PROBLEM infection par antivurus pro 2010
Résolu
nana-ziza
Messages postés
39
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
mon pc est infecter par antivirus pro 201
je ne peu ni ouvrire mes page web ni telecharger ni faire un scan que doit je faire pour suprimer ce virus aide moi et merci
mon pc est infecter par antivirus pro 201
je ne peu ni ouvrire mes page web ni telecharger ni faire un scan que doit je faire pour suprimer ce virus aide moi et merci
A voir également:
- PROBLEM infection par antivurus pro 2010
- Clé windows 10 pro 64 bits gratuit - Guide
- Ccleaner pro gratuit - Télécharger - Optimisation
- Cool edit pro - Télécharger - Édition & Montage
- Clé activation office 2010 gratuit - Télécharger - Sécurité
- Word 2010 - Télécharger - Traitement de texte
14 réponses
slt restaure ton pc avant le souci:
http://www.infoprat.net/astuces/windows2k_xp/astuces/divers_004.php
puis
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.infoprat.net/astuces/windows2k_xp/astuces/divers_004.php
puis
scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
merci de m avoire repondu maisje n ai pas malwarebyte dans mon pc et je ne peu le telecharger cause du
virus comment faire ????svp
virus comment faire ????svp
j'ai mis de restaurer le pc avant ! as tu tenté?
sinon
http://www.commentcamarche.net/faq/24055-security-tool
sinon
http://www.commentcamarche.net/faq/24055-security-tool
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Renomme le en ccm avant de le mettre sur ton bureau puis lance le . Si cela passe pas fais rkill avant
si tu n'y arrive pas alors:
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
voici log.txt:
Logfile of random's system information tool 1.06 (written by random/random)
Run by pc at 2010-02-04 14:26:15
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 10 GB (49%) free of 20 GB
Total RAM: 511 MB (23% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-09-13 1312040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-04-01 77824]
"ccApp"=C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2008-08-14 115560]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"FixCamera"=C:\WINDOWS\FixCamera.exe [2005-12-06 20480]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2005-11-04 90112]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2005-09-05 339968]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-12-30 198160]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"imPlayok"=C:\WINDOWS\system32\imPlayok.exe [2010-02-02 43971]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-08-09 1961984]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe [2009-01-31 3399727]
"ahrxi"=C:/Downloads/Software//uwmphhg.exe []
"hkggd"=C:/Downloads/Software//ognbdug.exe []
"F5JMWNZTHI"=C:\DOCUME~1\pc\LOCALS~1\Temp\Hky.exe [2010-01-29 136704]
"ROUA3O12PW"=C:\WINDOWS\msb.exe [2010-01-29 206848]
"imPlayok"=C:\Documents and Settings\pc\imPlayok.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-09-13 22880040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-12-30 198160]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
DSLMON.lnk - C:\Program Files\Menara\dslmon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-07 133632]
SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\WINDOWS\system32\svshost.dll [2010-01-31 2560]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"DisableStatusMessages"=0
"DisableTaskMgr"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"MemCheckBoxInRunDlg"=1
"NoSMBalloonTip"=1
"NoDesktopCleanupWizard"=1
"NoWelcomeScreen"=1
"NoDriveAutoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\DOCUME~1\pc\LOCALS~1\Temp\KBCZRBMI\LiveUpdate\LuSetup.exe"="C:\DOCUME~1\pc\LOCALS~1\Temp\KBCZRBMI\LiveUpdate\LuSetup.exe:*:Enabled:ipsec"
"C:\DOCUME~1\pc\LOCALS~1\Temp\QELROELT\LiveUpdate\LuSetup.exe"="C:\DOCUME~1\pc\LOCALS~1\Temp\QELROELT\LiveUpdate\LuSetup.exe:*:Enabled:ipsec"
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Free Download Manager\fdm.exe"="C:\Program Files\Free Download Manager\fdm.exe:*:Disabled:Free Download Manager"
"C:\WINDOWS\system32\wininet.exe"="C:\WINDOWS\system32\wininet.exe:*:Enabled:Windows XP Update"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======File associations======
.exe - open - "C:\Documents and Settings\pc\Local Settings\Application Data\av.exe" /START "%1" %*
======List of files/folders created in the last 1 months======
2010-02-04 14:26:21 ----D---- C:\Program Files\trend micro
2010-02-04 14:26:15 ----D---- C:\rsit
2010-02-02 15:46:54 ----A---- C:\WINDOWS\system32\imPlayok.exe
2010-01-31 21:24:30 ----A---- C:\WINDOWS\system32\winint.exe
2010-01-31 21:24:28 ----A---- C:\WINDOWS\system32\svshost.dll
2010-01-30 10:23:44 ----A---- C:\WINDOWS\system32\irmon.dll
2010-01-30 10:23:44 ----A---- C:\WINDOWS\system32\irftp.exe
2010-01-30 10:23:43 ----A---- C:\WINDOWS\system32\wshirda.dll
2010-01-29 20:50:40 ----A---- C:\WINDOWS\msb.exe
2010-01-29 17:27:19 ----A---- C:\WINDOWS\msa.exe
2010-01-29 17:26:05 ----A---- C:\WINDOWS\system32\sshnas21.dll
2010-01-28 20:53:45 ----A---- C:\WINDOWS\system32\svlostSrv.exe
2010-01-28 20:53:42 ----A---- C:\WINDOWS\system32\tasman.exe
2010-01-28 20:53:40 ----A---- C:\WINDOWS\system32\svlost.exe
2010-01-28 20:53:39 ----A---- C:\WINDOWS\system32\svlosta.dll
2010-01-28 20:53:38 ----A---- C:\WINDOWS\system32\ssleay32.dll
2010-01-28 20:53:38 ----A---- C:\WINDOWS\system32\libeay32.dll
2010-01-28 16:27:37 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2010-01-25 19:15:07 ----D---- C:\Downloads
2010-01-25 19:02:34 ----D---- C:\Program Files\Software Informer
2010-01-25 19:02:30 ----D---- C:\Documents and Settings\pc\Application Data\Free Download Manager
2010-01-25 19:02:21 ----D---- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2010-01-25 19:02:18 ----D---- C:\Program Files\Free Download Manager
2010-01-24 20:50:04 ----D---- C:\Program Files\Microsoft Office
2010-01-24 20:49:04 ----D---- C:\Program Files\MSECache
2010-01-22 19:17:59 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-01-21 14:45:29 ----D---- C:\Program Files\CCleaner
2010-01-19 20:38:23 ----D---- C:\Program Files\XP Codec Pack
2010-01-19 17:57:53 ----D---- C:\WINDOWS\Minidump
2010-01-19 16:18:43 ----D---- C:\Documents and Settings\pc\Application Data\Real
2010-01-18 20:22:24 ----D---- C:\Program Files\K-Lite Codec Pack
2010-01-17 12:04:52 ----D---- C:\Documents and Settings\pc\Application Data\TigerPlayer
2010-01-17 12:00:46 ----D---- C:\Program Files\MpcStar
2010-01-16 22:49:59 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-01-09 17:44:38 ----D---- C:\Documents and Settings\pc\Application Data\dvdcss
2010-01-08 16:40:13 ----D---- C:\Documents and Settings\pc\Application Data\vlc
2010-01-08 15:08:29 ----D---- C:\Documents and Settings\pc\Application Data\Media Player Classic
2010-01-08 15:06:02 ----A---- C:\WINDOWS\system32\unrar.dll
2010-01-08 12:54:37 ----D---- C:\Program Files\VideoLAN
======List of files/folders modified in the last 1 months======
2010-02-04 14:26:21 ----D---- C:\Program Files
2010-02-04 14:26:01 ----D---- C:\WINDOWS\Prefetch
2010-02-04 14:11:47 ----D---- C:\WINDOWS\Temp
2010-02-04 14:09:17 ----SD---- C:\WINDOWS\Tasks
2010-02-04 12:34:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-04 11:38:31 ----D---- C:\WINDOWS\system32\config
2010-02-04 11:38:15 ----D---- C:\WINDOWS\system32\wbem
2010-02-04 11:38:14 ----D---- C:\WINDOWS\Registration
2010-02-04 11:37:41 ----D---- C:\WINDOWS\system32\Restore
2010-02-04 11:34:19 ----SHD---- C:\System Volume Information
2010-02-03 19:07:21 ----D---- C:\WINDOWS
2010-02-03 18:02:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-03 17:38:23 ----D---- C:\WINDOWS\system32\drivers
2010-02-03 17:38:23 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-02-02 17:54:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-02 17:54:27 ----D---- C:\Program Files\Internet Explorer
2010-02-02 15:46:54 ----D---- C:\WINDOWS\system32
2010-02-02 14:54:05 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-01 15:15:54 ----D---- C:\Program Files\Mozilla Firefox
2010-01-31 12:18:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-31 12:16:48 ----D---- C:\WINDOWS\security
2010-01-31 11:33:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-29 18:55:17 ----HD---- C:\WINDOWS\inf
2010-01-24 21:08:55 ----SD---- C:\Documents and Settings\pc\Application Data\Microsoft
2010-01-24 20:50:55 ----SHD---- C:\WINDOWS\Installer
2010-01-24 20:50:54 ----SHD---- C:\Config.Msi
2010-01-24 20:50:25 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2010-01-24 20:50:19 ----RSD---- C:\WINDOWS\Fonts
2010-01-21 15:35:32 ----D---- C:\WINDOWS\Debug
2010-01-21 10:37:07 ----D---- C:\WINDOWS\Help
2010-01-21 10:37:03 ----D---- C:\WINDOWS\nview
2010-01-21 10:32:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-18 10:18:33 ----D---- C:\Program Files\Windows Media Connect 2
2010-01-17 16:43:16 ----A---- C:\WINDOWS\win.ini
2010-01-16 23:16:55 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2010-01-16 22:49:59 ----D---- C:\Program Files\Google
2010-01-16 22:21:26 ----RSD---- C:\WINDOWS\assembly
2010-01-16 22:21:09 ----D---- C:\Program Files\Fichiers communs\System
2010-01-16 22:20:11 ----D---- C:\Program Files\Fichiers communs
2010-01-16 21:56:40 ----D---- C:\WINDOWS\system32\appmgmt
2010-01-16 14:18:38 ----D---- C:\tmp
2010-01-11 14:05:13 ----D---- C:\Documents and Settings
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-10-13 279600]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-10-13 43824]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-08-21 191536]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2005-06-21 125913]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-04-01 2314560]
R3 EL90X;Pilote de la carte EtherLink XL 90X 3Com; C:\WINDOWS\system32\DRIVERS\el90xnd5.sys [2001-08-23 153631]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20100131.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20100131.003\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-08-21 27696]
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2008-10-14 49536]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2004-03-02 50007]
S3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\nnsgui.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-04-13 701440]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-13 273664]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2005-11-07 8718848]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-10-13 319664]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-07 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-07 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 SysPlant;SysPlant for NT; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [2008-12-08 92488]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-08-14 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-08-14 108392]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 SmcService;Client de gestion Symantec ; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2008-12-08 1795400]
R2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 svlostServices;winlog; C:\WINDOWS\system32\svlostSrv.exe [2010-01-28 243200]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2008-12-08 2440120]
S2 PlugPlayWMPNetworkSvc;Plug-and-Play PlugPlayWMPNetworkSvc; srv []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2008-07-22 3093872]
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2008-12-08 320840]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by pc at 2010-02-04 14:26:15
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 10 GB (49%) free of 20 GB
Total RAM: 511 MB (23% free)
======Scheduled tasks folder======
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\WINDOWS\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2007-09-13 1312040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-04-01 77824]
"ccApp"=C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe [2008-08-14 115560]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"FixCamera"=C:\WINDOWS\FixCamera.exe [2005-12-06 20480]
"tsnpstd3"=C:\WINDOWS\tsnpstd3.exe [2005-11-04 90112]
"snpstd3"=C:\WINDOWS\vsnpstd3.exe [2005-09-05 339968]
"TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-12-30 198160]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"imPlayok"=C:\WINDOWS\system32\imPlayok.exe [2010-02-02 43971]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-08-09 1961984]
"Free Download Manager"=C:\Program Files\Free Download Manager\fdm.exe [2009-01-31 3399727]
"ahrxi"=C:/Downloads/Software//uwmphhg.exe []
"hkggd"=C:/Downloads/Software//ognbdug.exe []
"F5JMWNZTHI"=C:\DOCUME~1\pc\LOCALS~1\Temp\Hky.exe [2010-01-29 136704]
"ROUA3O12PW"=C:\WINDOWS\msb.exe [2010-01-29 206848]
"imPlayok"=C:\Documents and Settings\pc\imPlayok.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe /background []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-09-13 22880040]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-12-30 198160]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
DSLMON.lnk - C:\Program Files\Menara\dslmon.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-07 133632]
SysRun - {D7FFD784-5276-42D1-887B-00267870A4C7} - C:\WINDOWS\system32\svshost.dll [2010-01-31 2560]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"DisableStatusMessages"=0
"DisableTaskMgr"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"MemCheckBoxInRunDlg"=1
"NoSMBalloonTip"=1
"NoDesktopCleanupWizard"=1
"NoWelcomeScreen"=1
"NoDriveAutoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\DOCUME~1\pc\LOCALS~1\Temp\KBCZRBMI\LiveUpdate\LuSetup.exe"="C:\DOCUME~1\pc\LOCALS~1\Temp\KBCZRBMI\LiveUpdate\LuSetup.exe:*:Enabled:ipsec"
"C:\DOCUME~1\pc\LOCALS~1\Temp\QELROELT\LiveUpdate\LuSetup.exe"="C:\DOCUME~1\pc\LOCALS~1\Temp\QELROELT\LiveUpdate\LuSetup.exe:*:Enabled:ipsec"
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\Free Download Manager\fdm.exe"="C:\Program Files\Free Download Manager\fdm.exe:*:Disabled:Free Download Manager"
"C:\WINDOWS\system32\wininet.exe"="C:\WINDOWS\system32\wininet.exe:*:Enabled:Windows XP Update"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
======File associations======
.exe - open - "C:\Documents and Settings\pc\Local Settings\Application Data\av.exe" /START "%1" %*
======List of files/folders created in the last 1 months======
2010-02-04 14:26:21 ----D---- C:\Program Files\trend micro
2010-02-04 14:26:15 ----D---- C:\rsit
2010-02-02 15:46:54 ----A---- C:\WINDOWS\system32\imPlayok.exe
2010-01-31 21:24:30 ----A---- C:\WINDOWS\system32\winint.exe
2010-01-31 21:24:28 ----A---- C:\WINDOWS\system32\svshost.dll
2010-01-30 10:23:44 ----A---- C:\WINDOWS\system32\irmon.dll
2010-01-30 10:23:44 ----A---- C:\WINDOWS\system32\irftp.exe
2010-01-30 10:23:43 ----A---- C:\WINDOWS\system32\wshirda.dll
2010-01-29 20:50:40 ----A---- C:\WINDOWS\msb.exe
2010-01-29 17:27:19 ----A---- C:\WINDOWS\msa.exe
2010-01-29 17:26:05 ----A---- C:\WINDOWS\system32\sshnas21.dll
2010-01-28 20:53:45 ----A---- C:\WINDOWS\system32\svlostSrv.exe
2010-01-28 20:53:42 ----A---- C:\WINDOWS\system32\tasman.exe
2010-01-28 20:53:40 ----A---- C:\WINDOWS\system32\svlost.exe
2010-01-28 20:53:39 ----A---- C:\WINDOWS\system32\svlosta.dll
2010-01-28 20:53:38 ----A---- C:\WINDOWS\system32\ssleay32.dll
2010-01-28 20:53:38 ----A---- C:\WINDOWS\system32\libeay32.dll
2010-01-28 16:27:37 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2010-01-25 19:15:07 ----D---- C:\Downloads
2010-01-25 19:02:34 ----D---- C:\Program Files\Software Informer
2010-01-25 19:02:30 ----D---- C:\Documents and Settings\pc\Application Data\Free Download Manager
2010-01-25 19:02:21 ----D---- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
2010-01-25 19:02:18 ----D---- C:\Program Files\Free Download Manager
2010-01-24 20:50:04 ----D---- C:\Program Files\Microsoft Office
2010-01-24 20:49:04 ----D---- C:\Program Files\MSECache
2010-01-22 19:17:59 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2010-01-21 14:45:29 ----D---- C:\Program Files\CCleaner
2010-01-19 20:38:23 ----D---- C:\Program Files\XP Codec Pack
2010-01-19 17:57:53 ----D---- C:\WINDOWS\Minidump
2010-01-19 16:18:43 ----D---- C:\Documents and Settings\pc\Application Data\Real
2010-01-18 20:22:24 ----D---- C:\Program Files\K-Lite Codec Pack
2010-01-17 12:04:52 ----D---- C:\Documents and Settings\pc\Application Data\TigerPlayer
2010-01-17 12:00:46 ----D---- C:\Program Files\MpcStar
2010-01-16 22:49:59 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-01-09 17:44:38 ----D---- C:\Documents and Settings\pc\Application Data\dvdcss
2010-01-08 16:40:13 ----D---- C:\Documents and Settings\pc\Application Data\vlc
2010-01-08 15:08:29 ----D---- C:\Documents and Settings\pc\Application Data\Media Player Classic
2010-01-08 15:06:02 ----A---- C:\WINDOWS\system32\unrar.dll
2010-01-08 12:54:37 ----D---- C:\Program Files\VideoLAN
======List of files/folders modified in the last 1 months======
2010-02-04 14:26:21 ----D---- C:\Program Files
2010-02-04 14:26:01 ----D---- C:\WINDOWS\Prefetch
2010-02-04 14:11:47 ----D---- C:\WINDOWS\Temp
2010-02-04 14:09:17 ----SD---- C:\WINDOWS\Tasks
2010-02-04 12:34:48 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-02-04 11:38:31 ----D---- C:\WINDOWS\system32\config
2010-02-04 11:38:15 ----D---- C:\WINDOWS\system32\wbem
2010-02-04 11:38:14 ----D---- C:\WINDOWS\Registration
2010-02-04 11:37:41 ----D---- C:\WINDOWS\system32\Restore
2010-02-04 11:34:19 ----SHD---- C:\System Volume Information
2010-02-03 19:07:21 ----D---- C:\WINDOWS
2010-02-03 18:02:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-03 17:38:23 ----D---- C:\WINDOWS\system32\drivers
2010-02-03 17:38:23 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2010-02-02 17:54:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-02 17:54:27 ----D---- C:\Program Files\Internet Explorer
2010-02-02 15:46:54 ----D---- C:\WINDOWS\system32
2010-02-02 14:54:05 ----A---- C:\WINDOWS\NeroDigital.ini
2010-02-01 15:15:54 ----D---- C:\Program Files\Mozilla Firefox
2010-01-31 12:18:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-31 12:16:48 ----D---- C:\WINDOWS\security
2010-01-31 11:33:47 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-01-29 18:55:17 ----HD---- C:\WINDOWS\inf
2010-01-24 21:08:55 ----SD---- C:\Documents and Settings\pc\Application Data\Microsoft
2010-01-24 20:50:55 ----SHD---- C:\WINDOWS\Installer
2010-01-24 20:50:54 ----SHD---- C:\Config.Msi
2010-01-24 20:50:25 ----D---- C:\Program Files\Fichiers communs\Microsoft Shared
2010-01-24 20:50:19 ----RSD---- C:\WINDOWS\Fonts
2010-01-21 15:35:32 ----D---- C:\WINDOWS\Debug
2010-01-21 10:37:07 ----D---- C:\WINDOWS\Help
2010-01-21 10:37:03 ----D---- C:\WINDOWS\nview
2010-01-21 10:32:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-01-18 10:18:33 ----D---- C:\Program Files\Windows Media Connect 2
2010-01-17 16:43:16 ----A---- C:\WINDOWS\win.ini
2010-01-16 23:16:55 ----D---- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2010-01-16 22:49:59 ----D---- C:\Program Files\Google
2010-01-16 22:21:26 ----RSD---- C:\WINDOWS\assembly
2010-01-16 22:21:09 ----D---- C:\Program Files\Fichiers communs\System
2010-01-16 22:20:11 ----D---- C:\Program Files\Fichiers communs
2010-01-16 21:56:40 ----D---- C:\WINDOWS\system32\appmgmt
2010-01-16 14:18:38 ----D---- C:\tmp
2010-01-11 14:05:13 ----D---- C:\Documents and Settings
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41856]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys []
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14720]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2008-10-13 279600]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2008-10-13 43824]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-08-21 191536]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R3 adiusbaw;USB ADSL WAN Adapter; C:\WINDOWS\system32\DRIVERS\adiusbaw.sys [2005-06-21 125913]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-04-01 2314560]
R3 EL90X;Pilote de la carte EtherLink XL 90X 3Com; C:\WINDOWS\system32\DRIVERS\el90xnd5.sys [2001-08-23 153631]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20100131.003\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20100131.003\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-08-21 27696]
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2008-10-14 49536]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
S2 ADILOADER;General Purpose USB Driver (adildr.sys); C:\WINDOWS\System32\Drivers\adildr.sys [2004-03-02 50007]
S3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\nnsgui.sys []
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-04-13 701440]
S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-04-13 273664]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nm;Pilote du Moniteur réseau; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNPSTD3;USB PC Camera (SNPSTD3); C:\WINDOWS\system32\DRIVERS\snpstd3.sys [2005-11-07 8718848]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2008-10-13 319664]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-07 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-07 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 SysPlant;SysPlant for NT; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [2008-12-08 92488]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-08-14 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-08-14 108392]
R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 SmcService;Client de gestion Symantec ; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2008-12-08 1795400]
R2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 svlostServices;winlog; C:\WINDOWS\system32\svlostSrv.exe [2010-01-28 243200]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2008-12-08 2440120]
S2 PlugPlayWMPNetworkSvc;Plug-and-Play PlugPlayWMPNetworkSvc; srv []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2008-07-22 3093872]
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2008-12-08 320840]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
-----------------EOF-----------------
oila info.txt:info.txt logfile of random's system information tool 1.06 2010-02-04 14:27:09
======Uninstall list======
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Kit de Connexion MENARA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB25E068-C7A2-482F-A3BC-588A5869844D}\setup.exe" -l0x40c ControlPanel
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PC Camera-168-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\Setup.exe" -l0x9
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Reezaa 2.0-->"c:\Reezaa\unins000.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
Symantec Endpoint Protection-->MsiExec.exe /I{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
WinRAR Archiveur-->C:\Program Files\WinRAR\uninstall.exe
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe
======Security center information======
AV: Symantec Endpoint Protection
FW: Symantec Endpoint Protection
======System event log======
Computer Name: HALIMA
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk2\D au cours d'une opération de pagination.
Record Number: 6992
Source Name: Disk
Time Written: 20100120000145.000000+060
Event Type: Avertissement
User:
Computer Name: HALIMA
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk2\D au cours d'une opération de pagination.
Record Number: 6991
Source Name: Disk
Time Written: 20100120000145.000000+060
Event Type: Avertissement
User:
Computer Name: HALIMA
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk2\D au cours d'une opération de pagination.
Record Number: 6990
Source Name: Disk
Time Written: 20100120000145.000000+060
Event Type: Avertissement
User:
Computer Name: HALIMA
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk2\D au cours d'une opération de pagination.
Record Number: 6989
Source Name: Disk
Time Written: 20100120000145.000000+060
Event Type: Avertissement
User:
Computer Name: HALIMA
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk2\D au cours d'une opération de pagination.
Record Number: 6988
Source Name: Disk
Time Written: 20100120000145.000000+060
Event Type: Avertissement
User:
=====Application event log=====
Computer Name: HALIMA
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 940
Source Name: SecurityCenter
Time Written: 20091217153904.000000+060
Event Type: Informations
User:
Computer Name: HALIMA
Event Code: 35
Message: Le service 'ccEvtMgr' a démarré.
Record Number: 939
Source Name: ccSvcHst
Time Written: 20091217153843.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: HALIMA
Event Code: 34
Message: Le service 'ccEvtMgr' démarre.
Record Number: 938
Source Name: ccSvcHst
Time Written: 20091217153842.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: HALIMA
Event Code: 35
Message: Le service 'ccSetMgr' a démarré.
Record Number: 937
Source Name: ccSvcHst
Time Written: 20091217153842.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: HALIMA
Event Code: 34
Message: Le service 'ccSetMgr' démarre.
Record Number: 936
Source Name: ccSvcHst
Time Written: 20091217153840.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 7 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0701
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
======Uninstall list======
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Ask Toolbar-->"C:\Program Files\AskBarDis\unins000.exe"
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe
Free Download Manager 3.0-->"C:\Program Files\Free Download Manager\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
Kit de Connexion MENARA-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB25E068-C7A2-482F-A3BC-588A5869844D}\setup.exe" -l0x40c ControlPanel
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
Nero Suite-->C:\Program Files\Fichiers communs\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PC Camera-168-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECD03DA7-5952-406A-8156-5F0C93618D1F}\Setup.exe" -l0x9
RealPlayer-->C:\Program Files\Fichiers communs\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Reezaa 2.0-->"c:\Reezaa\unins000.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"
Symantec Endpoint Protection-->MsiExec.exe /I{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
WinRAR Archiveur-->C:\Program Files\WinRAR\uninstall.exe
XP Codec Pack-->C:\Program Files\XP Codec Pack\Uninstall.exe
======Security center information======
AV: Symantec Endpoint Protection
FW: Symantec Endpoint Protection
======System event log======
Computer Name: HALIMA
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk2\D au cours d'une opération de pagination.
Record Number: 6992
Source Name: Disk
Time Written: 20100120000145.000000+060
Event Type: Avertissement
User:
Computer Name: HALIMA
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk2\D au cours d'une opération de pagination.
Record Number: 6991
Source Name: Disk
Time Written: 20100120000145.000000+060
Event Type: Avertissement
User:
Computer Name: HALIMA
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk2\D au cours d'une opération de pagination.
Record Number: 6990
Source Name: Disk
Time Written: 20100120000145.000000+060
Event Type: Avertissement
User:
Computer Name: HALIMA
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk2\D au cours d'une opération de pagination.
Record Number: 6989
Source Name: Disk
Time Written: 20100120000145.000000+060
Event Type: Avertissement
User:
Computer Name: HALIMA
Event Code: 51
Message: Une erreur a été détectée sur le périphérique \Device\Harddisk2\D au cours d'une opération de pagination.
Record Number: 6988
Source Name: Disk
Time Written: 20100120000145.000000+060
Event Type: Avertissement
User:
=====Application event log=====
Computer Name: HALIMA
Event Code: 1800
Message: Le service Centre de sécurité Windows a démarré.
Record Number: 940
Source Name: SecurityCenter
Time Written: 20091217153904.000000+060
Event Type: Informations
User:
Computer Name: HALIMA
Event Code: 35
Message: Le service 'ccEvtMgr' a démarré.
Record Number: 939
Source Name: ccSvcHst
Time Written: 20091217153843.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: HALIMA
Event Code: 34
Message: Le service 'ccEvtMgr' démarre.
Record Number: 938
Source Name: ccSvcHst
Time Written: 20091217153842.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: HALIMA
Event Code: 35
Message: Le service 'ccSetMgr' a démarré.
Record Number: 937
Source Name: ccSvcHst
Time Written: 20091217153842.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: HALIMA
Event Code: 34
Message: Le service 'ccSetMgr' démarre.
Record Number: 936
Source Name: ccSvcHst
Time Written: 20091217153840.000000+060
Event Type: Informations
User: AUTORITE NT\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 7 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0701
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
-----------------EOF-----------------
ok
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
________________
branche tous tes supports externes puis lance usbfix option 1 et colle le rapport
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
________________
branche tous tes supports externes puis lance usbfix option 1 et colle le rapport
merci pour le temps que tu m a consacre après le téléchargement du malwarebyte voici le rapport après le scanne et la suppression du virus mon problème est résolu probablement :
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3689
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
04/02/2010 17:51:21
mbam-log-2010-02-04 (17-51-21).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 123222
Temps écoulé: 47 minute(s), 49 second(s)
Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
C:\WINDOWS\system32\svlostSrv.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\msb.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\tasman.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\imPlayok.exe (Trojan.Agent) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\svshost.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svlostservices (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d7ffd784-5276-42d1-887b-00267870a4c7} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\roua3o12pw (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\sysrun (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f5jmwnzthi (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\implayok (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\implayok (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.googlesayfa.com/en) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.googlesayfa.com/en) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\svlostSrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tasman.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svshost.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svlost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svlosta.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imPlayok.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Application Data\QNVW601P.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3689
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
04/02/2010 17:51:21
mbam-log-2010-02-04 (17-51-21).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 123222
Temps écoulé: 47 minute(s), 49 second(s)
Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 6
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
C:\WINDOWS\system32\svlostSrv.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\msb.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\tasman.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\system32\imPlayok.exe (Trojan.Agent) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\svshost.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\svlostservices (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d7ffd784-5276-42d1-887b-00267870a4c7} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ROUA3O12PW (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\roua3o12pw (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\sysrun (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f5jmwnzthi (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\implayok (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\implayok (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.googlesayfa.com/en) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.googlesayfa.com/en) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\svlostSrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tasman.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svshost.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svlost.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svlosta.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\imPlayok.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\pc\Application Data\QNVW601P.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
aider mois svp