel\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[08/10/2009 21:50][--a------] C:\Windows\tasks\At24.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At23.job
[09/10/2009 20:59][--a------] C:\Windows\tasks\At22.job
[09/10/2009 19:59][--a------] C:\Windows\tasks\At21.job
[09/10/2009 18:59][--a------] C:\Windows\tasks\At20.job
[09/10/2009 17:59][--a------] C:\Windows\tasks\At19.job
[09/10/2009 16:59][--a------] C:\Windows\tasks\At18.job
[10/10/2009 15:59][--a------] C:\Windows\tasks\At17.job
[10/10/2009 14:59][--a------] C:\Windows\tasks\At16.job
[10/10/2009 13:59][--a------] C:\Windows\tasks\At15.job
[10/10/2009 13:00][--a------] C:\Windows\tasks\At14.job
[10/10/2009 11:59][--a------] C:\Windows\tasks\At13.job
[11/10/2009 11:00][--a------] C:\Windows\tasks\At12.job
[09/10/2009 09:59][--a------] C:\Windows\tasks\At11.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At10.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At9.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At8.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At7.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At6.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At5.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At4.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At3.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At2.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At1.job
[11/10/2009 11:07][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2474932794-2890477309-324203790-1000UA.job
[10/10/2009 13:07][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2474932794-2890477309-324203790-1000Core.job
[11/10/2009 11:02][--ah-----] C:\Windows\tasks\SA.DAT
[09/10/2009 21:46][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[16/09/2009|14:06] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[09/10/2009|09:14] C:\ProgramData\Adobe
[16/09/2009|13:27] C:\ProgramData\ALM
[18/09/2009|12:11] C:\ProgramData\Apple
[16/09/2009|14:06] C:\ProgramData\Apple Computer
[02/11/2006|14:59] C:\ProgramData\Application Data
[16/09/2009|15:22] C:\ProgramData\Avira
[16/09/2009|11:17] C:\ProgramData\Bureau
[02/11/2006|14:59] C:\ProgramData\Desktop
[02/11/2006|14:59] C:\ProgramData\Documents
[17/09/2009|14:16] C:\ProgramData\ezsidmv.dat
[16/09/2009|11:17] C:\ProgramData\Favoris
[02/11/2006|14:59] C:\ProgramData\Favorites
[16/09/2009|15:08] C:\ProgramData\FLEXnet
[16/09/2009|11:25] C:\ProgramData\Google
[16/09/2009|11:17] C:\ProgramData\Menu D‚marrer
[17/09/2009|11:04] C:\ProgramData\Microsoft
[16/09/2009|12:24] C:\ProgramData\Microsoft Help
[16/09/2009|11:17] C:\ProgramData\ModŠles
[16/09/2009|11:42] C:\ProgramData\Nero
[16/09/2009|12:13] C:\ProgramData\Norton
[17/03/2009|21:09] C:\ProgramData\NortonInstaller
[08/10/2009|16:59] C:\ProgramData\Real
[17/09/2009|14:11] C:\ProgramData\Skype
[08/10/2009|18:51] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|14:59] C:\ProgramData\Start Menu
[08/10/2009|17:49] C:\ProgramData\Temp
[02/11/2006|14:59] C:\ProgramData\Templates

--------------------\\ Listing des dossiers dans C:\Program Files

[08/10/2009|17:40] C:\Program Files\Adobe
[11/07/2009|05:31] C:\Program Files\AGEIA Technologies
[16/09/2009|13:37] C:\Program Files\Apple Software Update
[21/09/2009|21:21] C:\Program Files\Audacity 1.3 Beta (Unicode)
[16/09/2009|15:22] C:\Program Files\Avira
[21/09/2009|16:25] C:\Program Files\AviSynth 2.5
[01/10/2009|11:16] C:\Program Files\Blender Foundation
[16/09/2009|13:38] C:\Program Files\Bonjour
[08/10/2009|16:59] C:\Program Files\Common Files
[17/03/2009|20:36] C:\Program Files\CONEXANT
[05/10/2009|17:25] C:\Program Files\Core Services
[21/09/2009|11:02] C:\Program Files\CoupeFichier
[11/07/2009|05:30] C:\Program Files\CyberLink
[20/09/2009|14:56] C:\Program Files\epson
[21/09/2009|16:25] C:\Program Files\eRightSoft
[16/09/2009|11:17] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[16/09/2009|12:35] C:\Program Files\FileZilla FTP Client
[17/09/2009|17:58] C:\Program Files\FlashGet
[08/10/2009|17:51] C:\Program Files\Free RM to MP3 Converter
[16/09/2009|11:25] C:\Program Files\Google
[09/10/2009|12:24] C:\Program Files\Grisbi
[16/09/2009|12:31] C:\Program Files\InstallShield Installation Information
[17/03/2009|20:29] C:\Program Files\Intel
[16/09/2009|13:38] C:\Program Files\Internet Explorer
[03/10/2009|13:12] C:\Program Files\iPod
[03/10/2009|13:14] C:\Program Files\iTunes
[17/09/2009|17:14] C:\Program Files\Java
[17/09/2009|17:16] C:\Program Files\JRE
[08/10/2009|17:40] C:\Program Files\Launch Manager
[17/03/2009|21:01] C:\Program Files\Microsoft
[02/11/2006|14:35] C:\Program Files\Microsoft Games
[16/09/2009|12:24] C:\Program Files\Microsoft Office
[16/09/2009|12:24] C:\Program Files\Microsoft Works
[21/01/2008|04:47] C:\Program Files\Movie Maker
[24/09/2009|20:07] C:\Program Files\Mozilla Firefox
[02/11/2006|14:35] C:\Program Files\MSBuild
[17/03/2009|20:04] C:\Program Files\MSXML 4.0
[17/03/2009|20:55] C:\Program Files\NewTech Infosystems
[17/09/2009|17:16] C:\Program Files\OpenOffice.org 3
[16/09/2009|12:31] C:\Program Files\PACKARD BELL
[16/09/2009|13:38] C:\Program Files\QuickTime
[08/10/2009|16:59] C:\Program Files\Real
[08/10/2009|17:36] C:\Program Files\Real Alternative
[11/07/2009|05:09] C:\Program Files\Realtek
[02/11/2006|14:35] C:\Program Files\Reference Assemblies
[08/10/2009|17:35] C:\Program Files\RM to MP3 Converter
[24/09/2009|17:09] C:\Program Files\Safari
[17/09/2009|14:11] C:\Program Files\Skype
[08/10/2009|18:34] C:\Program Files\Spybot - Search & Destroy
[11/07/2009|05:26] C:\Program Files\Synaptics
[11/07/2009|05:10] C:\Program Files\Temp
[11/10/2009|11:11] C:\Program Files\trend micro
[02/11/2006|14:58] C:\Program Files\Uninstall Information
[16/09/2009|18:55] C:\Program Files\VideoLAN
[11/07/2009|05:24] C:\Program Files\VideoWebCamera
[21/01/2008|04:47] C:\Program Files\Windows Calendar
[21/01/2008|04:47] C:\Program Files\Windows Collaboration
[21/01/2008|04:47] C:\Program Files\Windows Defender
[16/09/2009|11:28] C:\Program Files\Windows Live
[17/03/2009|21:00] C:\Program Files\Windows Live SkyDrive
[17/03/2009|19:16] C:\Program Files\Windows Mail
[16/09/2009|12:07] C:\Program Files\Windows Media Player
[16/09/2009|11:17] C:\Program Files\Windows NT
[21/01/2008|04:47] C:\Program Files\Windows Photo Gallery
[21/01/2008|04:47] C:\Program Files\Windows Sidebar
[16/09/2009|18:54] C:\Program Files\WinRAR
[21/09/2009|16:24] C:\Program Files\Xvid

