Malware.trace Fermé

Question

Bonjour,

Je voudrais savoir ce qu'étais un Malware.trace svp car j'ai fais une analyse avec malwarebytes et il m'a trouvé 2 malware.trace.

Merci d'avance

Utilisateur anonyme · Accepted Answer

Edit :

je ne vois pas d'infection mais ceci me semble à vérifier :

Rends toi sur ce site : 
https://www.virustotal.com/gui/ 
Fais analyser ces gichiers séparement, clique sur parcourir et cherche ce fichier : (chemin d’accès du fichier)

C:\WINDOWS\system32\drivers\axrrbuxs.sys
C:\WINDOWS\system32\XDva327.sys


clique sur send file 
un rappoort va s-élaborer ligne à ligne, 
attends un peu, il doit comprendre la taille du fichier envoyé 
sauvegarde les rapport avec le bloc note 
copie les dans ton prochain message. 
Merci

Utilisateur anonyme · Answer

bonjour,
google reste ton meilleur ami  ;-)

https://www.google.fr/search?source=ig&hl=fr&rlz=1G1GGLQ_FRFR350&q=Malware.trace&btnG=Recherche+Google&meta=lr%3D&aq=null&oq=&gws_rd=ssl

tu peux également poster ton rapport MBAM pour que je regarde  :-)

dwaagonne · Answer

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3581
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/17/2010 12:20:30
mbam-log-2010-01-17 (12-20-30).txt

Type de recherche: Examen complet (C:\|H:\|)
Eléments examinés: 254384
Temps écoulé: 1 hour(s), 36 minute(s), 3 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
H:\LOL\winsxs\x86_wpf-windowsformsintegration_31bf3856ad364e35_6.0.6001.22208_none_faadb06494e67934\WindowsFormsIntegration.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
H:\LOL\winsxs\x86_wpf-windowsformsintegration_31bf3856ad364e35_6.0.6000.16708_none_f83dd4f37ea24879\WindowsFormsIntegration.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
H:\LOL\winsxs\x86_wpf-windowsformsintegration_31bf3856ad364e35_6.0.6000.20864_none_f882910e97f42a8d\WindowsFormsIntegration.dll (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

Utilisateur anonyme · Answer

ok, tout est en quarentaine :-)
 
on va regarder pour voir s'il y a d'autres infections :
•	Télécharge random's system information tool (RSIT) et enregistre le sur ton bureau. 
http://images.malwareremoval.com/random/RSIT.exe
	
Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
Double clique sur RSIT.exe pour lancer l'outil. 
Clique sur ' continue ' à l'écran Disclaimer. 
Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence. 
Une fois le scan fini, 2 rapports vont apparaître. Poste le contenu des 2 rapports séparément. Ils se trouvent sur c :
(log.txt & info.txt) 
(CTRL+A Pour tout sélectionner, CTRL+C pour copier et CTRL+V pour coller)

