Antivirus plus et malewaresbyte
Fermé
jaw
-
24 janv. 2010 à 22:58
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 - 26 janv. 2010 à 16:38
moment de grace Messages postés 29042 Date d'inscription samedi 6 décembre 2008 Statut Contributeur sécurité Dernière intervention 18 juillet 2013 - 26 janv. 2010 à 16:38
A voir également:
- Antivirus plus et malewaresbyte
- Comodo antivirus - Télécharger - Sécurité
- Panda antivirus - Télécharger - Antivirus & Antimalwares
- Desactiver antivirus windows 10 - Guide
- Bitdefender antivirus gratuit - Télécharger - Antivirus & Antimalwares
- Antivirus norton gratuit - Télécharger - Antivirus & Antimalwares
4 réponses
ethernote
Messages postés
192
Date d'inscription
samedi 21 novembre 2009
Statut
Membre
Dernière intervention
30 juin 2010
16
24 janv. 2010 à 23:01
24 janv. 2010 à 23:01
Antivirus semble être une brave merde !
Désinstalle-le, tout simplement !
Et installe un autre AV plus performant (AVG)...
Bonne soirée,
ethernote
Désinstalle-le, tout simplement !
Et installe un autre AV plus performant (AVG)...
Bonne soirée,
ethernote
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 274
25 janv. 2010 à 04:01
25 janv. 2010 à 04:01
bonjour
• Télécharge Random's System Information Tool (RSIT) de Random/Random.
(outil de diagnostic)
http://images.malwareremoval.com/random/RSIT.exe
• Enregistre le sur ton Bureau.
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur "Continue" à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande)
et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp
Les rapports se trouvent à cet endroit:
C:\rsit\info.txt
C:\rsit\log.txt
• Télécharge Random's System Information Tool (RSIT) de Random/Random.
(outil de diagnostic)
http://images.malwareremoval.com/random/RSIT.exe
• Enregistre le sur ton Bureau.
• Double clique sur RSIT.exe pour lancer l'outil.
• Clique sur "Continue" à l'écran Disclaimer.
• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande)
et tu devras accepter la licence.
• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp
Les rapports se trouvent à cet endroit:
C:\rsit\info.txt
C:\rsit\log.txt
salut voici les 2 rapports:
le 1er : info.txt :
info.txt logfile of random's system information tool 1.06 2010-01-26 13:57:29
======Uninstall list======
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS.0\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS.0\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS.0\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS.0\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS.0\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
Adobe Acrobat 5.0-->C:\WINDOWS.0\ISUN040C.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS.0\system32\Macromed\Flash\uninstall_activeX.exe
Advertisement Service-->C:\WINDOWS.0\system32\net.net Uninstall
Any DWG to PDF Converter 2008-->"C:\UTILITAIRES\Any DWG to PDF Converter\unins000.exe"
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ASUS DH Remote-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34A0AF85-C323-4867-8AA3-00A3E5A7A12B}\Setup.exe" -l0x40c
ASUS GameFace Library-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{92B07938-0550-4937-9447-E0ECC04AB99D}
ASUS Gamer OSD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
ASUS GamerOSD AP-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{E96BE1AC-D50C-4EE5-808F-95F25364F78B}
ASUS VideoSecurity Online-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7A529246-912F-4C40-A82A-E608DB702FD7}
ASUS WiFi-AP Solo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B3F4499-32E6-470D-8586-E6C03420F889}\Setup.exe" -l0x9 REMOVE
AutoCAD LT 2005 - Français-->MsiExec.exe /I{5783F2D7-0309-040C-0002-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BlackBerry Desktop Software 4.7-->MsiExec.exe /I{9833D727-8FF5-40AE-A193-525747555FF1}
BlackBerry Desktop Software 4.7-->MsiExec.exe /i{9833D727-8FF5-40AE-A193-525747555FF1}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Optimizer Dcads-->C:\WINDOWS.0\system32\dcads-remove.exe
Canon iP1600-->C:\WINDOWS.0\system32\CNMCP75.exe "-PRINTERNAMECanon iP1600" "-HELPERDLLC:\Documents and Settings\All Users.WINDOWS.0\Application Data\CanonBJ\IJPrinter\CNMWINDOWS.0\Canon iP1600 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CaptEcran V 2.0.2-->"C:\UTILITAIRES\PHOTO\capture\capture ecran\CaptEcran\unins000.exe"
Capture My Screen 1.03-->"C:\UTILITAIRES\PHOTO\capture\Capture My Screen\unins000.exe"
C-Dilla Licence Management System-->C:\C_DILLA\setup\cdunin16.exe
Combined Community Codec Pack 2007-02-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Contextual Tool Dcads-->C:\WINDOWS.0\system32\45e42273-31e6-1de7-8a1a-28ec9b1c1c2b.exe
Contextual Tool Dcads-->C:\WINDOWS.0\system32\cont_dcads-remove.exe
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Dcads Advanced Toolbar-->C:\Program Files\Dcads Advanced Toolbar\uninstall.exe
Dcads Games Collection-->C:\Program Files\Dcads Games Collection\uninstall.exe
Disc2Phone-->MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DPS-->"C:\WINDOWS.0\system32\iesvcmon.exe" -u
Easy-WebPrint-->C:\WINDOWS.0\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Ecran de veille AOL Photos-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Free Mp3 Wma Converter V 1.4.0-->"C:\UTILITAIRES\MUSIQUE\Free Audio Pack\unins000.exe"
GameFace Messenger-->C:\WINDOWS.0\iun6002.exe "C:\Program Files\GameFace Messenger\irunin.ini"
Garmin City Navigator Europe NT+ v8.02-->MsiExec.exe /X{D10FF038-7941-4B62-8051-17D3E2BC150A}
Garmin POI Loader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAD57DF8-1A63-43E0-9B7A-CC4040B730B8}\setup.exe" -l0x40c
Garmin StreetPilot c320 Europe-->MsiExec.exe /X{B820CB04-D21E-48A4-A110-1A783A86EAA3}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Hauppauge French Help Files and Resources-->C:\UTILIT~1\VIDEO\WINTV\UNHLPfra.EXE C:\UTILIT~1\VIDEO\WINTV\WTV2Kfra.LOG
Hauppauge WinTV Scheduler-->C:\UTILIT~1\VIDEO\WINTV\SCHEDU~1\UNWISE.EXE C:\UTILIT~1\VIDEO\WINTV\SCHEDU~1\INSTALL.LOG
Hauppauge WinTV Soft PVR-->C:\UTILIT~1\VIDEO\WINTV\UNSftPVR.EXE C:\UTILIT~1\VIDEO\WINTV\softpvr.LOG
Hauppauge WinTV Source Selector-->C:\UTILIT~1\VIDEO\WINTV\UNtvsel.EXE C:\UTILIT~1\VIDEO\WINTV\WINTVsel.LOG
Hauppauge WinTV2000-->C:\UTILIT~1\VIDEO\WINTV\UNTV32.EXE C:\UTILIT~1\VIDEO\WINTV\WINTV2K.LOG
HijackThis 2.0.2-->"C:\UTILITAIRES\divers\New Folder\HijackThis.exe" /uninstall
IKEA HomePlanner Kitchen-->MsiExec.exe /I{A36BE275-BD22-406C-8D2D-ED99F9E6C0B4}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
JRAID-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LoudMo Contextual Ad Assistant-->C:\WINDOWS.0\system32\Vj2CH_.exe
Malwarebytes' Anti-Malware-->"C:\UTILITAIRES\ANTIVIRUS\anti spyware\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 SP1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->MsiExec.exe /X{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS.0\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS.0\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# 1.1 Redistributable Package-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable\install.exe
Mosaic Deluxe-->MsiExec.exe /I{3423C7F9-2B5F-426D-AF88-2B74C82A8B55}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3-WAV Converter version 6.0.0.2-->"C:\UTILITAIRES\MUSIQUE\MP3-WAV Converter\unins000.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Premium-->MsiExec.exe /I{4908C75E-E5E2-43F7-B1DF-023CBA831036}
NVIDIA Drivers-->C:\WINDOWS.0\system32\nvudisp.exe UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Picasa 2-->"C:\UTILITAIRES\INTERNET\Album photo\Picasa2\Uninstall.exe"
PowerDirector-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Revo Uninstaller 1.85-->C:\UTILITAIRES\ANTIVIRUS\Revo Uninstaller\uninst.exe
RON Tool Superiorads-->C:\WINDOWS.0\system32\orhvqyzlbqsukidk.exe
Roxio Media Manager-->MsiExec.exe /X{AC93F461-132C-4A10-983D-7DAFE2917D67}
Search Assistant Mysidesearch-->C:\WINDOWS.0\system32\kqiuuqyujxnxjz.dll-uninst.exe
Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS.0\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS.0\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SFR - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
Shareaza 2.4.0.0-->"C:\UTILITAIRES\INTERNET\SHAREAZA\Shareaza\Uninstall\unins000.exe"
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l040c -Control_Panel
Total Commander (Remove or Repair)-->C:\UTILITAIRES\totalcmd\tcuninst.exe
Universalis 11-->C:\WINDOWS.0\IsUn040c.exe -f"c:\utilitaires\universalis11\Universalis 11\Uninst.isu"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VTPlus32 pour WinTV (French)-->C:\PROGRA~1\vtplus\UNVTplus.exe C:\PROGRA~1\vtplus\VTPlus.LOG
Winamp (remove only)-->"C:\UTILITAIRES\MUSIQUE\WINAMP\UninstWA.exe"
Windows Internet Explorer 7-->"C:\WINDOWS.0\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
XviD MPEG-4 Video Codec-->C:\WINDOWS.0\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS.0\INF\xvid.inf
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
=====HijackThis Backups=====
O4 - HKCU\..\Run: [44747720668902095547379445994223] C:\Program Files\A360\av360.exe [2008-12-13]
======Hosts File======
13.126.96.78 msnfix.changelog.fr
13.126.96.78 www.incodesolutions.com
13.126.96.78 virusinfo.prevx.com
13.126.96.78 download.bleepingcomputer.com
13.126.96.78 www.dazhizhu.cn
13.126.96.78 foro.noticias3d.com
13.126.96.78 www.spybotupdates.com
13.126.96.78 club.myce.com
13.126.96.78 www.k7computing.com
13.126.96.78 softwaresecuritysolutions.com
Securitycenter WMI appears to be broken
======System event log======
Computer Name: SCI-40636CE3BEB
Event Code: 2508
Message: The server service was unable to load the server driver.
Record Number: 15944
Source Name: Server
Time Written: 20100124195405.000000+060
Event Type: warning
User:
Computer Name: SCI-40636CE3BEB
Event Code: 5727
Message: Could not load RDR device driver.
Record Number: 15943
Source Name: Workstation
Time Written: 20100124195401.000000+060
Event Type: error
User:
Computer Name: SCI-40636CE3BEB
Event Code: 5727
Message: Could not load MRxSmb device driver.
Record Number: 15942
Source Name: Workstation
Time Written: 20100124195401.000000+060
Event Type: error
User:
Computer Name: SCI-40636CE3BEB
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Record Number: 15848
Source Name: DCOM
Time Written: 20100124004536.000000+060
Event Type: error
User: SCI-40636CE3BEB\Jawad
Computer Name: SCI-40636CE3BEB
Event Code: 7000
Message: The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error:
A device attached to the system is not functioning.
Record Number: 15824
Source Name: Service Control Manager
Time Written: 20100123204650.000000+060
Event Type: error
User:
=====Application event log=====
Computer Name: SCI-40636CE3BEB
Event Code: 4113
Message: AntiVir a détecté dans le fichier
C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Local Settings\Temporary Internet Files\Content.IE5\S3240W5U\mciifpzw[1].htm
un code suspect avec la désignation 'TR/Crypt.XPACK.Gen'!
Record Number: 53
Source Name: Avira AntiVir
Time Written: 20100123204608.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SCI-40636CE3BEB
Event Code: 4113
Message: AntiVir a détecté dans le fichier
C:\ojjw.exe
un code suspect avec la désignation 'TR/Crypt.XPACK.Gen'!
Record Number: 52
Source Name: Avira AntiVir
Time Written: 20100123204608.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SCI-40636CE3BEB
Event Code: 4113
Message: AntiVir a détecté dans le fichier
C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Local Settings\Temporary Internet Files\Content.IE5\G8QCBV9F\envoi-sms-gratuit.blogspot[1].htm
un code suspect avec la désignation 'HEUR/HTML.Malware'!
Record Number: 40
Source Name: Avira AntiVir
Time Written: 20091115091906.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SCI-40636CE3BEB
Event Code: 4113
Message: AntiVir a détecté dans le fichier
C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Local Settings\Temporary Internet Files\Content.IE5\SNXP7LI6\adframe[1].htm
un code suspect avec la désignation 'HTML/Infected.WebPage.Gen'!
Record Number: 24
Source Name: Avira AntiVir
Time Written: 20091108132509.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SCI-40636CE3BEB
Event Code: 4113
Message: AntiVir a détecté dans le fichier
C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Local Settings\Temporary Internet Files\Content.IE5\SNXP7LI6\adframe[1].htm
un code suspect avec la désignation 'HTML/Infected.WebPage.Gen'!
Record Number: 23
Source Name: Avira AntiVir
Time Written: 20091108132508.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;"C:\WINDOWS.0\system32\QTJava.zip";C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
-----------------EOF-----------------
le 1er : info.txt :
info.txt logfile of random's system information tool 1.06 2010-01-26 13:57:29
======Uninstall list======
-->C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS.0\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS.0\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS.0\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS.0\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS.0\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
Adobe Acrobat 5.0-->C:\WINDOWS.0\ISUN040C.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS.0\system32\Macromed\Flash\uninstall_activeX.exe
Advertisement Service-->C:\WINDOWS.0\system32\net.net Uninstall
Any DWG to PDF Converter 2008-->"C:\UTILITAIRES\Any DWG to PDF Converter\unins000.exe"
Apple Application Support-->MsiExec.exe /I{B607C354-CD79-4D22-86D1-92DC94153F42}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
ASUS DH Remote-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34A0AF85-C323-4867-8AA3-00A3E5A7A12B}\Setup.exe" -l0x40c
ASUS GameFace Library-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{92B07938-0550-4937-9447-E0ECC04AB99D}
ASUS Gamer OSD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}\setup.exe" -l0x9 -removeonly
ASUS GamerOSD AP-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{E96BE1AC-D50C-4EE5-808F-95F25364F78B}
ASUS VideoSecurity Online-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{7A529246-912F-4C40-A82A-E608DB702FD7}
ASUS WiFi-AP Solo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B3F4499-32E6-470D-8586-E6C03420F889}\Setup.exe" -l0x9 REMOVE
AutoCAD LT 2005 - Français-->MsiExec.exe /I{5783F2D7-0309-040C-0002-0060B0CE6BBA}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BlackBerry Desktop Software 4.7-->MsiExec.exe /I{9833D727-8FF5-40AE-A193-525747555FF1}
BlackBerry Desktop Software 4.7-->MsiExec.exe /i{9833D727-8FF5-40AE-A193-525747555FF1}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Browser Optimizer Dcads-->C:\WINDOWS.0\system32\dcads-remove.exe
Canon iP1600-->C:\WINDOWS.0\system32\CNMCP75.exe "-PRINTERNAMECanon iP1600" "-HELPERDLLC:\Documents and Settings\All Users.WINDOWS.0\Application Data\CanonBJ\IJPrinter\CNMWINDOWS.0\Canon iP1600 Installer\Inst2\cnmis.dll" "-RCDLLcnmi0409.dll"
Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
CaptEcran V 2.0.2-->"C:\UTILITAIRES\PHOTO\capture\capture ecran\CaptEcran\unins000.exe"
Capture My Screen 1.03-->"C:\UTILITAIRES\PHOTO\capture\Capture My Screen\unins000.exe"
C-Dilla Licence Management System-->C:\C_DILLA\setup\cdunin16.exe
Combined Community Codec Pack 2007-02-22-->"C:\Program Files\Combined Community Codec Pack\unins000.exe"
Contextual Tool Dcads-->C:\WINDOWS.0\system32\45e42273-31e6-1de7-8a1a-28ec9b1c1c2b.exe
Contextual Tool Dcads-->C:\WINDOWS.0\system32\cont_dcads-remove.exe
Corel Paint Shop Pro X-->MsiExec.exe /I{1A15507A-8551-4626-915D-3D5FA095CC1B}
Dcads Advanced Toolbar-->C:\Program Files\Dcads Advanced Toolbar\uninstall.exe
Dcads Games Collection-->C:\Program Files\Dcads Games Collection\uninstall.exe
Disc2Phone-->MsiExec.exe /I{6E65247F-58F9-41CA-BE69-0316F7907170}
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Pro-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DPS-->"C:\WINDOWS.0\system32\iesvcmon.exe" -u
Easy-WebPrint-->C:\WINDOWS.0\IsUninst.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"
Ecran de veille AOL Photos-->C:\Program Files\Common Files\AOL\Screensaver\uninst_ygpss.exe
Free Mp3 Wma Converter V 1.4.0-->"C:\UTILITAIRES\MUSIQUE\Free Audio Pack\unins000.exe"
GameFace Messenger-->C:\WINDOWS.0\iun6002.exe "C:\Program Files\GameFace Messenger\irunin.ini"
Garmin City Navigator Europe NT+ v8.02-->MsiExec.exe /X{D10FF038-7941-4B62-8051-17D3E2BC150A}
Garmin POI Loader-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CAD57DF8-1A63-43E0-9B7A-CC4040B730B8}\setup.exe" -l0x40c
Garmin StreetPilot c320 Europe-->MsiExec.exe /X{B820CB04-D21E-48A4-A110-1A783A86EAA3}
Google Earth-->MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Hauppauge French Help Files and Resources-->C:\UTILIT~1\VIDEO\WINTV\UNHLPfra.EXE C:\UTILIT~1\VIDEO\WINTV\WTV2Kfra.LOG
Hauppauge WinTV Scheduler-->C:\UTILIT~1\VIDEO\WINTV\SCHEDU~1\UNWISE.EXE C:\UTILIT~1\VIDEO\WINTV\SCHEDU~1\INSTALL.LOG
Hauppauge WinTV Soft PVR-->C:\UTILIT~1\VIDEO\WINTV\UNSftPVR.EXE C:\UTILIT~1\VIDEO\WINTV\softpvr.LOG
Hauppauge WinTV Source Selector-->C:\UTILIT~1\VIDEO\WINTV\UNtvsel.EXE C:\UTILIT~1\VIDEO\WINTV\WINTVsel.LOG
Hauppauge WinTV2000-->C:\UTILIT~1\VIDEO\WINTV\UNTV32.EXE C:\UTILIT~1\VIDEO\WINTV\WINTV2K.LOG
HijackThis 2.0.2-->"C:\UTILITAIRES\divers\New Folder\HijackThis.exe" /uninstall
IKEA HomePlanner Kitchen-->MsiExec.exe /I{A36BE275-BD22-406C-8D2D-ED99F9E6C0B4}
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
iTunes-->MsiExec.exe /I{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160060}
JRAID-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}\setup.exe" -l0x9 -removeonly
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LoudMo Contextual Ad Assistant-->C:\WINDOWS.0\system32\Vj2CH_.exe
Malwarebytes' Anti-Malware-->"C:\UTILITAIRES\ANTIVIRUS\anti spyware\Malwarebytes' Anti-Malware\unins000.exe"
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 SP1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->MsiExec.exe /X{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS.0\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS.0\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual J# 1.1 Redistributable Package-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Visual J# 2.0 Redistributable Package-->C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\Microsoft Visual J# 2.0 Redistributable\install.exe
Mosaic Deluxe-->MsiExec.exe /I{3423C7F9-2B5F-426D-AF88-2B74C82A8B55}
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3-WAV Converter version 6.0.0.2-->"C:\UTILITAIRES\MUSIQUE\MP3-WAV Converter\unins000.exe"
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero 7 Premium-->MsiExec.exe /I{4908C75E-E5E2-43F7-B1DF-023CBA831036}
NVIDIA Drivers-->C:\WINDOWS.0\system32\nvudisp.exe UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PhotoNow! 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
Picasa 2-->"C:\UTILITAIRES\INTERNET\Album photo\Picasa2\Uninstall.exe"
PowerDirector-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Revo Uninstaller 1.85-->C:\UTILITAIRES\ANTIVIRUS\Revo Uninstaller\uninst.exe
RON Tool Superiorads-->C:\WINDOWS.0\system32\orhvqyzlbqsukidk.exe
Roxio Media Manager-->MsiExec.exe /X{AC93F461-132C-4A10-983D-7DAFE2917D67}
Search Assistant Mysidesearch-->C:\WINDOWS.0\system32\kqiuuqyujxnxjz.dll-uninst.exe
Security Update for Microsoft .NET Framework 2.0 (KB917283)-->C:\WINDOWS.0\system32\msiexec.exe /promptrestart /uninstall {967B098A-042D-4367-BAC9-8BC11684174F} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Security Update for Microsoft .NET Framework 2.0 (KB922770)-->C:\WINDOWS.0\system32\msiexec.exe /promptrestart /uninstall {0E92DD42-76F5-4EF2-B381-F9C1D72BE23D} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
SFR - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
Shareaza 2.4.0.0-->"C:\UTILITAIRES\INTERNET\SHAREAZA\Shareaza\Uninstall\unins000.exe"
SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SpeedTouch USB Software-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D41FAAA9-8048-4906-86B2-9AADEA1FA0B7}\setup.exe" /l040c -Control_Panel
Total Commander (Remove or Repair)-->C:\UTILITAIRES\totalcmd\tcuninst.exe
Universalis 11-->C:\WINDOWS.0\IsUn040c.exe -f"c:\utilitaires\universalis11\Universalis 11\Uninst.isu"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
VTPlus32 pour WinTV (French)-->C:\PROGRA~1\vtplus\UNVTplus.exe C:\PROGRA~1\vtplus\VTPlus.LOG
Winamp (remove only)-->"C:\UTILITAIRES\MUSIQUE\WINAMP\UninstWA.exe"
Windows Internet Explorer 7-->"C:\WINDOWS.0\ie7\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
XviD MPEG-4 Video Codec-->C:\WINDOWS.0\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS.0\INF\xvid.inf
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\unyt.exe
=====HijackThis Backups=====
O4 - HKCU\..\Run: [44747720668902095547379445994223] C:\Program Files\A360\av360.exe [2008-12-13]
======Hosts File======
13.126.96.78 msnfix.changelog.fr
13.126.96.78 www.incodesolutions.com
13.126.96.78 virusinfo.prevx.com
13.126.96.78 download.bleepingcomputer.com
13.126.96.78 www.dazhizhu.cn
13.126.96.78 foro.noticias3d.com
13.126.96.78 www.spybotupdates.com
13.126.96.78 club.myce.com
13.126.96.78 www.k7computing.com
13.126.96.78 softwaresecuritysolutions.com
Securitycenter WMI appears to be broken
======System event log======
Computer Name: SCI-40636CE3BEB
Event Code: 2508
Message: The server service was unable to load the server driver.
Record Number: 15944
Source Name: Server
Time Written: 20100124195405.000000+060
Event Type: warning
User:
Computer Name: SCI-40636CE3BEB
Event Code: 5727
Message: Could not load RDR device driver.
Record Number: 15943
Source Name: Workstation
Time Written: 20100124195401.000000+060
Event Type: error
User:
Computer Name: SCI-40636CE3BEB
Event Code: 5727
Message: Could not load MRxSmb device driver.
Record Number: 15942
Source Name: Workstation
Time Written: 20100124195401.000000+060
Event Type: error
User:
Computer Name: SCI-40636CE3BEB
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}
Record Number: 15848
Source Name: DCOM
Time Written: 20100124004536.000000+060
Event Type: error
User: SCI-40636CE3BEB\Jawad
Computer Name: SCI-40636CE3BEB
Event Code: 7000
Message: The Microsoft Kernel Acoustic Echo Canceller service failed to start due to the following error:
A device attached to the system is not functioning.
Record Number: 15824
Source Name: Service Control Manager
Time Written: 20100123204650.000000+060
Event Type: error
User:
=====Application event log=====
Computer Name: SCI-40636CE3BEB
Event Code: 4113
Message: AntiVir a détecté dans le fichier
C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Local Settings\Temporary Internet Files\Content.IE5\S3240W5U\mciifpzw[1].htm
un code suspect avec la désignation 'TR/Crypt.XPACK.Gen'!
Record Number: 53
Source Name: Avira AntiVir
Time Written: 20100123204608.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SCI-40636CE3BEB
Event Code: 4113
Message: AntiVir a détecté dans le fichier
C:\ojjw.exe
un code suspect avec la désignation 'TR/Crypt.XPACK.Gen'!
Record Number: 52
Source Name: Avira AntiVir
Time Written: 20100123204608.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SCI-40636CE3BEB
Event Code: 4113
Message: AntiVir a détecté dans le fichier
C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Local Settings\Temporary Internet Files\Content.IE5\G8QCBV9F\envoi-sms-gratuit.blogspot[1].htm
un code suspect avec la désignation 'HEUR/HTML.Malware'!
Record Number: 40
Source Name: Avira AntiVir
Time Written: 20091115091906.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SCI-40636CE3BEB
Event Code: 4113
Message: AntiVir a détecté dans le fichier
C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Local Settings\Temporary Internet Files\Content.IE5\SNXP7LI6\adframe[1].htm
un code suspect avec la désignation 'HTML/Infected.WebPage.Gen'!
Record Number: 24
Source Name: Avira AntiVir
Time Written: 20091108132509.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
Computer Name: SCI-40636CE3BEB
Event Code: 4113
Message: AntiVir a détecté dans le fichier
C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Local Settings\Temporary Internet Files\Content.IE5\SNXP7LI6\adframe[1].htm
un code suspect avec la désignation 'HTML/Infected.WebPage.Gen'!
Record Number: 23
Source Name: Avira AntiVir
Time Written: 20091108132508.000000+060
Event Type: warning
User: NT AUTHORITY\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=0f06
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;"C:\WINDOWS.0\system32\QTJava.zip";C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_06\lib\ext\QTJava.zip
-----------------EOF-----------------
voici le second: log.txt
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jawad at 2010-01-26 13:56:07
Microsoft Windows XP Professional Service Pack 2
System drive C: has 152 GB (81%) free of 188 GB
Total RAM: 2047 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57:28, on 26/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\csrss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS.0\ATKKBService.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\RTHDCPL.EXE
C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Application Data\SystemProc\lsass.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Program Files\GameFace Messenger\GameFace.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\WINDOWS.0\ccdrive32.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\UTILITAIRES\MUSIQUE\ITUNES\iTunesHelper.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\WINDOWS.0\System32\reader_s.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Garmin\gStart.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\DOCUME~1\JAWAD~1.SCI\LOCALS~1\Temp\dpvxtl.exe
C:\Documents and Settings\Jawad.SCI-40636CE3BEB\reader_s.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS.0\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\UTILITAIRES\ANTIVIRUS\Revo Uninstaller\revouninstaller.exe
C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Desktop\RSIT.exe
C:\WINDOWS.0\system32\wbem\wmiprvse.exe
C:\UTILITAIRES\divers\New Folder\Jawad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 13.126.96.78 msnfix.changelog.fr
O1 - Hosts: 13.126.96.78 www.incodesolutions.com
O1 - Hosts: 13.126.96.78 virusinfo.prevx.com
O1 - Hosts: 13.126.96.78 download.bleepingcomputer.com
O1 - Hosts: 13.126.96.78 www.dazhizhu.cn
O1 - Hosts: 13.126.96.78 foro.noticias3d.com
O1 - Hosts: 13.126.96.78 www.spybotupdates.com
O1 - Hosts: 13.126.96.78 club.myce.com
O1 - Hosts: 13.126.96.78 www.k7computing.com
O1 - Hosts: 13.126.96.78 softwaresecuritysolutions.com
O1 - Hosts: 13.126.96.78 www.nabble.com
O1 - Hosts: 13.126.96.78 lurker.clamav.net
O1 - Hosts: 13.126.96.78 lexikon.ikarus.at
O1 - Hosts: 13.126.96.78 research.sunbelt-software.com
O1 - Hosts: 13.126.96.78 www.virusdoctor.jp
O1 - Hosts: 13.126.96.78 www.elitepvpers.de
O1 - Hosts: 13.126.96.78 guru.avg.com
O1 - Hosts: 13.126.96.78 downloads.sophos.com
O1 - Hosts: 13.126.96.78 share.skype.com
O1 - Hosts: 13.126.96.78 myantispyware.com
O1 - Hosts: 13.126.96.78 www.computerhilfen.de
O1 - Hosts: 13.126.96.78 www.superuser.co.kr
O1 - Hosts: 13.126.96.78 ntfaq.co.kr
O1 - Hosts: 13.126.96.78 v.dreamwiz.com
O1 - Hosts: 13.126.96.78 cit.kookmin.ac.kr
O1 - Hosts: 13.126.96.78 forums.whatthetech.com
O1 - Hosts: 13.126.96.78 forum.hijackthis.de
O1 - Hosts: 13.126.96.78 avg.vo.llnwd.net
O1 - Hosts: 13.126.96.78 ftp.drweb.com
O1 - Hosts: 13.126.96.78 www.zonealarm.com
O1 - Hosts: 13.126.96.78 smadaver.com
O1 - Hosts: 13.126.96.78 support.emsisoft.com
O1 - Hosts: 13.126.96.78 www.huaifai.go.th
O1 - Hosts: 13.126.96.78 www.mostz.com
O1 - Hosts: 13.126.96.78 www.krupunmai.com
O1 - Hosts: 13.126.96.78 www.cddchiangmai.net
O1 - Hosts: 13.126.96.78 forum.malekal.com
O1 - Hosts: 13.126.96.78 tech.pantip.com
O1 - Hosts: 13.126.96.78 sapcupgrades.com
O1 - Hosts: 13.126.96.78 www.elguruinformatico.com
O1 - Hosts: 13.126.96.78 forums.avg.com
O1 - Hosts: 13.126.96.78 zastita.com
O1 - Hosts: 13.126.96.78 support.kaspersky.com
O1 - Hosts: 13.126.96.78 www.247fixes.com
O1 - Hosts: 13.126.96.78 forum.sysinternals.com
O1 - Hosts: 13.126.96.78 forum.telecharger.01net.com
O1 - Hosts: 13.126.96.78 sophos.com
O1 - Hosts: 13.126.96.78 foros.softonic.com
O1 - Hosts: 13.126.96.78 avast-home.uptodown.com
O1 - Hosts: 13.126.96.78 dr-web-cureit.softonic.com
O1 - Hosts: 13.126.96.78 heavenward.ru
O1 - Hosts: 13.126.96.78 forum.smadav.net
O1 - Hosts: 13.126.96.78 www.forum.kaspersky.com
O1 - Hosts: 13.126.96.78 www.f-secure.com
O1 - Hosts: 13.126.96.78 www.chkrootkit.org
O1 - Hosts: 13.126.96.78 diamondcs.com.au
O1 - Hosts: 13.126.96.78 www.rootkit.nl
O1 - Hosts: 13.126.96.78 www.sysinternals.com
O1 - Hosts: 13.126.96.78 z-oleg.com
O1 - Hosts: 13.126.96.78 espanol.dir.groups.yahoo.com
O1 - Hosts: 13.126.96.78 ftp01net.telechargement.fr
O1 - Hosts: 13.126.96.78 modelayu.com
O1 - Hosts: 13.126.96.78 vaksin.com
O1 - Hosts: 13.126.96.78 bbs.kaspersky.com.cn
O1 - Hosts: 13.126.96.78 www.castlecrops.com
O1 - Hosts: 13.126.96.78 www.misec.net
O1 - Hosts: 13.126.96.78 safecomputing.umn.edu
O1 - Hosts: 13.126.96.78 www.antirootkit.com
O1 - Hosts: 13.126.96.78 www.greatis.com
O1 - Hosts: 13.126.96.78 ar.answers.yahoo.com
O1 - Hosts: 13.126.96.78 www.elhacker.org
O1 - Hosts: 13.126.96.78 research.pandasecurity.com
O1 - Hosts: 13.126.96.78 www.tpu.ro
O1 - Hosts: 13.126.96.78 www.pinoyden.com
O1 - Hosts: 13.126.96.78 forum.avira.de
O1 - Hosts: 13.126.96.78 www.rootkit.com
O1 - Hosts: 13.126.96.78 www.pctools.com
O1 - Hosts: 13.126.96.78 www.pcsupportadvisor.com
O1 - Hosts: 13.126.96.78 www.resplendence.com
O1 - Hosts: 13.126.96.78 www.personal.psu.edu
O1 - Hosts: 13.126.96.78 foro.ethek.com
O1 - Hosts: 13.126.96.78 foro.elhacker.net
O1 - Hosts: 13.126.96.78 download.zonealarm.com
O1 - Hosts: 13.126.96.78 spywarehammer.com
O1 - Hosts: 13.126.96.78 www.codelain.com
O1 - Hosts: 13.126.96.78 www.thaicert.org
O1 - Hosts: 13.126.96.78 vil.nail.com
O1 - Hosts: 13.126.96.78 search.mcafee.com
O1 - Hosts: 13.126.96.78 wwww.mcafee.com
O1 - Hosts: 13.126.96.78 download.nai.com
O1 - Hosts: 13.126.96.78 wwww.experts-exchange.com
O1 - Hosts: 13.126.96.78 www.bakunos.com
O1 - Hosts: 13.126.96.78 www.darkclockers.com
O1 - Hosts: 13.126.96.78 www2.gmer.net
O1 - Hosts: 13.126.96.78 ariefew.com
O1 - Hosts: 13.126.96.78 www.emsisoft.com
O1 - Hosts: 13.126.96.78 forum.romeonet.ro
O1 - Hosts: 13.126.96.78 www.Merijn.org
O1 - Hosts: 13.126.96.78 www.spywareinfo.com
O1 - Hosts: 13.126.96.78 www.spybot.info
O1 - Hosts: 13.126.96.78 www.viruslist.com
O2 - BHO: C:\WINDOWS.0\system32\vnb45gkc.dll - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS.0\system32\vnb45gkc.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dcads Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Dcads Advanced Toolbar\toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS.0\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2009\spywareguard.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\UTILITAIRES\MUSIQUE\ITUNES\iTunesHelper.exe"
O4 - HKLM\..\Run: [net] "C:\WINDOWS.0\system32\net.net"
O4 - HKLM\..\Run: [AntiVirus Plus] "C:\WINDOWS.0\system32\rundll32.exe" "C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS.0\System32\reader_s.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS.0\ccdrive32.exe
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\Neuf\Kit\9props.exe" /trayicon
O4 - HKCU\..\Run: [AntiVirus Plus] "C:\WINDOWS.0\system32\rundll32.exe" "C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700
O4 - HKCU\..\Run: [sefjhf98jfoidsfoishgoiusgdgfgd] C:\DOCUME~1\JAWAD~1.SCI\LOCALS~1\Temp\dpvxtl.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Jawad.SCI-40636CE3BEB\reader_s.exe
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Application Data\SystemProc\lsass.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS.0\ccdrive32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: AntiVirus Plus.lnk = C:\WINDOWS.0\system32\rundll32.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: AntiVirus Plus.lnk = C:\WINDOWS.0\system32\rundll32.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\UTILIT~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS.0\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: oxmlwp.dll
O20 - Winlogon Notify: jntcjpcm - C:\WINDOWS.0\SYSTEM32\jxexcet.dll
O22 - SharedTaskScheduler: lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS.0\system32\vnb45gkc.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS.0\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS.0\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jawad at 2010-01-26 13:56:07
Microsoft Windows XP Professional Service Pack 2
System drive C: has 152 GB (81%) free of 188 GB
Total RAM: 2047 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:57:28, on 26/01/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\csrss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS.0\ATKKBService.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\RTHDCPL.EXE
C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Application Data\SystemProc\lsass.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\Program Files\GameFace Messenger\GameFace.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\WINDOWS.0\ccdrive32.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\UTILITAIRES\MUSIQUE\ITUNES\iTunesHelper.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\WINDOWS.0\System32\reader_s.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Garmin\gStart.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\Neuf\Kit\9props.exe
C:\DOCUME~1\JAWAD~1.SCI\LOCALS~1\Temp\dpvxtl.exe
C:\Documents and Settings\Jawad.SCI-40636CE3BEB\reader_s.exe
C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS.0\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\UTILITAIRES\ANTIVIRUS\Revo Uninstaller\revouninstaller.exe
C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Desktop\RSIT.exe
C:\WINDOWS.0\system32\wbem\wmiprvse.exe
C:\UTILITAIRES\divers\New Folder\Jawad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS02
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 13.126.96.78 msnfix.changelog.fr
O1 - Hosts: 13.126.96.78 www.incodesolutions.com
O1 - Hosts: 13.126.96.78 virusinfo.prevx.com
O1 - Hosts: 13.126.96.78 download.bleepingcomputer.com
O1 - Hosts: 13.126.96.78 www.dazhizhu.cn
O1 - Hosts: 13.126.96.78 foro.noticias3d.com
O1 - Hosts: 13.126.96.78 www.spybotupdates.com
O1 - Hosts: 13.126.96.78 club.myce.com
O1 - Hosts: 13.126.96.78 www.k7computing.com
O1 - Hosts: 13.126.96.78 softwaresecuritysolutions.com
O1 - Hosts: 13.126.96.78 www.nabble.com
O1 - Hosts: 13.126.96.78 lurker.clamav.net
O1 - Hosts: 13.126.96.78 lexikon.ikarus.at
O1 - Hosts: 13.126.96.78 research.sunbelt-software.com
O1 - Hosts: 13.126.96.78 www.virusdoctor.jp
O1 - Hosts: 13.126.96.78 www.elitepvpers.de
O1 - Hosts: 13.126.96.78 guru.avg.com
O1 - Hosts: 13.126.96.78 downloads.sophos.com
O1 - Hosts: 13.126.96.78 share.skype.com
O1 - Hosts: 13.126.96.78 myantispyware.com
O1 - Hosts: 13.126.96.78 www.computerhilfen.de
O1 - Hosts: 13.126.96.78 www.superuser.co.kr
O1 - Hosts: 13.126.96.78 ntfaq.co.kr
O1 - Hosts: 13.126.96.78 v.dreamwiz.com
O1 - Hosts: 13.126.96.78 cit.kookmin.ac.kr
O1 - Hosts: 13.126.96.78 forums.whatthetech.com
O1 - Hosts: 13.126.96.78 forum.hijackthis.de
O1 - Hosts: 13.126.96.78 avg.vo.llnwd.net
O1 - Hosts: 13.126.96.78 ftp.drweb.com
O1 - Hosts: 13.126.96.78 www.zonealarm.com
O1 - Hosts: 13.126.96.78 smadaver.com
O1 - Hosts: 13.126.96.78 support.emsisoft.com
O1 - Hosts: 13.126.96.78 www.huaifai.go.th
O1 - Hosts: 13.126.96.78 www.mostz.com
O1 - Hosts: 13.126.96.78 www.krupunmai.com
O1 - Hosts: 13.126.96.78 www.cddchiangmai.net
O1 - Hosts: 13.126.96.78 forum.malekal.com
O1 - Hosts: 13.126.96.78 tech.pantip.com
O1 - Hosts: 13.126.96.78 sapcupgrades.com
O1 - Hosts: 13.126.96.78 www.elguruinformatico.com
O1 - Hosts: 13.126.96.78 forums.avg.com
O1 - Hosts: 13.126.96.78 zastita.com
O1 - Hosts: 13.126.96.78 support.kaspersky.com
O1 - Hosts: 13.126.96.78 www.247fixes.com
O1 - Hosts: 13.126.96.78 forum.sysinternals.com
O1 - Hosts: 13.126.96.78 forum.telecharger.01net.com
O1 - Hosts: 13.126.96.78 sophos.com
O1 - Hosts: 13.126.96.78 foros.softonic.com
O1 - Hosts: 13.126.96.78 avast-home.uptodown.com
O1 - Hosts: 13.126.96.78 dr-web-cureit.softonic.com
O1 - Hosts: 13.126.96.78 heavenward.ru
O1 - Hosts: 13.126.96.78 forum.smadav.net
O1 - Hosts: 13.126.96.78 www.forum.kaspersky.com
O1 - Hosts: 13.126.96.78 www.f-secure.com
O1 - Hosts: 13.126.96.78 www.chkrootkit.org
O1 - Hosts: 13.126.96.78 diamondcs.com.au
O1 - Hosts: 13.126.96.78 www.rootkit.nl
O1 - Hosts: 13.126.96.78 www.sysinternals.com
O1 - Hosts: 13.126.96.78 z-oleg.com
O1 - Hosts: 13.126.96.78 espanol.dir.groups.yahoo.com
O1 - Hosts: 13.126.96.78 ftp01net.telechargement.fr
O1 - Hosts: 13.126.96.78 modelayu.com
O1 - Hosts: 13.126.96.78 vaksin.com
O1 - Hosts: 13.126.96.78 bbs.kaspersky.com.cn
O1 - Hosts: 13.126.96.78 www.castlecrops.com
O1 - Hosts: 13.126.96.78 www.misec.net
O1 - Hosts: 13.126.96.78 safecomputing.umn.edu
O1 - Hosts: 13.126.96.78 www.antirootkit.com
O1 - Hosts: 13.126.96.78 www.greatis.com
O1 - Hosts: 13.126.96.78 ar.answers.yahoo.com
O1 - Hosts: 13.126.96.78 www.elhacker.org
O1 - Hosts: 13.126.96.78 research.pandasecurity.com
O1 - Hosts: 13.126.96.78 www.tpu.ro
O1 - Hosts: 13.126.96.78 www.pinoyden.com
O1 - Hosts: 13.126.96.78 forum.avira.de
O1 - Hosts: 13.126.96.78 www.rootkit.com
O1 - Hosts: 13.126.96.78 www.pctools.com
O1 - Hosts: 13.126.96.78 www.pcsupportadvisor.com
O1 - Hosts: 13.126.96.78 www.resplendence.com
O1 - Hosts: 13.126.96.78 www.personal.psu.edu
O1 - Hosts: 13.126.96.78 foro.ethek.com
O1 - Hosts: 13.126.96.78 foro.elhacker.net
O1 - Hosts: 13.126.96.78 download.zonealarm.com
O1 - Hosts: 13.126.96.78 spywarehammer.com
O1 - Hosts: 13.126.96.78 www.codelain.com
O1 - Hosts: 13.126.96.78 www.thaicert.org
O1 - Hosts: 13.126.96.78 vil.nail.com
O1 - Hosts: 13.126.96.78 search.mcafee.com
O1 - Hosts: 13.126.96.78 wwww.mcafee.com
O1 - Hosts: 13.126.96.78 download.nai.com
O1 - Hosts: 13.126.96.78 wwww.experts-exchange.com
O1 - Hosts: 13.126.96.78 www.bakunos.com
O1 - Hosts: 13.126.96.78 www.darkclockers.com
O1 - Hosts: 13.126.96.78 www2.gmer.net
O1 - Hosts: 13.126.96.78 ariefew.com
O1 - Hosts: 13.126.96.78 www.emsisoft.com
O1 - Hosts: 13.126.96.78 forum.romeonet.ro
O1 - Hosts: 13.126.96.78 www.Merijn.org
O1 - Hosts: 13.126.96.78 www.spywareinfo.com
O1 - Hosts: 13.126.96.78 www.spybot.info
O1 - Hosts: 13.126.96.78 www.viruslist.com
O2 - BHO: C:\WINDOWS.0\system32\vnb45gkc.dll - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS.0\system32\vnb45gkc.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Dcads Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Program Files\Dcads Advanced Toolbar\toolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS.0\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GameFace Messenger] C:\Program Files\GameFace Messenger\GameFace.exe
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [spywareguard] C:\Program Files\Spyware Guard 2009\spywareguard.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\UTILITAIRES\MUSIQUE\ITUNES\iTunesHelper.exe"
O4 - HKLM\..\Run: [net] "C:\WINDOWS.0\system32\net.net"
O4 - HKLM\..\Run: [AntiVirus Plus] "C:\WINDOWS.0\system32\rundll32.exe" "C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS.0\System32\reader_s.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS.0\ccdrive32.exe
O4 - HKLM\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Connexion SFR 9props.exe] "C:\Program Files\Neuf\Kit\9props.exe" /trayicon
O4 - HKCU\..\Run: [AntiVirus Plus] "C:\WINDOWS.0\system32\rundll32.exe" "C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll", start 70700
O4 - HKCU\..\Run: [sefjhf98jfoidsfoishgoiusgdgfgd] C:\DOCUME~1\JAWAD~1.SCI\LOCALS~1\Temp\dpvxtl.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Jawad.SCI-40636CE3BEB\reader_s.exe
O4 - HKCU\..\Run: [12CFG214-K641-12SF-N85P] C:\RECYCLER\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
O4 - HKLM\..\Policies\Explorer\Run: [RTHDBPL] C:\Documents and Settings\Jawad.SCI-40636CE3BEB\Application Data\SystemProc\lsass.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS.0\ccdrive32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: AntiVirus Plus.lnk = C:\WINDOWS.0\system32\rundll32.exe
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: AntiVirus Plus.lnk = C:\WINDOWS.0\system32\rundll32.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\UTILIT~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS.0\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O20 - AppInit_DLLs: oxmlwp.dll
O20 - Winlogon Notify: jntcjpcm - C:\WINDOWS.0\SYSTEM32\jxexcet.dll
O22 - SharedTaskScheduler: lkjah87hfijgnfasidofgysgiughnjfkgfgdfgf - {C4BF49A2-94F1-42BD-F034-3604811C807D} - C:\WINDOWS.0\system32\vnb45gkc.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS.0\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS.0\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
ethernote
Messages postés
192
Date d'inscription
samedi 21 novembre 2009
Statut
Membre
Dernière intervention
30 juin 2010
16
25 janv. 2010 à 18:12
25 janv. 2010 à 18:12
Je pense que Revo Uninstaller serait parfait pour ton cas.
Il ne cherche pas QUE les progs dans la panneau de configuration, mais dans la liste Program Files.
À ce propos, as-tu regardé dans program files ? Y a un icône "Uninstall" ???
Il ne cherche pas QUE les progs dans la panneau de configuration, mais dans la liste Program Files.
À ce propos, as-tu regardé dans program files ? Y a un icône "Uninstall" ???
moment de grace
Messages postés
29042
Date d'inscription
samedi 6 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
18 juillet 2013
2 274
26 janv. 2010 à 16:38
26 janv. 2010 à 16:38
bon
tu as ce qu'il y a de pire en matière de virus...VIRUT
http://www.commentcamarche.net/faq/sujet-16138-comment-supprimer-virut
lis bien les infos du lien
fais des sauvegardes (doc, image, mp3, films) en les gravant sur cd ou dvd
Ne sauvegardez aucun logiciel exécutable, zippé (.zip), compressé (.rar), fichiers .scr, vous risqueriez de sauvegarder un fichier infecté par Virut. N'oubliez pas qu'un seul fichier Virut peut infecter le reste du PC.
Ce virus contamine les disques amovibles (clé USB, disque dur externe, etc.) ayant été en contact avec le PC infecté
et s'il n'est pas trop tard fais ceci
▶ Téléchargez Dr.Web CureIt! sur ton Bureau :
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
▶ Double-cliquez sur drweb-cureit.exe et cliquez sur Commencer le scan.
▶ Ce scan rapide permet l'analyse des processus chargés en mémoire; s'il trouve des processus infectés, cliquez sur le bouton Oui pour Tout à l'invite.
▶ Lorsque le scan rapide est terminé, cliquez sur Options > Changer la configuration.
▶ Choisissez l'onglet Scanner, et décochez Analyse heuristique.
▶ De retour à la fenêtre principale : choisissez Analyse complète.
▶ Cliquez la flèche verte sur la droite et le scan débutera. Une publicité apparaît quelquefois, fermez-la.
▶ Cliquez Oui pour Tout si un fichier est détecté.
▶ A la fin du scan, si des infections sont trouvées, cliquez sur Tout sélectionner, puis sur Désinfecter. Si la désinfection est impossible, cliquez sur Quarantaine.
▶ Au menu principal de l'outil, en haut à gauche, cliquez sur le menu Fichier et choisissez Enregistrer le rapport.
▶ Sauvegardez le rapport sur votre Bureau. Ce dernier se nommera DrWeb.csv.
▶ Fermez Dr.Web CureIt!
▶ Redémarrez votre ordinateur (très important) car certains fichiers peuvent être déplacés/réparés au redémarrage.
▶ Postez (Copiez/Collez) le contenu du rapport de l'outil Dr.Web dans un bloc note
Ensuite :
▶ Rendez-vous à cette adresse d'hébergement gratuit : http://www.cijoint.fr/
▶ Cliquez sur parcourir, chercher rapport DrWeb.txt puis sur cliquez ici pour déposer le fichier
▶ Une fois le lien crée, faite un clique droit dessus et copier l'adresse du lien pour venir le coller dans votre réponse
tu as ce qu'il y a de pire en matière de virus...VIRUT
http://www.commentcamarche.net/faq/sujet-16138-comment-supprimer-virut
lis bien les infos du lien
fais des sauvegardes (doc, image, mp3, films) en les gravant sur cd ou dvd
Ne sauvegardez aucun logiciel exécutable, zippé (.zip), compressé (.rar), fichiers .scr, vous risqueriez de sauvegarder un fichier infecté par Virut. N'oubliez pas qu'un seul fichier Virut peut infecter le reste du PC.
Ce virus contamine les disques amovibles (clé USB, disque dur externe, etc.) ayant été en contact avec le PC infecté
et s'il n'est pas trop tard fais ceci
▶ Téléchargez Dr.Web CureIt! sur ton Bureau :
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
▶ Double-cliquez sur drweb-cureit.exe et cliquez sur Commencer le scan.
▶ Ce scan rapide permet l'analyse des processus chargés en mémoire; s'il trouve des processus infectés, cliquez sur le bouton Oui pour Tout à l'invite.
▶ Lorsque le scan rapide est terminé, cliquez sur Options > Changer la configuration.
▶ Choisissez l'onglet Scanner, et décochez Analyse heuristique.
▶ De retour à la fenêtre principale : choisissez Analyse complète.
▶ Cliquez la flèche verte sur la droite et le scan débutera. Une publicité apparaît quelquefois, fermez-la.
▶ Cliquez Oui pour Tout si un fichier est détecté.
▶ A la fin du scan, si des infections sont trouvées, cliquez sur Tout sélectionner, puis sur Désinfecter. Si la désinfection est impossible, cliquez sur Quarantaine.
▶ Au menu principal de l'outil, en haut à gauche, cliquez sur le menu Fichier et choisissez Enregistrer le rapport.
▶ Sauvegardez le rapport sur votre Bureau. Ce dernier se nommera DrWeb.csv.
▶ Fermez Dr.Web CureIt!
▶ Redémarrez votre ordinateur (très important) car certains fichiers peuvent être déplacés/réparés au redémarrage.
▶ Postez (Copiez/Collez) le contenu du rapport de l'outil Dr.Web dans un bloc note
Ensuite :
▶ Rendez-vous à cette adresse d'hébergement gratuit : http://www.cijoint.fr/
▶ Cliquez sur parcourir, chercher rapport DrWeb.txt puis sur cliquez ici pour déposer le fichier
▶ Une fois le lien crée, faite un clique droit dessus et copier l'adresse du lien pour venir le coller dans votre réponse
25 janv. 2010 à 08:08
oui j'aimerais bien le supprimer mais il n'est nulle part dans le panneau de config pour le désinstaller.
merci