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[16/09/2009|14:51] C:\Program Files\Common Files\Adobe
[16/09/2009|12:55] C:\Program Files\Common Files\Adobe AIR
[03/10/2009|13:12] C:\Program Files\Common Files\Apple
[11/07/2009|05:30] C:\Program Files\Common Files\CyberLink
[11/07/2009|05:09] C:\Program Files\Common Files\InstallShield
[17/03/2009|20:52] C:\Program Files\Common Files\Macrovision Shared
[16/09/2009|12:24] C:\Program Files\Common Files\microsoft shared
[16/09/2009|11:42] C:\Program Files\Common Files\Nero
[08/10/2009|16:59] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[17/09/2009|14:11] C:\Program Files\Common Files\Skype
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[21/01/2008|04:47] C:\Program Files\Common Files\System
[17/03/2009|20:59] C:\Program Files\Common Files\Windows Live
[11/07/2009|05:31] C:\Program Files\Common Files\Wise Installation Wizard
[08/10/2009|16:59] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 59 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\Users\Samuel\AppData\Local\Temp\nsrbgxod.bak

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-11 11:26:14
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job

[F:25337][D:1680]-> C:\Users\Samuel\AppData\Local\Temp
[F:51][D:1]-> C:\Users\Samuel\AppData\Roaming\MICROS~1\Windows\Cookies
[F:601][D:4]-> C:\Users\Samuel\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:19][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 11/10/2009|11:30 - Option : [1]

--------------------\\ Fin du rapport a 11:30:03
[ UAC => 1 ]
0
Réponse 3 / 32
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
-+-+-+-> Lop S&D ( Suppression ) <-+-+-+-

[x] Relance Lop S&D mais choisis cette fois l'option n°2

[x] Laisse le scan s'opérer, puis copie/colle le rapport qui s'ouvrira dans ton prochain message.

-+-+-+-> Malwarebyte's Anti-Malware <-+-+-+-

[x] Télécharge Malwarebyte's anti-malware (MBAM) à cette adresse : http://www.malwarebytes.org/mbam/program/mbam-setup.exe

[x] Installe le.

[x] Met le à jour.

[x] Coche bien tout les éléments trouvés et supprime les !

[x] Un tutoriel pour son utilisation est disponible ici : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

[x] Suis les indications données sur le lien précédent puis copie/colle le rapport généré dans ton prochain message
0
Réponse 4 / 32
mandonnaud Messages postés 89 Statut Membre 1
 
ça avance, déjà le démarrage de l'ordinateur se fais sans aucune fenetre d'erreure !

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Pentium(R) Dual-Core CPU T4200 @ 2.00GHz )
BIOS : InsydeH2O Version V1.05
USER : Samuel ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:219 Go (Free:115 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 11/10/2009|11:33 )

[ UAC => 1 ]

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\Users\Samuel\AppData\Local\Temp\nsrbgxod.bak
-
[ Fichier Hosts ] .. Restaure!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

--------------------\\ Listing des dossiers dans Local

[16/09/2009|11:23] C:\Users\Samuel\AppData\Local\Acer ePower Management V4
[24/09/2009|11:10] C:\Users\Samuel\AppData\Local\Adobe
[16/09/2009|13:37] C:\Users\Samuel\AppData\Local\Apple
[11/10/2009|11:00] C:\Users\Samuel\AppData\Local\Apple Computer
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Application Data
[10/10/2009|11:28] C:\Users\Samuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[10/10/2009|11:05] C:\Users\Samuel\AppData\Local\GDIPFONTCACHEV1.DAT
[17/09/2009|13:03] C:\Users\Samuel\AppData\Local\Google
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Historique
[09/10/2009|21:46] C:\Users\Samuel\AppData\Local\IconCache.db
[16/09/2009|12:27] C:\Users\Samuel\AppData\Local\Microsoft
[16/09/2009|11:35] C:\Users\Samuel\AppData\Local\Mozilla
[16/09/2009|11:32] C:\Users\Samuel\AppData\Local\Packard Bell
[08/10/2009|17:36] C:\Users\Samuel\AppData\Local\Real
[11/10/2009|11:33] C:\Users\Samuel\AppData\Local\Temp
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Temporary Internet Files
[16/09/2009|12:29] C:\Users\Samuel\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[08/10/2009 21:50][--a------] C:\Windows\tasks\At24.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At23.job
[09/10/2009 20:59][--a------] C:\Windows\tasks\At22.job
[09/10/2009 19:59][--a------] C:\Windows\tasks\At21.job
[09/10/2009 18:59][--a------] C:\Windows\tasks\At20.job
[09/10/2009 17:59][--a------] C:\Windows\tasks\At19.job
[09/10/2009 16:59][--a------] C:\Windows\tasks\At18.job
[10/10/2009 15:59][--a------] C:\Windows\tasks\At17.job
[10/10/2009 14:59][--a------] C:\Windows\tasks\At16.job
[10/10/2009 13:59][--a------] C:\Windows\tasks\At15.job
[10/10/2009 13:00][--a------] C:\Windows\tasks\At14.job
[10/10/2009 11:59][--a------] C:\Windows\tasks\At13.job
[11/10/2009 11:00][--a------] C:\Windows\tasks\At12.job
[09/10/2009 09:59][--a------] C:\Windows\tasks\At11.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At10.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At9.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At8.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At7.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At6.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At5.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At4.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At3.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At2.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At1.job
[11/10/2009 11:07][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2474932794-2890477309-324203790-1000UA.job
[10/10/2009 13:07][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2474932794-2890477309-324203790-1000Core.job
[11/10/2009 11:02][--ah-----] C:\Windows\tasks\SA.DAT
[09/10/2009 21:46][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[16/09/2009|14:06] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[09/10/2009|09:14] C:\ProgramData\Adobe
[16/09/2009|13:27] C:\ProgramData\ALM
[18/09/2009|12:11] C:\ProgramData\Apple
[16/09/2009|14:06] C:\ProgramData\Apple Computer
[02/11/2006|14:59] C:\ProgramData\Application Data
[16/09/2009|15:22] C:\ProgramData\Avira
[16/09/2009|11:17] C:\ProgramData\Bureau
[02/11/2006|14:59] C:\ProgramData\Desktop
[02/11/2006|14:59] C:\ProgramData\Documents
[17/09/2009|14:16] C:\ProgramData\ezsidmv.dat
[16/09/2009|11:17] C:\ProgramData\Favoris
[02/11/2006|14:59] C:\ProgramData\Favorites
[16/09/2009|15:08] C:\ProgramData\FLEXnet
[16/09/2009|11:25] C:\ProgramData\Google
[16/09/2009|11:17] C:\ProgramData\Menu D‚marrer
[17/09/2009|11:04] C:\ProgramData\Microsoft
[16/09/2009|12:24] C:\ProgramData\Microsoft Help
[16/09/2009|11:17] C:\ProgramData\ModŠles
[16/09/2009|11:42] C:\ProgramData\Nero
[16/09/2009|12:13] C:\ProgramData\Norton
[17/03/2009|21:09] C:\ProgramData\NortonInstaller
[08/10/2009|16:59] C:\ProgramData\Real
[17/09/2009|14:11] C:\ProgramData\Skype
[08/10/2009|18:51] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|14:59] C:\ProgramData\Start Menu
[08/10/2009|17:49] C:\ProgramData\Temp
[02/11/2006|14:59] C:\ProgramData\Templates

--------------------\\ Listing des dossiers dans C:\Program Files

[08/10/2009|17:40] C:\Program Files\Adobe
[11/07/2009|05:31] C:\Program Files\AGEIA Technologies
[16/09/2009|13:37] C:\Program Files\Apple Software Update
[21/09/2009|21:21] C:\Program Files\Audacity 1.3 Beta (Unicode)
[16/09/2009|15:22] C:\Program Files\Avira
[21/09/2009|16:25] C:\Program Files\AviSynth 2.5
[01/10/2009|11:16] C:\Program Files\Blender Foundation
[16/09/2009|13:38] C:\Program Files\Bonjour
[08/10/2009|16:59] C:\Program Files\Common Files
[17/03/2009|20:36] C:\Program Files\CONEXANT
[05/10/2009|17:25] C:\Program Files\Core Services
[21/09/2009|11:02] C:\Program Files\CoupeFichier
[11/07/2009|05:30] C:\Program Files\CyberLink
[20/09/2009|14:56] C:\Program Files\epson
[21/09/2009|16:25] C:\Program Files\eRightSoft
[16/09/2009|11:17] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[16/09/2009|12:35] C:\Program Files\FileZilla FTP Client
[17/09/2009|17:58] C:\Program Files\FlashGet
[08/10/2009|17:51] C:\Program Files\Free RM to MP3 Converter
[16/09/2009|11:25] C:\Program Files\Google
[09/10/2009|12:24] C:\Program Files\Grisbi
[16/09/2009|12:31] C:\Program Files\InstallShield Installation Information
[17/03/2009|20:29] C:\Program Files\Intel
[16/09/2009|13:38] C:\Program Files\Internet Explorer
[03/10/2009|13:12] C:\Program Files\iPod
[03/10/2009|13:14] C:\Program Files\iTunes
[17/09/2009|17:14] C:\Program Files\Java
[17/09/2009|17:16] C:\Program Files\JRE
[08/10/2009|17:40] C:\Program Files\Launch Manager
[17/03/2009|21:01] C:\Program Files\Microsoft
[02/11/2006|14:35] C:\Program Files\Microsoft Games
[16/09/2009|12:24] C:\Program Files\Microsoft Office
[16/09/2009|12:24] C:\Program Files\Microsoft Works
[21/01/2008|04:47] C:\Program Files\Movie Maker
[24/09/2009|20:07] C:\Program Files\Mozilla Firefox
[02/11/2006|14:35] C:\Program Files\MSBuild
[17/03/2009|20:04] C:\Program Files\MSXML 4.0
[17/03/2009|20:55] C:\Program Files\NewTech Infosystems
[17/09/2009|17:16] C:\Program Files\OpenOffice.org 3
[16/09/2009|12:31] C:\Program Files\PACKARD BELL
[16/09/2009|13:38] C:\Program Files\QuickTime
[08/10/2009|16:59] C:\Program Files\Real
[08/10/2009|17:36] C:\Program Files\Real Alternative
[11/07/2009|05:09] C:\Program Files\Realtek
[02/11/2006|14:35] C:\Program Files\Reference Assemblies
[08/10/2009|17:35] C:\Program Files\RM to MP3 Converter
[24/09/2009|17:09] C:\Program Files\Safari
[17/09/2009|14:11] C:\Program Files\Skype
[08/10/2009|18:34] C:\Program Files\Spybot - Search & Destroy
[11/07/2009|05:26] C:\Program Files\Synaptics
[11/07/2009|05:10] C:\Program Files\Temp
[11/10/2009|11:11] C:\Program Files\trend micro
[02/11/2006|14:58] C:\Program Files\Uninstall Information
[16/09/2009|18:55] C:\Program Files\VideoLAN
[11/07/2009|05:24] C:\Program Files\VideoWebCamera
[21/01/2008|04:47] C:\Program Files\Windows Calendar
[21/01/2008|04:47] C:\Program Files\Windows Collaboration
[21/01/2008|04:47] C:\Program Files\Windows Defender
[16/09/2009|11:28] C:\Program Files\Windows Live
[17/03/2009|21:00] C:\Program Files\Windows Live SkyDrive
[17/03/2009|19:16] C:\Program Files\Windows Mail
[16/09/2009|12:07] C:\Program Files\Windows Media Player
[16/09/2009|11:17] C:\Program Files\Windows NT
[21/01/2008|04:47] C:\Program Files\Windows Photo Gallery
[21/01/2008|04:47] C:\Program Files\Windows Sidebar
[16/09/2009|18:54] C:\Program Files\WinRAR
[21/09/2009|16:24] C:\Program Files\Xvid

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[16/09/2009|14:51] C:\Program Files\Common Files\Adobe
[16/09/2009|12:55] C:\Program Files\Common Files\Adobe AIR
[03/10/2009|13:12] C:\Program Files\Common Files\Apple
[11/07/2009|05:30] C:\Program Files\Common Files\CyberLink
[11/07/2009|05:09] C:\Program Files\Common Files\InstallShield
[17/03/2009|20:52] C:\Program Files\Common Files\Macrovision Shared
[16/09/2009|12:24] C:\Program Files\Common Files\microsoft shared
[16/09/2009|11:42] C:\Program Files\Common Files\Nero
[08/10/2009|16:59] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[17/09/2009|14:11] C:\Program Files\Common Files\Skype
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[21/01/2008|04:47] C:\Program Files\Common Files\System
[17/03/2009|20:59] C:\Program Files\Common Files\Windows Live
[11/07/2009|05:31] C:\Program Files\Common Files\Wise Installation Wizard
[08/10/2009|16:59] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 59 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-11 11:34:33
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job

[F:25336][D:1684]-> C:\Users\Samuel\AppData\Local\Temp
[F:51][D:1]-> C:\Users\Samuel\AppData\Roaming\MICROS~1\Windows\Cookies
[F:601][D:4]-> C:\Users\Samuel\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:19][D:3]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 11/10/2009|11:30 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 11/10/2009|11:37 - Option : [2]

--------------------\\ Fin du rapport a 11:37:59
[ UAC => 1 ]

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2941
Windows 6.0.6001 Service Pack 1

11/10/2009 15:35:52
mbam-log-2009-10-11 (15-35-52).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 537293
Temps écoulé: 1 hour(s), 58 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 15

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\igfxtray (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\persistence (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\acer epower management (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hotkeyscmds (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdvcpl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\plfseti (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syntpenh (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\igfxtray.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Program Files\Packard Bell\Packard Bell PowerSave Solution\ePowerTrayLauncher.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\hkcmd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Realtek\Audio\HDA\rthdvcpl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\plfseti.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Synaptics\SynTP\syntpenh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Launch Manager\lmanager.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\xcnh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\acrotray.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Samuel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YQH6VJL\herff[1].htm (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Users\Samuel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6YQH6VJL\daarfwjk[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Samuel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EDVFXLSC\daarfwjk[1].htm (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Samuel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I28CYVE5\vfsgth[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\igfxtray.exe89 (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Samuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 32
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
Ok, refais un log RSIT
0
Réponse 6 / 32
mandonnaud Messages postés 89 Statut Membre 1
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Samuel at 2009-10-11 18:04:52
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 120 GB (53%) free of 225 GB
Total RAM: 3001 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:05:20, on 11/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Samuel\Desktop\RSIT.exe
C:\Program Files\trend micro\Samuel.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
0
Réponse 7 / 32
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
-+-+-+-> USBfix <-+-+-+-

[x] Télécharge USBfix à cette adresse : https://www.androidworld.fr/

[x] Un tutoriel est disponible ici : https://www.malekal.com/usbfix-supprimer-virus-usb/

[x] Installe le

[x] Branche tout tes médias amovibles ( clés USB, DD externe )

[x] Lance USBfix en cliquant sur l'icône qui est sur ton bureau ( Clique droit -> Executer en tant qu'administrateur pour vista )

[x] Choisis l'option F ( pour français ) et valide en appuyant sur entrée.

[x] Au menu principal, choisi l'option 1

[x] Laisse l'outil travailler puis poste le rapport dans ton prochain message
0
Réponse 8 / 32
mandonnaud Messages postés 89 Statut Membre 1
 
J'ai du m'absenter, mais je continue y a pas de soucis ^^

############################## | UsbFix V6.040 |

User : Samuel (Administrateurs) # PORTABLE-SAM
Update on 10/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 23:02:21 | 11/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18813
Windows Firewall Status : Disabled

C:\ -> Disque fixe local # 219,88 Go (119,26 Go free) [OS] # NTFS
D:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

C:\tmp

################## | Registre # Clés Run infectieuses |

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{bb19b294-a6cc-11de-8f37-00235af076b1}
shell\AutoRun\command =2a.exe
shell\open\Command =2a.exe

HKCU\..\..\Explorer\MountPoints2\{f1dedfd6-a743-11de-af62-00235af076b1}
shell\AutoRun\command =E:\WDSetup.exe

################## | ! Fin du rapport # UsbFix V6.040 ! |
0
Réponse 9 / 32
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
-+-+-+-> USBfix - Nettoyage <-+-+-+-

[x] Relance USBfix mais cette fois ci choisis l'option 2

/!\ N'oublie pas de laisser tes médias amovibles branchés sur ton PC /!\

[x] Patiente pendant que l'outil travaille.

[x] Ton PC redémarrera, puis USBfix analysera tes médias amovibles.

[x] Poste le rapport situé sous C:\USBfix.txt
0
Réponse 10 / 32
mandonnaud Messages postés 89 Statut Membre 1
 
Voilou :

############################## | UsbFix V6.040 |

User : Samuel (Administrateurs) # PORTABLE-SAM
Update on 10/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 23:14:22 | 11/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html

Pentium(R) Dual-Core CPU T4200 @ 2.00GHz
Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18813
Windows Firewall Status : Disabled

C:\ -> Disque fixe local # 219,88 Go (118,96 Go free) [OS] # NTFS
D:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\tmp

################## | Registre # Clés Run infectieuses |

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{bb19b294-a6cc-11de-8f37-00235af076b1}\Shell\AutoRun\Command
Supprimé ! HKCU\...\Explorer\MountPoints2\{f1dedfd6-a743-11de-af62-00235af076b1}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[18/09/2006 23:43|--a------|24] C:\autoexec.bat
[21/01/2008 04:34|-rahs----|333203] C:\bootmgr
[18/03/2009 03:49|-ra-s----|8192] C:\BOOTSECT.BAK
[18/09/2006 23:43|--a------|10] C:\config.sys
[?|?|?] C:\hiberfil.sys
[11/10/2009 11:38|--a------|12131] C:\lopR.txt
[?|?|?] C:\pagefile.sys
[11/07/2009 05:10|--a------|2693] C:\RHDSetup.log
[11/10/2009 23:27|--a------|2816] C:\UsbFix.txt
[08/10/2009 17:41|--a------|9216] C:\whpcy.exe

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.
0
Réponse 11 / 32
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
Bien, refais maintenant un log d'RSIT
0
Réponse 12 / 32
mandonnaud Messages postés 89 Statut Membre 1
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by Samuel at 2009-10-11 23:33:25
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 124 GB (55%) free of 225 GB
Total RAM: 3001 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:38, on 11/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\explorer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\FileZilla FTP Client\filezilla.exe
C:\Users\Samuel\Desktop\RSIT.exe
C:\Program Files\trend micro\Samuel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
0
Réponse 13 / 32
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
-+-+-+-> OTMoveIt <-+-+-+-

[x] Télécharge OTMoveIt (de Old_Timer) à cette adresse : https://www.luanagames.com/index.fr.html sur ton Bureau.

[x] Double-clique sur OTMoveIt.exe.

[x] Assure toi que la case Unregister Dll's and Ocx's soit bien cochée.

[x] Copie le texte en gras ci dessous et colle le dans le cadre de gauche de OTMoveIt nommé Paste List of Files/Folders to be moved



:processes
explorer.exe

:files
C:\Windows\tasks\At*.job
C:\whpcy.exe

:commands
[emptytemp]
[purity]
[start explorer]



[x] Clique sur MoveIt! pour lancer la suppression.

[x] Si OTMoveIt propose de redémarrer ton PC, accepte.

[x] Lorsque un résultat apparaît dans le cadre Results, clique sur Exit.

[x] Dans ta future réponse, envoie le rapport de OTMoveIt situé sous C:\_OTMoveIt\MovedFiles
0
Réponse 14 / 32
mandonnaud Messages postés 89 Statut Membre 1
 
Le voici :

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File move failed. C:\Windows\tasks\At1.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At10.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At11.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At12.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At13.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At14.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At15.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At16.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At17.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At18.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At19.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At2.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At20.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At21.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At22.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At23.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At24.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At3.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At4.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At5.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At6.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At7.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At8.job scheduled to be moved on reboot.
File move failed. C:\Windows\tasks\At9.job scheduled to be moved on reboot.
File move failed. C:\whpcy.exe scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\Samuel\AppData\Local\Temp\etilqs_ePSerwuOP5VFvmfxbLMx scheduled to be deleted on reboot.
File delete failed. C:\Users\Samuel\AppData\Local\Temp\~DF4F81.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\pzkyj4nn.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\pzkyj4nn.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\pzkyj4nn.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\pzkyj4nn.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Samuel\AppData\Local\Mozilla\Firefox\Profiles\pzkyj4nn.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 10122009_085725
0
Réponse 15 / 32
mandonnaud Messages postés 89 Statut Membre 1
 
Information complémentaire, j'ai encore eu un ecran bleu de windows
De plus une alerte de anti vir : TR/Dldr.Small.kgn

... gloups :( ...
0
Réponse 16 / 32
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
Reposte un log RSIT stp
0
Réponse 17 / 32
mandonnaud Messages postés 89 Statut Membre 1
 
Oki voila :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Samuel at 2009-10-12 18:42:21
Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 1
System drive C: has 117 GB (52%) free of 225 GB
Total RAM: 3001 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:42:48, on 12/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\EasyPHP5.3.0\EasyPHP-5.3.0.exe
C:\PROGRA~1\EASYPH~1.0\Apache\bin\apache.exe
C:\PROGRA~1\EASYPH~1.0\MySql\bin\mysqld.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe
C:\PROGRA~1\EASYPH~1.0\Apache\bin\apache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\FileZilla FTP Client\filezilla.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Samuel\Desktop\RSIT.exe
C:\Program Files\trend micro\Samuel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=040c&s=2&o=vb32&d=0709&m=easynote_lj65
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real Alternative\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\PACKARD BELL\Packard Bell PowerSave Solution\ePowerSvc.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NTI IScheduleSvc - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
0
Réponse 18 / 32
Xplode Messages postés 9212 Statut Contributeur sécurité 726
 
-+-+-+-> Lop S&D <-+-+-+-

[x] Télécharge Lop S&D (par Eric_71 & Angeldark) à cette adresse : https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

[x] /!\ Désactive les protections résidentes : Antivirus, antispywares, controleurs d'intégrité, etc... pour que l'outil puisse s'exécuter correctement.

[x] Double clique sur " LopSD.exe " ( Vista : Clique droit -> Executer en tant qu'administrateur )

[x] Choisis l'option F pour français

[x] Ensuite, Choisis l'option 1 ( Recherche )

[x] Laisse l'outil travailler

[x] Copie/Colle le contenu du rapport qui s'ouvrira et poste le dans ton prochain message.

-+-+-+-> Malwarebyte's Anti-Malware <-+-+-+-

[x] Télécharge Malwarebyte's anti-malware (MBAM) à cette adresse : http://www.malwarebytes.org/mbam/program/mbam-setup.exe

[x] Installe le.

[x] Met le à jour.

[x] Lance un scan complet !

[x] Coche bien tout les éléments trouvés et supprime les !

[x] Un tutoriel pour son utilisation est disponible ici : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

[x] Suis les indications données sur le lien précédent puis copie/colle le rapport généré dans ton prochain message
0
Réponse 19 / 32
mandonnaud Messages postés 89 Statut Membre 1
 
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Basique ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Pentium(R) Dual-Core CPU T4200 @ 2.00GHz )
BIOS : InsydeH2O Version V1.05
USER : Samuel ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:219 Go (Free:114 Go)
D:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 12/10/2009|19:43 )

[ UAC => 0 ]

--------------------\\ Listing des dossiers dans Local

[16/09/2009|11:23] C:\Users\Samuel\AppData\Local\Acer ePower Management V4
[24/09/2009|11:10] C:\Users\Samuel\AppData\Local\Adobe
[16/09/2009|13:37] C:\Users\Samuel\AppData\Local\Apple
[11/10/2009|11:00] C:\Users\Samuel\AppData\Local\Apple Computer
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Application Data
[12/10/2009|19:37] C:\Users\Samuel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[10/10/2009|11:05] C:\Users\Samuel\AppData\Local\GDIPFONTCACHEV1.DAT
[17/09/2009|13:03] C:\Users\Samuel\AppData\Local\Google
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Historique
[12/10/2009|11:31] C:\Users\Samuel\AppData\Local\IconCache.db
[16/09/2009|12:27] C:\Users\Samuel\AppData\Local\Microsoft
[16/09/2009|11:35] C:\Users\Samuel\AppData\Local\Mozilla
[16/09/2009|11:32] C:\Users\Samuel\AppData\Local\Packard Bell
[08/10/2009|17:36] C:\Users\Samuel\AppData\Local\Real
[12/10/2009|19:43] C:\Users\Samuel\AppData\Local\Temp
[16/09/2009|11:18] C:\Users\Samuel\AppData\Local\Temporary Internet Files
[16/09/2009|12:29] C:\Users\Samuel\AppData\Local\VirtualStore

--------------------\\ Tâches planifiées dans C:\Windows\tasks

[08/10/2009 21:50][--a------] C:\Windows\tasks\At24.job
[11/10/2009 21:59][--a------] C:\Windows\tasks\At23.job
[11/10/2009 20:59][--a------] C:\Windows\tasks\At22.job
[11/10/2009 19:59][--a------] C:\Windows\tasks\At21.job
[12/10/2009 18:59][--a------] C:\Windows\tasks\At20.job
[12/10/2009 17:59][--a------] C:\Windows\tasks\At19.job
[12/10/2009 16:59][--a------] C:\Windows\tasks\At18.job
[12/10/2009 15:59][--a------] C:\Windows\tasks\At17.job
[12/10/2009 14:59][--a------] C:\Windows\tasks\At16.job
[12/10/2009 13:59][--a------] C:\Windows\tasks\At15.job
[12/10/2009 12:59][--a------] C:\Windows\tasks\At14.job
[12/10/2009 12:00][--a------] C:\Windows\tasks\At13.job
[12/10/2009 11:00][--a------] C:\Windows\tasks\At12.job
[12/10/2009 09:59][--a------] C:\Windows\tasks\At11.job
[12/10/2009 09:00][--a------] C:\Windows\tasks\At10.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At9.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At8.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At7.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At6.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At5.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At4.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At3.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At2.job
[08/10/2009 21:50][--a------] C:\Windows\tasks\At1.job
[12/10/2009 19:07][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2474932794-2890477309-324203790-1000UA.job
[12/10/2009 13:07][--a------] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2474932794-2890477309-324203790-1000Core.job
[12/10/2009 11:37][--ah-----] C:\Windows\tasks\SA.DAT
[12/10/2009 10:57][--a------] C:\Windows\tasks\SCHEDLGU.TXT

--------------------\\ Listing des dossiers dans C:\ProgramData

[16/09/2009|14:06] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[09/10/2009|09:14] C:\ProgramData\Adobe
[16/09/2009|13:27] C:\ProgramData\ALM
[18/09/2009|12:11] C:\ProgramData\Apple
[16/09/2009|14:06] C:\ProgramData\Apple Computer
[02/11/2006|14:59] C:\ProgramData\Application Data
[16/09/2009|15:22] C:\ProgramData\Avira
[16/09/2009|11:17] C:\ProgramData\Bureau
[02/11/2006|14:59] C:\ProgramData\Desktop
[02/11/2006|14:59] C:\ProgramData\Documents
[17/09/2009|14:16] C:\ProgramData\ezsidmv.dat
[16/09/2009|11:17] C:\ProgramData\Favoris
[02/11/2006|14:59] C:\ProgramData\Favorites
[16/09/2009|15:08] C:\ProgramData\FLEXnet
[16/09/2009|11:25] C:\ProgramData\Google
[11/10/2009|11:37] C:\ProgramData\Malwarebytes
[16/09/2009|11:17] C:\ProgramData\Menu D‚marrer
[17/09/2009|11:04] C:\ProgramData\Microsoft
[16/09/2009|12:24] C:\ProgramData\Microsoft Help
[16/09/2009|11:17] C:\ProgramData\ModŠles
[16/09/2009|11:42] C:\ProgramData\Nero
[16/09/2009|12:13] C:\ProgramData\Norton
[17/03/2009|21:09] C:\ProgramData\NortonInstaller
[08/10/2009|16:59] C:\ProgramData\Real
[17/09/2009|14:11] C:\ProgramData\Skype
[08/10/2009|18:51] C:\ProgramData\Spybot - Search & Destroy
[02/11/2006|14:59] C:\ProgramData\Start Menu
[08/10/2009|17:49] C:\ProgramData\Temp
[02/11/2006|14:59] C:\ProgramData\Templates
[11/10/2009|13:24] C:\ProgramData\WindowsSearch

--------------------\\ Listing des dossiers dans C:\Program Files

[12/10/2009|15:44] C:\Program Files\7-Zip
[11/10/2009|15:35] C:\Program Files\Adobe
[11/07/2009|05:31] C:\Program Files\AGEIA Technologies
[16/09/2009|13:37] C:\Program Files\Apple Software Update
[21/09/2009|21:21] C:\Program Files\Audacity 1.3 Beta (Unicode)
[16/09/2009|15:22] C:\Program Files\Avira
[21/09/2009|16:25] C:\Program Files\AviSynth 2.5
[01/10/2009|11:16] C:\Program Files\Blender Foundation
[16/09/2009|13:38] C:\Program Files\Bonjour
[08/10/2009|16:59] C:\Program Files\Common Files
[17/03/2009|20:36] C:\Program Files\CONEXANT
[05/10/2009|17:25] C:\Program Files\Core Services
[21/09/2009|11:02] C:\Program Files\CoupeFichier
[11/07/2009|05:30] C:\Program Files\CyberLink
[12/10/2009|11:42] C:\Program Files\EasyPHP5.3.0
[20/09/2009|14:56] C:\Program Files\epson
[21/09/2009|16:25] C:\Program Files\eRightSoft
[16/09/2009|11:17] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[16/09/2009|12:35] C:\Program Files\FileZilla FTP Client
[17/09/2009|17:58] C:\Program Files\FlashGet
[08/10/2009|17:51] C:\Program Files\Free RM to MP3 Converter
[16/09/2009|11:25] C:\Program Files\Google
[09/10/2009|12:24] C:\Program Files\Grisbi
[16/09/2009|12:31] C:\Program Files\InstallShield Installation Information
[17/03/2009|20:29] C:\Program Files\Intel
[16/09/2009|13:38] C:\Program Files\Internet Explorer
[03/10/2009|13:12] C:\Program Files\iPod
[03/10/2009|13:14] C:\Program Files\iTunes
[17/09/2009|17:14] C:\Program Files\Java
[17/09/2009|17:16] C:\Program Files\JRE
[11/10/2009|15:35] C:\Program Files\Launch Manager
[11/10/2009|11:38] C:\Program Files\Malwarebytes' Anti-Malware
[17/03/2009|21:01] C:\Program Files\Microsoft
[02/11/2006|14:35] C:\Program Files\Microsoft Games
[16/09/2009|12:24] C:\Program Files\Microsoft Office
[16/09/2009|12:24] C:\Program Files\Microsoft Works
[21/01/2008|04:47] C:\Program Files\Movie Maker
[12/10/2009|15:40] C:\Program Files\Mozilla Firefox
[02/11/2006|14:35] C:\Program Files\MSBuild
[17/03/2009|20:04] C:\Program Files\MSXML 4.0
[17/03/2009|20:55] C:\Program Files\NewTech Infosystems
[17/09/2009|17:16] C:\Program Files\OpenOffice.org 3
[16/09/2009|12:31] C:\Program Files\PACKARD BELL
[16/09/2009|13:38] C:\Program Files\QuickTime
[08/10/2009|16:59] C:\Program Files\Real
[08/10/2009|17:36] C:\Program Files\Real Alternative
[11/07/2009|05:09] C:\Program Files\Realtek
[02/11/2006|14:35] C:\Program Files\Reference Assemblies
[08/10/2009|17:35] C:\Program Files\RM to MP3 Converter
[24/09/2009|17:09] C:\Program Files\Safari
[17/09/2009|14:11] C:\Program Files\Skype
[08/10/2009|18:34] C:\Program Files\Spybot - Search & Destroy
[11/07/2009|05:26] C:\Program Files\Synaptics
[11/07/2009|05:10] C:\Program Files\Temp
[12/10/2009|18:42] C:\Program Files\trend micro
[02/11/2006|14:58] C:\Program Files\Uninstall Information
[16/09/2009|18:55] C:\Program Files\VideoLAN
[11/07/2009|05:24] C:\Program Files\VideoWebCamera
[21/01/2008|04:47] C:\Program Files\Windows Calendar
[21/01/2008|04:47] C:\Program Files\Windows Collaboration
[21/01/2008|04:47] C:\Program Files\Windows Defender
[16/09/2009|11:28] C:\Program Files\Windows Live
[17/03/2009|21:00] C:\Program Files\Windows Live SkyDrive
[17/03/2009|19:16] C:\Program Files\Windows Mail
[16/09/2009|12:07] C:\Program Files\Windows Media Player
[16/09/2009|11:17] C:\Program Files\Windows NT
[21/01/2008|04:47] C:\Program Files\Windows Photo Gallery
[21/01/2008|04:47] C:\Program Files\Windows Sidebar
[16/09/2009|18:54] C:\Program Files\WinRAR
[21/09/2009|16:24] C:\Program Files\Xvid

--------------------\\ Listing des dossiers dans C:\Program Files\Common Files

[16/09/2009|14:51] C:\Program Files\Common Files\Adobe
[16/09/2009|12:55] C:\Program Files\Common Files\Adobe AIR
[03/10/2009|13:12] C:\Program Files\Common Files\Apple
[11/07/2009|05:30] C:\Program Files\Common Files\CyberLink
[11/07/2009|05:09] C:\Program Files\Common Files\InstallShield
[17/03/2009|20:52] C:\Program Files\Common Files\Macrovision Shared
[16/09/2009|12:24] C:\Program Files\Common Files\microsoft shared
[16/09/2009|11:42] C:\Program Files\Common Files\Nero
[08/10/2009|16:59] C:\Program Files\Common Files\Real
[02/11/2006|13:18] C:\Program Files\Common Files\Services
[17/09/2009|14:11] C:\Program Files\Common Files\Skype
[02/11/2006|13:18] C:\Program Files\Common Files\SpeechEngines
[21/01/2008|04:47] C:\Program Files\Common Files\System
[17/03/2009|20:59] C:\Program Files\Common Files\Windows Live
[11/07/2009|05:31] C:\Program Files\Common Files\Wise Installation Wizard
[08/10/2009|16:59] C:\Program Files\Common Files\xing shared

--------------------\\ Process

( 58 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE

--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 19:44:53
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Recherche d'autres infections

C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At10.job
C:\Windows\Tasks\At11.job
C:\Windows\Tasks\At12.job
C:\Windows\Tasks\At13.job
C:\Windows\Tasks\At14.job
C:\Windows\Tasks\At15.job
C:\Windows\Tasks\At16.job
C:\Windows\Tasks\At17.job
C:\Windows\Tasks\At18.job
C:\Windows\Tasks\At19.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At20.job
C:\Windows\Tasks\At21.job
C:\Windows\Tasks\At22.job
C:\Windows\Tasks\At23.job
C:\Windows\Tasks\At24.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job
C:\Windows\Tasks\At5.job
C:\Windows\Tasks\At6.job
C:\Windows\Tasks\At7.job
C:\Windows\Tasks\At8.job
C:\Windows\Tasks\At9.job

[F:35][D:5]-> C:\Users\Samuel\AppData\Local\Temp
[F:50][D:1]-> C:\Users\Samuel\AppData\Roaming\MICROS~1\Windows\Cookies
[F:147][D:4]-> C:\Users\Samuel\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:9][D:1]-> C:\$Recycle.Bin

1 - "C:\Lop SD\LopR_1.txt" - 11/10/2009|11:30 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 11/10/2009|11:37 - Option : [2]
3 - "C:\Lop SD\LopR_3.txt" - 12/10/2009|19:49 - Option : [1]

--------------------\\ Fin du rapport a 19:49:39
[ UAC => 1 ]

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2941
Windows 6.0.6001 Service Pack 1

12/10/2009 21:37:13
mbam-log-2009-10-12 (21-37-13).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 512048
Temps écoulé: 1 hour(s), 39 minute(s), 41 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 20 / 32
Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
 
Bonsoir,

je m'immisce car il va bien falloir tuer ces tâches planifiées malwares et les fichiers qui vont avec.

¨Par contre, je viens de vérifier, ZHPFix ne tue pas le fichier lancé par la tâche.

Ouvre le Panneau de configuration, Tâches planifiées.

Fais un clic droit sur une des tâches ATxxxx.

Donne le nom du programme associé.
0
  • 1
  • 2

Discussions similaires

Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
Problème casque sennheiser 4200
barbie35 -
Beenaxa -

1 réponse
Signification "TR"
andromeid -
matrix4422 -

3 réponses