dwaagonne · Answer

info.txt logfile of random's system information tool 1.06 2010-01-30 12:37:29

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\System32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001}
adsl TV-->C:\Program Files\adslTV\Uninstal.exe
Analyseur et SDK MSXML 4.0 SP2-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
ANIO Service-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}\Setup.exe" 
ANIWZCS2 Service-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4C590030-7469-453E-8589-D15DA9D03F52}\Setup.exe" 
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Asterix & Obelix XXL-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D562E689-0ECD-4239-B1A0-323252893405} /l1036 
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x435c 
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Parental Control & Encoder-->MsiExec.exe /I{36CDA33B-909B-4719-97D1-C4B99309BDC7}
Audacity 1.3.9 (Unicode)-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins000.exe"
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
AxCrypt (Désinstaller uniquement)-->"C:\Program Files\Axon Data\AxCrypt\AxCryptU.exe"
Bullzip PDF Printer 7.1.0.1080-->"C:\Program Files\Bullzip\PDF Printer\unins000.exe"
Calcul mental 1.1.4-->"C:\Program Files\Calcul mental\unins000.exe"
Call of Duty 2-->"H:\PacSteamT\PacSteamT\steam.exe" steam://uninstall/2630
Call of Duty-->"H:\PacSteamT\PacSteamT\steam.exe" steam://uninstall/2620
Call of Duty-->H:\JEUX\CALLOF~1\Uninstall\Unwise.exe /u H:\JEUX\CALLOF~1\Uninstall\Install.log
Calme 2010.0-->"C:\Program Files\Calme 2010\unins000.exe"
Catalyst Control Center - Branding-->MsiExec.exe /I{D3B1C799-CB73-42DE-BA0F-2344793A095C}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Chevaliers&Camelots-->C:\WINDOWS\unin040c.exe -f"h:\jeux\chevalier & camelot\DeIsL1.isu"  -c"h:\jeux\chevalier & camelot\_ISREG32.DLL"
Command & Conquer 3-->MsiExec.exe /I{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}
Command & Conquer Generals-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{06F80017-8F98-4C94-B868-52358569FC32} 
Command and Conquer 3: Tiberium Wars-->"H:\PacSteamT\PacSteamT\steam.exe" steam://uninstall/24790
Command and Conquer(TM) Generals - Heure H-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1} 
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
Correctif pour Microsoft Visual C++ 2008 Express SP1 - Français (KB945282)-->C:\WINDOWS\system32\msiexec.exe /package {4C3FF4F7-6033-3129-8D21-9FC8C8B82D65} /uninstall  /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual C++ 2008 Express SP1 - Français (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {4C3FF4F7-6033-3129-8D21-9FC8C8B82D65} /uninstall  /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual C++ 2008 Express SP1 - Français (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {4C3FF4F7-6033-3129-8D21-9FC8C8B82D65} /uninstall  /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual C++ 2008 Express SP1 - Français (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {4C3FF4F7-6033-3129-8D21-9FC8C8B82D65} /uninstall  /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual C++ 2008 Express SP1 - Français (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {4C3FF4F7-6033-3129-8D21-9FC8C8B82D65} /uninstall  /qb+ REBOOTPROMPT=""
Correctif pour Microsoft Visual C++ 2008 Express SP1 - Français (KB948127)-->C:\WINDOWS\system32\msiexec.exe /package {4C3FF4F7-6033-3129-8D21-9FC8C8B82D65} /uninstall  /qb+ REBOOTPROMPT=""
Cross Fire En-->"H:\JEUX\crossfire\CrossFire\unins000.exe"
DesktopEarth-->MsiExec.exe /I{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}
Disney 102 Dalmatiens à la rescousse-->C:\WINDOWS\IsUn040c.exe -fh:\jeux\121DAL~1\DeIsL1.isu
D-Link Wireless G DWA-110-->C:\Program Files\InstallShield Installation Information\{5F753314-628E-4C13-B8AE-BFA7FD514CBE}\setup.exe -runfromtemp -l0x040c -removeonly
Driver Genius Professional Edition-->"C:\Program Files\Driver-Soft\DriverGenius\unins000.exe"
Far Cry-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l1036 
FlashGet 1.9.6.1073-->C:\Program Files\FlashGet\uninst.exe
Fraps (remove only)-->"C:\Program Files\Fraps 3.0.3\uninstall.exe"
Glary Utilities 2.18.0.786-->"C:\Program Files\Glary Utilities\unins000.exe"
GoldBarre-->C:\Program Files\GoldBarre\Uninstal.exe
Google Gears-->MsiExec.exe /I{BC2FE771-EDBE-3087-A676-2B6C45A2BF7E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Earth-->MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466}
GPL Ghostscript Lite 8.70-->"C:\Program Files\Bullzip\PDF Printer\gs\unins000.exe"
GTA San Andreas-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x40c  -removeonly
Half-Life: Blue Shift-->"H:\PacSteamT\PacSteamT\steam.exe" steam://uninstall/130
Half-Life: Blue Shift-->H:\JEUX\HALF-L~1\BLUE-S~1\bshift\UNWISE.EXE H:\JEUX\HALF-L~1\BLUE-S~1\bshift\install.log
Half-Life: Opposing Force-->H:\JEUX\HALF-L~1\UNWISE.EXE H:\JEUX\HALF-L~1\OPFOR.LOG
Half-Life-->"H:\PacSteamT\PacSteamT\steam.exe" steam://uninstall/70
Half-Life-->C:\WINDOWS\IsUn040c.exe -fh:\jeux\half-life\Uninst.isu -c"h:\jeux\half-life\HLUNINST.DLL"
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
iColorFolder-->C:\Program Files\iColorFolder\uninstall.exe
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
K-Lite Codec Pack 5.6.1 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LAME v3.98.2 for Audacity-->"C:\Program Files\Audacity 1.3 Beta (Unicode)\unins001.exe"
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
LEGO® Batman™-->C:\Program Files\InstallShield Installation Information\{398AB469-77FC-4935-820B-D419388C0A6A}\Setup.exe -runfromtemp -l0x040c
LEGO® Indiana Jones™ 2: L'Aventure Continue-->C:\Program Files\InstallShield Installation Information\{11192AA7-FBE3-4150-9667-EE7279CCC769}\Setup.exe -runfromtemp -l0x040c
Logiciel d'archivage WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Matto4 Patch 1.1-->0:\JEUX\Farcry\Mods\Matto4\Mods\Matto4\Uninstal Matto4.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{72AD53CC-CCC0-3757-8480-9EE176866A7C}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA-->MsiExec.exe /I{0BD83598-C2EF-3343-847B-7D2E84599128}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Midtown Madness 2-->"H:\JEUX\Midtown Madness 2\UNINSTAL.EXE" /runtemp /addremove
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Express Edition with SP1 - FRA-->MsiExec.exe /X{4C3FF4F7-6033-3129-8D21-9FC8C8B82D65}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Visual C++ 2008 Express SP1 - Français-->C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition with SP1 - FRA\setup.exe
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - fra-->MsiExec.exe /X{484AB636-ADBC-3A85-AB82-41873BDD1083}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
Mise à jour de sécurité pour Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
OpenOffice.org 3.1-->MsiExec.exe /I{B2E581DB-C4DD-432C-AC84-ED761AC056BC}
Opposing Force-->"H:\PacSteamT\PacSteamT\steam.exe" steam://uninstall/50
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PacSteamT-->H:\PacSteamT\PacSteamT\PacSteamT-Uninstall.exe
Paint.NET v3.5-->MsiExec.exe /X{D3E7A2A5-A059-4A44-949B-21FBD371A8B8}
Peter Jackson's King Kong - The Official Game of the Movie-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{111E336D-30BF-4CD4-8D69-4541732AFB27}\setup.exe" -l0x40c  -removeonly
Petit Larousse 2010-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{422FADA9-FED2-41D7-B5FA-472BB98B7784}\Setup.exe" -l0x40c 
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Polipo 1.0.4-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
Qtracker-->C:\PROGRA~1\Qtracker\UNWISE.EXE C:\PROGRA~1\Qtracker\INSTALL.LOG
Radio France 1.1.1-->"C:\Program Files\Radio France\unins000.exe"
Radio_France Toolbar-->C:\PROGRA~1\RADIO_~1\UNWISE.EXE   /U C:\PROGRA~1\RADIO_~1\INSTALL.LOG  
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
System Requirements Lab-->MsiExec.exe /I{1E99F5D7-4262-4C7C-9135-F066E7485811}
TeamViewer 5-->C:\Program Files\TeamViewer\Version5\uninstall.exe
The Matrix Trilogy Screensaver 0.49-->C:\WINDOWS\Installer\The Matrix Trilogy UnInstaller.exe
Tor 0.2.1.22-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
TubeDownload 2.6.1-->"C:\Program Files\Tomato\TubeDownload\unins000.exe"
TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall
Unlocker 1.8.8-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Vidalia 0.2.6-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
WM Recorder 9.1-->C:\WINDOWS\iun6002.exe "C:\Program Files\WM Recorder\irunin.ini"
Xfire (remove only)-->"C:\Program Files\Xfire\uninst.exe"
YouTUBE (TM) movie downloader-->MsiExec.exe /X{2F8BE445-D14C-40E2-AF62-E43539FD1500}
Zune Desktop Theme-->MsiExec.exe /X{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}

======Security center information======

AV: ESET NOD32 Antivirus 4.0
FW: COMODO Firewall (disabled)

======System event log======

Computer Name: AYMERIC-8X06VYM
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 15121
Source Name: Service Control Manager
Time Written: 20100107170444.000000+060
Event Type: Informations
User: 

Computer Name: AYMERIC-8X06VYM
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 15120
Source Name: Service Control Manager
Time Written: 20100107170441.000000+060
Event Type: Informations
User: AYMERIC-8X06VYM\Aymeric

Computer Name: AYMERIC-8X06VYM
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.

Record Number: 15119
Source Name: Service Control Manager
Time Written: 20100107170441.000000+060
Event Type: Informations
User: 

Computer Name: AYMERIC-8X06VYM
Event Code: 7036
Message: Le service Service Google Update (gupdate1ca4efcdf358152) est entré dans l'état : arrêté.

Record Number: 15118
Source Name: Service Control Manager
Time Written: 20100107170338.000000+060
Event Type: Informations
User: 

Computer Name: AYMERIC-8X06VYM
Event Code: 7035
Message: Un contrôle Arrêter a correctement été envoyé au service ANIWZCSd Service.

Record Number: 15117
Source Name: Service Control Manager
Time Written: 20100107170334.000000+060
Event Type: Informations
User: AYMERIC-8X06VYM\Aymeric

=====Application event log=====

Computer Name: AYMERIC-8X06VYM
Event Code: 105
Message: The service was started.

Record Number: 5
Source Name: ATI Smart
Time Written: 20100117095731.000000+060
Event Type: Informations
User: 

Computer Name: AYMERIC-8X06VYM
Event Code: 0
Message: 
Record Number: 4
Source Name: gupdate1ca4efcdf358152
Time Written: 20100116122317.000000+060
Event Type: Informations
User: 

Computer Name: AYMERIC-8X06VYM
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.

Record Number: 3
Source Name: SecurityCenter
Time Written: 20100116122242.000000+060
Event Type: Informations
User: 

Computer Name: AYMERIC-8X06VYM
Event Code: 0
Message: 
Record Number: 2
Source Name: gupdate1ca4efcdf358152
Time Written: 20100116122241.000000+060
Event Type: Informations
User: 

Computer Name: AYMERIC-8X06VYM
Event Code: 105
Message: The service was started.

Record Number: 1
Source Name: ATI Smart
Time Written: 20100116122237.000000+060
Event Type: Informations
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 9, GenuineIntel
"PROCESSOR_LEVEL"=15
"PROCESSOR_REVISION"=0409
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VS90COMNTOOLS"=C:\Program Files\Microsoft Visual Studio 9.0\Common7\Tools\
"windir"=%SystemRoot%

-----------------EOF-----------------

dwaagonne · Answer

Logfile of random's system information tool 1.06 (written by random/random)
Run by Aymeric at 2010-01-30 12:37:01
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 18 GB (47%) free of 39 GB
Total RAM: 1022 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:37:24, on 1/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\pnp\audio\RTHDCPL.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Aymeric\Bureau\Logiciel & jeux\Kwet-Barre.exe
C:\Documents and Settings\Aymeric\Local Settings\Apps\2.0\C8ETTD7D.29Y\Z4LTX6LE.OKD\bubu..tion_d26c256b3bebbd77_0001.0000_5b12ee02c1adfcd6\Bubulle-Barre.exe
C:\Documents and Settings\Aymeric\Bureau\RSIT.exe
C:\Program Files	rend micro\Aymeric.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Radio France Toolbar - {1a2cd84f-2175-4ae8-bd60-ce0d04442b4f} - C:\Program Files\Radio_France	bRadi.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Radio France Toolbar - {1a2cd84f-2175-4ae8-bd60-ce0d04442b4f} - C:\Program Files\Radio_France	bRadi.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Radio France Toolbar - {1a2cd84f-2175-4ae8-bd60-ce0d04442b4f} - C:\Program Files\Radio_France	bRadi.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Raccourci vers AirGCFG.lnk = C:\Program Files\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
O4 - Startup: Raccourci vers RTHDCPL.lnk = C:\pnp\audio\RTHDCPL.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download Video on This Page - res://C:\Program Files\Tomato\TubeDownload\MDIEEx.dll/211
O8 - Extra context menu item: Download Video This Links To - res://C:\Program Files\Tomato\TubeDownload\MDIEEx.dll/212
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: Paramètres de Google &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Download Video - {45B79C91-E9B5-4551-8C43-03EF82B4BC63} - res://C:\Program Files\Tomato\TubeDownload\MDIEEx.dll/211 (file missing)
O9 - Extra 'Tools' menuitem: Download Video on This Page - {45B79C91-E9B5-4551-8C43-03EF82B4BC63} - res://C:\Program Files\Tomato\TubeDownload\MDIEEx.dll/211 (file missing)
O9 - Extra button: Extract Flash Video with Bytescout... - {6AC46E49-7C60-48E6-AA63-D51A82750C24} - C:\Program Files\Bytescout Movies Extractor Scout\flashextract_ie.html (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/...
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs:   C:\WINDOWS\system32\guard32.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Service Google Update (gupdate1ca4efcdf358152) (gupdate1ca4efcdf358152) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcappcapd.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe