PC Infecté, HELP je ne sais plus quoi faire....

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

PC Infecté, HELP je ne sais plus quoi faire....

Messagede maryruss » 29 Mai 2009, 14:27

Bonjour, voici maintenant quelques jours, je sais que j'ai un virus mais pas moyen de m'en débarrasser... j'ai essayé Antivir, PCPitStop scan en ligne, ESET online scanner, mais aucuns d'eux n'a détecté de virus mais quand j'ouvre le gestionnaire des tâches, j'ai un iexplore.exe qui s'ouvre continuellement même si je ne suis pas sur le net et quand je vais dans l'historique de IE, j'ai des recherches qui ont été faites et des sites qui ont été visités mais que je n'ai ni faites ni visités... de plus, j'ai essayé la restauration du système, mais lorsque j'arrive à "confirmer la restauration", je clique sur "suivant" mais rien ne se passe, j'ai donc essayé en mode sans échec, même résultat. J'ai essayé "dernière bonne configuration connue" mais rien n'y fait, ce qui fait donc que je suis ici aujourd'hui pour vous demander votre aide.

Voici le log de Malwarebyte's (sur lequel programme je n'ai pas pu faire la mise à jour car comme le virus m'empêchait de démarrer Malwarebyte's, j'ai dû le renommer et je n'ai donc pas pu faire les mises à jour):

Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1288
Windows 5.1.2600 Service Pack 2

2009-05-29 09:14:40
mbam-log-2009-05-29 (09-14-26).txt

Type de recherche: Examen rapide
Eléments examinés: 54435
Temps écoulé: 8 minute(s), 12 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> No action taken.
maryruss
 
Messages: 9
Inscription: 29 Mai 2009, 14:17

PC Infecté (suite 1)

Messagede maryruss » 29 Mai 2009, 14:28

Voici le 1er log de OTL:



OTL logfile created on: 2009-05-29 09:01:40 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Utilisateur\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

503,23 Mb Total Physical Memory | 155,52 Mb Available Physical Memory | 30,90% Memory free
1,20 Gb Paging File | 0,79 Gb Available in Paging File | 65,83% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 40,80 Gb Free Space | 54,75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARYLENE
Current User Name: Utilisateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006-11-03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2005-07-08 18:24:46 | 00,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2008-03-10 12:32:58 | 00,303,344 | ---- | M] (Bell Sympatico) -- C:\Program Files\Bell\Gestionnaire de securite\Fws.exe
PRC - [2009-04-01 15:46:23 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009-03-02 13:10:30 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2007-07-09 12:54:08 | 00,177,416 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe
PRC - [2007-04-10 14:41:48 | 00,284,176 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
PRC - [2007-03-02 12:24:42 | 00,407,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
PRC - [2002-09-20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2005-04-27 14:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2008-03-07 13:33:06 | 00,053,248 | ---- | M] (BELL) -- C:\Program Files\Personal Vault\VaultClientUpgrade.exe
PRC - [2007-03-02 12:24:52 | 00,734,736 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
PRC - [2007-06-13 09:10:53 | 01,037,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006-11-03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2004-06-03 04:51:27 | 00,172,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
PRC - [2004-06-03 04:50:07 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2007-07-12 04:00:36 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2009-03-02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007-01-19 13:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\MsnMsgr.Exe
PRC - [2007-01-23 09:06:06 | 00,143,401 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IMApp.exe
PRC - [2009-01-16 11:30:40 | 04,519,832 | ---- | M] (MétéoMédia/The Weather Network) -- C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe
PRC - [2007-01-19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe
PRC - [2009-02-28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009-02-28 00:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009-05-29 08:59:46 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Utilisateur\Bureau\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (a2free [Auto | Stopped])
SRV - [2009-04-01 15:46:23 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009-03-02 13:10:30 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2007-04-13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007-01-31 15:55:42 | 00,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Stopped])
SRV - [2007-04-13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007-07-09 12:54:08 | 00,177,416 | R--- | M] (Authentium, Inc.) -- C:\Program Files\Fichiers communs\Authentium\AntiVirus\dvpapi.exe -- (dvpapi [Auto | Running])
SRV - [2006-06-07 13:46:42 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004-08-05 08:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006-06-08 04:19:14 | 00,696,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2005-07-08 18:24:46 | 00,871,424 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Running])
SRV - File not found -- -- (iPod Service [On_Demand | Stopped])
SRV - [2007-04-10 14:41:48 | 00,284,176 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC [Auto | Running])
SRV - [2006-06-08 04:19:18 | 00,118,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007-03-02 12:24:42 | 00,407,056 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDAgent.exe -- (PDAgent [Auto | Running])
SRV - [2007-03-02 12:24:52 | 00,734,736 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk\PDEngine.exe -- (PDEngine [On_Demand | Running])
SRV - [2003-03-09 00:31:02 | 00,065,795 | R--- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [On_Demand | Stopped])
SRV - [2008-03-10 12:33:22 | 00,067,824 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Bell\Gestionnaire de securite\RpsSecurityAware.exe -- (Radialpoint Security Services [On_Demand | Stopped])
SRV - [2008-03-10 12:33:22 | 00,099,568 | ---- | M] (Bell Sympatico) -- C:\Program Files\Bell\Gestionnaire de securite\rpsupdaterR.exe -- (RPSUpdaterR [On_Demand | Stopped])
SRV - [2008-03-10 12:32:58 | 00,303,344 | ---- | M] (Bell Sympatico) -- C:\Program Files\Bell\Gestionnaire de securite\Fws.exe -- (RP_FWS [Auto | Running])
SRV - [2002-09-20 15:50:10 | 00,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default) [Auto | Running])
SRV - [2005-04-27 14:59:24 | 00,241,725 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean [Auto | Running])
SRV - [2007-01-19 13:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Running])
SRV - [2008-03-07 13:33:06 | 00,053,248 | ---- | M] (BELL) -- C:\Program Files\Personal Vault\VaultClientUpgrade.exe -- (VaultClientUpgrade [Auto | Running])
SRV - [2006-11-03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006-11-03 10:59:14 | 00,918,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2005-03-04 23:53:00 | 00,127,872 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2007-03-05 21:30:14 | 00,082,380 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K [System | Running])
DRV - [2009-02-13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009-03-24 16:08:22 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009-03-30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2007-07-09 12:01:04 | 00,834,448 | ---- | M] (Authentium, Inc.) -- C:\WINDOWS\system32\DRIVERS\css-dvp.sys -- (CSS DVP [Auto | Running])
DRV - [2007-03-02 10:26:18 | 00,067,352 | ---- | M] (Raxco Software, Inc.) -- C:\WINDOWS\System32\drivers\DefragFs.sys -- (DefragFS [Boot | Running])
DRV - [2003-03-09 00:31:00 | 00,051,024 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2003-03-09 00:31:02 | 00,016,080 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2003-03-09 00:31:02 | 00,021,456 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2005-09-20 12:00:54 | 01,302,332 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2005-07-08 18:17:54 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Running])
DRV - [2005-07-08 18:17:36 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2006-07-12 05:58:02 | 00,028,672 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [System | Running])
DRV - [2004-09-14 16:55:44 | 00,088,960 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn [On_Demand | Stopped])
DRV - [2008-06-19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
DRV - [2007-03-09 21:21:29 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2004-06-03 04:50:07 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\point32.sys -- (Point32 [On_Demand | Running])
DRV - [2004-08-05 08:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007-04-19 11:36:50 | 00,048,384 | ---- | M] (Radialpoint, Inc.) -- C:\WINDOWS\system32\DRIVERS\rp_pkt32.sys -- (RPPKT [On_Demand | Running])
DRV - [2008-01-09 10:35:54 | 00,055,296 | ---- | M] (Radialpoint, Inc.) -- C:\WINDOWS\system32\DRIVERS\rp_skt32.sys -- (RPSKT [Auto | Running])
DRV - [2007-11-13 06:25:54 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2005-03-01 16:01:40 | 00,392,704 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
DRV - [2005-03-28 10:19:38 | 00,220,992 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2007-09-24 20:54:36 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009-02-13 12:50:02 | 00,028,376 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2007-02-20 14:07:56 | 00,005,632 | R--- | M] () -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen [System | Running])
DRV - [2006-02-02 17:37:34 | 00,071,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\StMp3Rec.sys -- (StMp3Rec [On_Demand | Stopped])
DRV - [2009-05-27 21:34:50 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2005-09-19 09:41:00 | 00,241,280 | ---- | M] (Marvell) -- C:\WINDOWS\system32\DRIVERS\yk51x86.sys -- (yukonwxp [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-484763869-287218729-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default = FB CA ED 03 A7 9F 25 48 9A 3F 02 19 7E E0 EC 44 [binary data]
IE - HKU\S-1-5-21-484763869-287218729-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-484763869-287218729-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-484763869-287218729-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-484763869-287218729-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-484763869-287218729-839522115-1004\S-1-5-21-484763869-287218729-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (635 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {198285EE-1209-4839-B427-4EE81261C7E9} - Reg Error: Value error. File not found
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Bell\Gestionnaire de securite\pkR.dll (Radialpoint Inc.)
O2 - BHO: () - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {be0dbc31-6656-477c-b5df-121d33e82324} - Reg Error: Value error. File not found
O3 - HKU\S-1-5-21-484763869-287218729-839522115-1004\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-21-484763869-287218729-839522115-1004..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-484763869-287218729-839522115-1004..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-484763869-287218729-839522115-1004..\Run: [WeatherEye] C:\Program Files\MétéoMédia\MétéoÉclair\WeatherEye.exe (MétéoMédia/The Weather Network)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-287218729-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 116 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-484763869-287218729-839522115-1004\..Trusted Domains: xperttesting.com ([www3] http in Sites de confiance)
O15 - HKU\S-1-5-21-484763869-287218729-839522115-1004\..Trusted Domains: 117 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/ ... ontrol.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www1.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://design-concept.ca/Core/Player/20 ... _Win32.cab (20-20 3D Viewer)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan ... stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resourc ... oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 2759665142 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} http://utilities.pcpitstop.com/Extermin ... iVirus.dll (PCPitstop AntiVirus)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan ... asinst.cab (ActiveScan Installer Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v ... b56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-l ... cfscan.cab (McFreeScan Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\geBqRhGV: DllName - geBqRhGV.dll - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {31CDFCB9-37D6-4C1D-A31D-AA2DD56F637B} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\opnmNHbC) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007-03-01 22:32:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\system32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009-05-29 08:59:44 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009-05-29 08:59:44 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Utilisateur\Bureau\OTL.exe
[2009-05-29 08:54:58 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Utilisateur\Bureau\malemi.exe
[2009-05-29 05:42:34 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe
[2009-05-29 00:25:54 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009-05-28 16:57:26 | 00,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2009-05-28 16:57:03 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009-05-28 16:57:03 | 00,055,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2009-05-28 16:57:03 | 00,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009-05-28 16:57:03 | 00,028,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009-05-28 16:57:03 | 00,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009-05-28 16:57:01 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009-05-28 16:57:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009-05-28 15:34:18 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\CCleaner.lnk
[2009-05-28 09:06:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009-05-27 21:43:23 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009-05-27 21:15:29 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009-05-27 21:15:17 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009-05-27 16:42:50 | 00,000,000 | ---D | C] -- C:\Program Files\Personal Vault
[2009-05-27 16:41:53 | 00,055,296 | ---- | C] (Radialpoint, Inc.) -- C:\WINDOWS\System32\drivers\rp_skt32.sys
[2009-05-27 16:41:16 | 00,048,384 | ---- | C] (Radialpoint, Inc.) -- C:\WINDOWS\System32\drivers\rp_pkt32.sys
[2009-05-27 16:40:12 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Authentium
[2009-05-27 16:39:51 | 00,000,000 | ---D | C] -- C:\Program Files\Raxco
[2009-05-27 16:39:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Raxco
[2009-05-27 16:39:35 | 00,000,000 | ---D | C] -- C:\Program Files\CA
[2009-05-27 16:39:20 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Scanner
[2009-05-27 16:38:48 | 00,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Gestionnaire de sécurité Sympatico.lnk
[2009-05-27 16:05:18 | 00,000,000 | ---D | C] -- C:\Program Files\Bell
[2009-05-27 16:02:47 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2009-05-27 16:02:38 | 00,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2009-05-26 22:13:51 | 01,338,384 | ---- | C] (Bell) -- C:\Documents and Settings\Utilisateur\Bureau\SympaticoSecurityAdvisor_setupSSM.exe
[2009-05-26 21:53:49 | 04,119,088 | ---- | C] (Radialpoint) -- C:\Documents and Settings\Utilisateur\Bureau\RpsUU.exe
[2009-05-26 09:55:08 | 00,000,192 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Application Data\asd.bat
[2009-05-23 10:40:49 | 00,000,000 | ---D | C] -- C:\Program Files\Supermarket Mania
[2009-05-22 15:32:29 | 00,048,640 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\Qi120.xls
[2009-05-20 08:58:42 | 00,204,612 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\Pdfclefsamincissement.pdf
[2009-05-18 22:04:36 | 00,000,000 | ---D | C] -- C:\Program Files\Dream Chronicles The Chosen Child
[2009-05-14 18:45:34 | 00,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DivX Shared
[2009-05-14 09:28:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Application Data\SpinTop Games
[2009-05-14 09:26:08 | 00,000,000 | ---D | C] -- C:\Program Files\Amazing Adventures Special Edition Bundle
[2009-05-09 15:15:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Utilisateur\Application Data\RobinsonCrusoeREF
[2009-05-09 15:13:31 | 00,000,000 | ---D | C] -- C:\Program Files\Adventures of Robinson Crusoe
[2009-05-07 14:48:08 | 00,140,821 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\daisy 1sans titre1.jpg
[2009-05-07 14:17:02 | 00,019,431 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\grenouille marguerite2.jpg
[2009-05-07 14:13:56 | 00,027,424 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\grenouille marguerite.jpg
[2009-05-07 14:10:24 | 00,558,852 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Bureau\FrogDaisy2.jpg
[2009-05-07 13:59:45 | 01,070,634 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Mes documents\11-daisylesson.pdf
[2009-05-07 13:31:12 | 00,562,715 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Mes documents\pink_daisy_watering_can.pdf
[2009-05-07 08:46:10 | 00,392,396 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Mes documents\Les-Marguerites-de-Clara.pdf
[2009-05-03 14:05:38 | 00,000,000 | ---D | C] -- C:\Program Files\Quilting Time
[2009-04-29 15:20:32 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\Utilisateur\Mes documents\registre hebdomadaire Mary 2.xls
[2009-04-29 11:25:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009-04-29 11:21:05 | 00,000,000 | ---D | C] -- C:\Program Files\Samantha Swift and the Golden Touch
[2009-02-21 08:25:20 | 00,691,592 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008-09-24 22:33:33 | 00,033,351 | ---- | C] () -- C:\WINDOWS\System32\drivers\str.sys
[2008-04-07 09:58:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WD.INI
[2007-07-10 13:34:20 | 00,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSWQDRV.SYS
[2007-07-05 10:54:54 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007-07-05 10:54:53 | 00,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007-05-10 15:20:10 | 00,000,070 | ---- | C] () -- C:\WINDOWS\GDINST.INI
[2007-05-10 15:08:11 | 00,000,092 | ---- | C] () -- C:\WINDOWS\HFREP.INI
[2007-05-08 14:58:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliards.INI
[2007-03-09 23:46:13 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007-03-05 21:21:13 | 00,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2007-03-03 23:23:31 | 00,000,057 | ---- | C] () -- C:\WINDOWS\System32\FISHIN~1.ini
[2007-03-03 22:41:55 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007-03-01 23:16:55 | 00,011,001 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007-03-01 23:16:49 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007-03-01 11:28:07 | 00,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007-03-01 11:28:06 | 00,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2007-03-01 11:28:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2007-02-20 14:07:56 | 00,005,632 | R--- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2005-03-01 15:30:20 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004-08-05 08:00:00 | 00,001,060 | ---- | C] () -- C:\WINDOWS\win.ini
[2004-08-05 08:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[1999-01-22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998-09-14 15:43:16 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TWAIN32d.dll
[1998-08-16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009-05-29 09:00:00 | 00,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{26B01E3C-CEF8-4EC0-A856-C564A4DF5ECD}.job
[2009-05-29 09:00:00 | 00,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\AE38119391FB82F7.job
[2009-05-29 08:59:46 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Utilisateur\Bureau\OTL.exe
[2009-05-29 08:55:06 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Utilisateur\Bureau\malemi.exe
[2009-05-29 08:48:04 | 00,000,586 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\Mes dossiers de partage.lnk
[2009-05-29 08:47:44 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009-05-29 08:47:22 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-05-29 08:47:15 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Utilisateur\Local Settings\desktop.ini
[2009-05-29 08:44:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-05-29 08:44:35 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-05-29 05:42:34 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe
[2009-05-28 20:42:00 | 00,000,402 | ---- | M] () -- C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1173145237.job
[2009-05-28 16:57:26 | 00,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2009-05-28 15:34:18 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\CCleaner.lnk
[2009-05-28 15:01:54 | 00,000,117 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Application Data\AVSDVDPlayer.m3u
[2009-05-28 13:44:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009-05-27 21:52:11 | 00,000,635 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009-05-27 21:34:50 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009-05-27 16:38:48 | 00,001,890 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Gestionnaire de sécurité Sympatico.lnk
[2009-05-27 13:12:44 | 01,338,384 | ---- | M] (Bell) -- C:\Documents and Settings\Utilisateur\Bureau\SympaticoSecurityAdvisor_setupSSM.exe
[2009-05-27 11:48:13 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009-05-26 21:53:58 | 04,119,088 | ---- | M] (Radialpoint) -- C:\Documents and Settings\Utilisateur\Bureau\RpsUU.exe
[2009-05-26 09:55:08 | 00,000,192 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Application Data\asd.bat
[2009-05-22 15:32:29 | 00,048,640 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\Qi120.xls
[2009-05-16 11:29:06 | 00,172,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009-05-16 11:18:16 | 00,000,523 | ---- | M] () -- C:\hpfr3420.xml
[2009-05-07 15:07:52 | 00,140,821 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\daisy 1sans titre1.jpg
[2009-05-07 14:17:03 | 00,019,431 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\grenouille marguerite2.jpg
[2009-05-07 14:13:56 | 00,027,424 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\grenouille marguerite.jpg
[2009-05-07 14:10:05 | 00,558,852 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Bureau\FrogDaisy2.jpg
[2009-05-07 13:59:45 | 01,070,634 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\11-daisylesson.pdf
[2009-05-07 13:31:12 | 00,562,715 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\pink_daisy_watering_can.pdf
[2009-05-07 08:46:10 | 00,392,396 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\Les-Marguerites-de-Clara.pdf
[2009-05-07 03:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-04-29 15:31:12 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\registre hebdomadaire Mary 2.xls
[2009-04-29 14:51:38 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Utilisateur\Mes documents\registre hebdomadaire Mary.xls
<End>
maryruss
 
Messages: 9
Inscription: 29 Mai 2009, 14:17

PC Infecté (suite 2)

Messagede maryruss » 29 Mai 2009, 14:30

Et voici maintenant le 2ième log OTL:


OTL Extras logfile created on: 2009-05-29 09:01:40 - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Utilisateur\Bureau
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000C0C | Country: Canada | Language: FRC | Date Format: yyyy-MM-dd

503,23 Mb Total Physical Memory | 155,52 Mb Available Physical Memory | 30,90% Memory free
1,20 Gb Paging File | 0,79 Gb Available in Paging File | 65,83% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 40,80 Gb Free Space | 54,75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARYLENE
Current User Name: Utilisateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"63659:TCP" = 63659:TCP:*:Enabled:Azureus
"11046:TCP" = 11046:TCP:*:Enabled:BitComet 11046 TCP
"11046:UDP" = 11046:UDP:*:Enabled:BitComet 11046 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2006-10-10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007-01-19 13:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007-01-04 17:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
[2006-10-10 08:44:50 | 00,557,568 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007-01-23 09:06:06 | 00,143,401 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail
[2007-01-23 09:06:18 | 00,204,843 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
[2007-01-23 09:02:06 | 00,086,058 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail
File not found -- C:\Program Files\Messenger\Msmsgs.exe:*:Enabled:Windows Messenger
File not found -- C:\Program Files\Magentic\bin\MgImp.exe:*:Enabled:Magentic
File not found -- C:\Program Files\Magentic\bin\Magentic.exe:*:Enabled:Magentic
File not found -- C:\Program Files\Magentic\bin\MgApp.exe:*:Enabled:Magentic
File not found -- C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer
[2008-02-08 17:32:57 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
File not found -- C:\Program Files\BitDownload\BitDownload.exe:*:Enabled:Warez3
[2007-01-19 13:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007-01-04 17:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2007-02-05 23:46:20 | 00,148,384 | ---- | M] (Azureus, Inc) -- C:\Program Files\Azureus\Azureus.exe:LocalSubNet:Enabled:Azureus
File not found -- C:\Program Files\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent
File not found -- C:\Program Files\Kazaa\kazaa.exe:*:Disabled:Kazaa
File not found -- C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client
File not found -- C:\Program Files\Live Billiards\LiveBilliards.exe:*:Enabled:Live Billiards
File not found -- C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp\win270.tmp.exe:*:Enabled:win270.tmp
File not found -- C:\Program Files\Morpheus\Morpheus.exe:*:Enabled:Morpheus
File not found -- C:\Program Files\PC-Telephone\PCTel.exe:*:Enabled:PC-Telephone Executable
[1998-11-11 23:26:24 | 00,497,152 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\1036\WFXMSRVR.EXE:*:Enabled:WFXMSRVR
"C:\WINDOWS\system32\skefbras.exe" = C:\WINDOWS\system32\skefgram Files\PC-Telephone
File not found -- C:\WINDOWS\LMIB.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001040C-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{03D5D136-7031-4F84-9DFC-8D2B4B3FB49E}" = RPS ParentalControl
"{0B831FD2-7291-4291-9510-6AA39E3A45AC}" = RPS PopupBlocker
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13922F10-BD74-4912-AB11-E34B35062700}" = Microsoft Calculatrice Plus
"{17B03967-126B-478A-88ED-BF699690E528}" = RPS Backup
"{19C68497-1E4A-4285-8CCF-435872CD3436}" = RPS Zip
"{212F5777-1190-4DEF-8E4D-6B2F313B45E7}" = PerfectDisk
"{2E1DE390-879C-4291-9B68-DA032D2CC98E}" = AudioEdit Deluxe
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4B1AF076-1233-44C6-9A3C-2E14F843BF24}" = RPS RpsCore
"{4DE542B7-B384-453E-BB5B-60A5DAD98903}" = RPS Ad Blocker
"{5C6ADA55-254A-49AE-B897-2A836EC5AF3E}" = Windows Communication Foundation
"{5D5B9E6A-344C-4976-95AB-ABBDC648E5DA}" = Microsoft IntelliType Pro 5.2
"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{67D2C872-6232-4903-AB59-1CF6BBFAD26A}" = Gestionnaire de sécurité Sympatico
"{68EBB83A-B563-47DD-8D68-27A15CDD0931}" = WPF RC 1 v3.0.6507.0
"{6A6C087B-17F4-4A90-8542-85F0BFB58B16}" = SigmaTel MTPMSCN Audio Player
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = Photo et imagerie HP 2.0 - All-in-One Pilote
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Analyseur et SDK MSXML 4.0 SP2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{741CDDCC-F4F0-4CCC-9F47-25DB8FF66BFD}" = RPS AntiVirus
"{74DE69E0-5E08-11DD-6784-0041B0D518BE}" = The Velvet Express Demo
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{86F040E3-2285-4DDC-B082-7A75DB9BA7DF}" = RPS Burn
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90260409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{9616B735-928A-441E-B9A1-C95E1E1C8925}" = RPS Security Cleanup
"{965912F1-ED70-4299-A506-88AAB9D4E92C}" = RPS Firewall
"{96F702F3-7CA4-41B5-A70A-4F348DF99A9A}" = Myst IV - Revelation
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = Photo et imagerie HP 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A593A0F9-376D-43E1-BDAF-2088396E654E}" = RPS AntiFraud
"{AC76BA86-7AD7-1036-7B44-A70900000002}" = Adobe Reader 7.0.9 - Français
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = Disque de souvenirs HP
"{B53B8046-5EE8-41E1-9F1F-4664768A3A80}" = RPS Diagnostic Utility
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.1.6.186
"{BCE58548-34C9-4BBC-B357-5ECFF05C8CCA}" = Windows Workflow Foundation
"{C0A45FC8-7122-4F5E-9E59-A6B975182E90}" = RPS AsRealtime
"{C10BEEC7-5524-436D-94F9-089EF8AD8F4B}" = RPS Privacy Manager
"{C144C566-21EF-4F8C-9667-40CF19E6AED0}" = PPSDKRedistributables
"{C67DF120-4DD3-11D4-A3CA-005004AD2A5B}" = Authentium AntiVirus SDK - 2
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEA6ED33-79A5-4D55-A0F8-88C8159C60D0}" = RPS App Detector
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{E1E2A1E1-A14C-4F8B-87B2-1F4DCCC401D5}" = RPS Performance Tool
"{E3195F50-0727-4971-BE33-0D42540A4A27}" = Microsoft .NET Framework 3.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0FB02AD-F754-49FA-A18B-4DEBC84294CD}" = RPS AntiSpyware
"{F196AC50-7C95-42E1-9947-BDAB18BF3C8C}" = Microsoft .NET Framework 2.0 Language Pack - FRA
"{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}" = Windows Live Messenger
"{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}" = User Profile Hive Cleanup Service
"ActiveScan 2.0" = Panda ActiveScan 2.0
"AddressBook" =
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adventures of Robinson Crusoe_is1" = Adventures of Robinson Crusoe
"Amazing Adventures Special Edition Bundle_is1" = Amazing Adventures Special Edition Bundle
"Amelies Cafe_is1" = Amelies Cafe
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS DVD Copy_is1" = AVS DVD Copy version 1.4
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"Azureus 3.0" = Azureus 3.0
"Beetle Bug 2_is1" = Beetle Bug 2
"Beetle Bug 3_is1" = Beetle Bug 3
"BHODemon_is1" = BHODemon 2.0.0.22
"Branding" =
"Cafe Mahjongg_is1" = Cafe Mahjongg
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner (remove only)
"Connection Manager" =
"CSCLIB" = Canon Camera Support Core Library
"Cubis Gold 2_is1" = Cubis Gold 2
"Diaper Dash_is1" = Diaper Dash
"DirectAnimation" =
"DirectDrawEx" =
"Dream Chronicles The Chosen Child_is1" = Dream Chronicles The Chosen Child
"DXM_Runtime" =
"EOS Utility" = Canon Utilities EOS Utility
"Escape Rosecliff Island_is1" = Escape Rosecliff Island
"ESET Online Scanner" = ESET Online Scanner v3
"Fontcore" =
"Gold Rush Treasure Hunt_is1" = Gold Rush Treasure Hunt
"HijackThis" = HijackThis 2.0.2
"HP PSC 1200 Series" = Photo et imagerie HP 2.0 - hp psc 1200 series
"ICW" =
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE40" =
"IE4Data" =
"IE5BAKEX" =
"ie7" = Windows Internet Explorer 7
"IEData" =
"InCD!UninstallKey" = InCD
"IncrediMail" = IncrediMail Xe
"Legacy World Adventure_is1" = Legacy World Adventure
"Magentic" = Magentic
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - FRA" = Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"MobileOptionPack" =
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI30a-KB884016" =
"MSI30-Beta1" =
"MSI30-Beta2" =
"MSI30-KB884016" =
"MSI30-RC1" =
"MSI30-RC2" =
"MSI31-Beta" =
"MSI31-RC1" =
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Navilog1" = Navilog1 Version 2.0.3
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NetMeeting" =
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OutlookExpress" =
"Panda Craze_is1" = Panda Craze
"PC Pitstop Disk MD_is1" = PC Pitstop Disk MD 2.0
"PC Pitstop Exterminate2_is1" = PC Pitstop Exterminate2 2.0
"PCHealth" =
"PhotoStitch" = Canon Utilities PhotoStitch
"PJ Pride Pet Detectives Destination Europe_is1" = PJ Pride Pet Detectives Destination Europe
"Plan It Green_is1" = Plan It Green
"Quilting Time_is1" = Quilting Time
"RadialpointClientGateway_is1" = Conseiller en sécurité Sympatico 1.5.11
"Ranch Rush_is1" = Ranch Rush
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealMedia" = RealMedia (remove only)
"RealPlayer 6.0" = RealPlayer
"Recettes" = Recettes
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Samantha Swift and the Golden Touch_is1" = Samantha Swift and the Golden Touch
"SchedulingAgent" =
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Super Collapse 3_is1" = Super Collapse 3
"Supermarket Mania_is1" = Supermarket Mania
"UseNeXT_is1" = UseNeXT
"Vault" = Gestionnaire de sauvegarde
"WIC" = Windows Imaging Component
"Wild Tribe_is1" = Wild Tribe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMCSetup" =
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MétéoÉclair" = MétéoÉclair
"Sweet Home 3D" = Sweet Home 3D
"tray chic site" = CiD Help

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-484763869-287218729-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MétéoÉclair" = MétéoÉclair
"Sweet Home 3D" = Sweet Home 3D
"tray chic site" = CiD Help

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-05-20 10:14:00 | Computer Name = MARYLENE | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16827, module
défaillant quicktime.qts, version 7.1.5.120, adresse de défaillance 0x00069bc7.

Error - 2009-05-20 10:48:30 | Computer Name = MARYLENE | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16827, module
défaillant flash10b.ocx, version 10.0.22.87, adresse de défaillance 0x002da8ba.

Error - 2009-05-22 08:49:09 | Computer Name = MARYLENE | Source = Application Error | ID = 1000
Description = Application défaillante gold rush.exe, version 0.0.0.0, module défaillant
gold rush.exe, version 0.0.0.0, adresse de défaillance 0x00025b97.

Error - 2009-05-23 23:00:31 | Computer Name = MARYLENE | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16827, module
défaillant userenv.dll, version 5.1.2600.2180, adresse de défaillance 0x00008d76.

Error - 2009-05-26 21:55:02 | Computer Name = MARYLENE | Source = WinMgmt | ID = 24
Description = Le fournisseur d'événements a essayé d'enregistrer la requête "SELECT
* FROM PDEvent" dont la classe cible "PDEvent" n'existe pas. La requête sera ignorée.

Error - 2009-05-27 12:56:15 | Computer Name = MARYLENE | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à : <http>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

Error - 2009-05-27 14:56:39 | Computer Name = MARYLENE | Source = WinMgmt | ID = 24
Description = Le fournisseur d'événements a essayé d'enregistrer la requête "SELECT
* FROM PDEvent" dont la classe cible "PDEvent" n'existe pas. La requête sera ignorée.

Error - 2009-05-27 15:42:43 | Computer Name = MARYLENE | Source = WinMgmt | ID = 24
Description = Le fournisseur d'événements a essayé d'enregistrer la requête "SELECT
* FROM PDEvent" dont la classe cible "PDEvent" n'existe pas. La requête sera ignorée.

Error - 2009-05-27 16:40:00 | Computer Name = MARYLENE | Source = WinMgmt | ID = 24
Description = Le fournisseur d'événements a essayé d'enregistrer la requête "SELECT
* FROM PDEvent" dont la classe cible "PDEvent" n'existe pas. La requête sera ignorée.

Error - 2009-05-29 08:18:35 | Computer Name = MARYLENE | Source = Application Error | ID = 1000
Description = Application défaillante gold rush.exe, version 0.0.0.0, module défaillant
gold rush.exe, version 0.0.0.0, adresse de défaillance 0x00025b97.

[ Application Events ]
Error - 2009-05-20 10:14:00 | Computer Name = MARYLENE | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16827, module
défaillant quicktime.qts, version 7.1.5.120, adresse de défaillance 0x00069bc7.

Error - 2009-05-20 10:48:30 | Computer Name = MARYLENE | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16827, module
défaillant flash10b.ocx, version 10.0.22.87, adresse de défaillance 0x002da8ba.

Error - 2009-05-22 08:49:09 | Computer Name = MARYLENE | Source = Application Error | ID = 1000
Description = Application défaillante gold rush.exe, version 0.0.0.0, module défaillant
gold rush.exe, version 0.0.0.0, adresse de défaillance 0x00025b97.

Error - 2009-05-23 23:00:31 | Computer Name = MARYLENE | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 7.0.6000.16827, module
défaillant userenv.dll, version 5.1.2600.2180, adresse de défaillance 0x00008d76.

Error - 2009-05-26 21:55:02 | Computer Name = MARYLENE | Source = WinMgmt | ID = 24
Description = Le fournisseur d'événements a essayé d'enregistrer la requête "SELECT
* FROM PDEvent" dont la classe cible "PDEvent" n'existe pas. La requête sera ignorée.

Error - 2009-05-27 12:56:15 | Computer Name = MARYLENE | Source = crypt32 | ID = 131083
Description = Échec de l'extraction de la liste racine tierce partie depuis le fichier
CAB de mise à jour automatique à : <http>
avec l'erreur : Un certificat requis n'est pas dans sa période de validité selon
la vérification par rapport à l'horloge système en cours ou le tampon daté dans
le fichier signé.

Error - 2009-05-27 14:56:39 | Computer Name = MARYLENE | Source = WinMgmt | ID = 24
Description = Le fournisseur d'événements a essayé d'enregistrer la requête "SELECT
* FROM PDEvent" dont la classe cible "PDEvent" n'existe pas. La requête sera ignorée.

Error - 2009-05-27 15:42:43 | Computer Name = MARYLENE | Source = WinMgmt | ID = 24
Description = Le fournisseur d'événements a essayé d'enregistrer la requête "SELECT
* FROM PDEvent" dont la classe cible "PDEvent" n'existe pas. La requête sera ignorée.

Error - 2009-05-27 16:40:00 | Computer Name = MARYLENE | Source = WinMgmt | ID = 24
Description = Le fournisseur d'événements a essayé d'enregistrer la requête "SELECT
* FROM PDEvent" dont la classe cible "PDEvent" n'existe pas. La requête sera ignorée.

Error - 2009-05-29 08:18:35 | Computer Name = MARYLENE | Source = Application Error | ID = 1000
Description = Application défaillante gold rush.exe, version 0.0.0.0, module défaillant
gold rush.exe, version 0.0.0.0, adresse de défaillance 0x00025b97.

[ System Events ]
Error - 2009-04-18 10:45:17 | Computer Name = MARYLENE | Source = Service Control Manager | ID = 7034
Description = Le service Canon Camera Access Library 8 s'est terminé de façon inattendue
pour la 1ème fois.

Error - 2009-04-19 11:59:00 | Computer Name = MARYLENE | Source = Service Control Manager | ID = 7000
Description = Le service a-squared Free Service n'a pas pu démarrer en raison de
l'erreur : %%2

Error - 2009-04-20 07:55:06 | Computer Name = MARYLENE | Source = Service Control Manager | ID = 7000
Description = Le service a-squared Free Service n'a pas pu démarrer en raison de
l'erreur : %%2

Error - 2009-04-21 21:16:21 | Computer Name = MARYLENE | Source = Service Control Manager | ID = 7034
Description = Le service Canon Camera Access Library 8 s'est terminé de façon inattendue
pour la 1ème fois.

Error - 2009-04-22 08:36:40 | Computer Name = MARYLENE | Source = MRxSmb | ID = 8003
Description = Le maître explorateur a reçu une annonce de serveur de l'ordinateur
JEAN qui pense qu'il est le maître explorateur sur le domaine pour le transport
NetBT_Tcpip_{8A4AE5FE-6DE7-4B83-8793. Le maître explorateur s'arrête ou une élection
est provoquée.

Error - 2009-04-23 16:10:25 | Computer Name = MARYLENE | Source = Service Control Manager | ID = 7000
Description = Le service a-squared Free Service n'a pas pu démarrer en raison de
l'erreur : %%2

Error - 2009-04-25 20:20:34 | Computer Name = MARYLENE | Source = Service Control Manager | ID = 7034
Description = Le service Canon Camera Access Library 8 s'est terminé de façon inattendue
pour la 1ème fois.

Error - 2009-04-26 09:45:53 | Computer Name = MARYLENE | Source = MRxSmb | ID = 8003
Description = Le maître explorateur a reçu une annonce de serveur de l'ordinateur
KATHY qui pense qu'il est le maître explorateur sur le domaine pour le transport
NetBT_Tcpip_{8A4AE5FE-6DE7-4B83-879. Le maître explorateur s'arrête ou une élection
est provoquée.

Error - 2009-04-27 21:57:09 | Computer Name = MARYLENE | Source = BROWSER | ID = 8032
Description = Le service Explorateur d'ordinateur a rencontré un nombre d'échecs
trop important en essayant de retrouver la copie de sauvegarde de la liste sur
le transport \Device\NetBT_Tcpip_{8A4AE5FE-6DE7-4B83-8793-0B967A84C3B0}. L'explorateur
secondaire s'arrête.

Error - 2009-04-28 08:56:00 | Computer Name = MARYLENE | Source = MRxSmb | ID = 8003
Description = Le maître explorateur a reçu une annonce de serveur de l'ordinateur
KATHY qui pense qu'il est le maître explorateur sur le domaine pour le transport
NetBT_Tcpip_{8A4AE5FE-6DE7-4B83-879. Le maître explorateur s'arrête ou une élection
est provoquée.


<End>


SVP, aidez-moi....
maryruss
 
Messages: 9
Inscription: 29 Mai 2009, 14:17

Messagede nickW » 30 Mai 2009, 16:50

Bonjour,


Est-ce toi qui as installé Authentium AntiVirus?


Peux-tu créer puis envoyer un autre rapport:

Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec)
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser en mode sans échec.



Étape 1: Lop S&D (de Angeldark et Eric71)
Télécharger Lop S&D via un clic droit sur l'un des liens ci-dessous:
http://eric71.geekstogo.com/tools/LopSD.exe
http://eric.71.mespages.googlepages.com/LopSD.exe
Enregistrer ce fichier sur le Bureau.


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 3: Lop S&D (de Angeldark et Eric71), Recherche
Faire un double clic sur LopSD.exe pour lancer l'exécution de l'outil.

Choisir la langue en tapant F puis en appuyant sur Entrée.
Lire l'avertissement, puis cliquer sur OK.

Après l'affichage du menu, taper 1 puis faire Entrée pour rechercher les fichiers responsables de l'infection.
Lorsque la recherche est terminée, une fenêtre du Bloc-notes s'ouvre et affiche le rapport (alias log).

Fermer le Bloc-notes, ce qui termine l'exécution de l'outil.

Note:
Si le Bureau ne réapparaît pas, ouvrir le Gestionnaire des tâches en utilisant simultanément les touches CTRL+ALT+SUPP.
Cliquer en haut sur le Menu Fichier et choisir Nouvelle tâche (Exécuter...).
Dans la nouvelle fenêtre Créer une nouvelle tâche qui s'est ouverte, dans la zone Ouvrir, taper exactement explorer puis cliquer sur le bouton OK. Le Bureau va réapparaître.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 5: Résultat
Envoyer en réponse:
*- le rapport de Lop S&D (contenu du fichier SystemDrive\lopR.txt)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede maryruss » 31 Mai 2009, 02:00

Bonjour Nwick,

Non ce n'est pas moi qui ai installé Authentium Antivirus...

Pour ce uqi est de l'autre rapport à créer, comme je n'ai pas le temps aujourd'hui, je le ferai et le posterai demain.

En attendant, merci pour la réponse rapide !!

Maryruss
maryruss
 
Messages: 9
Inscription: 29 Mai 2009, 14:17

Messagede maryruss » 01 Juin 2009, 20:38

Rebonjour Nwick,

J'ai suivi les étapes à la lettre tel que demandé, mais j'obtiens le message d'erreur suivant lorsque j'exécute Lop S&D: "Erreur: le système n'a pas pu trouver la clé ou la valeur de Registre demandée"...

Je fais quoi maintenant ??

P.S: J'étais en mode sans échec avec un compte ayant les droits administrateurs, et Antivir était arrêté.

Merci

Maryruss
maryruss
 
Messages: 9
Inscription: 29 Mai 2009, 14:17

Messagede nickW » 02 Juin 2009, 00:29

Bonsoir,

Peux-tu re-essayer d'utiliser Lop-S&D en mode normal?
(si cela fonctionne, ne pas oublier d'envoyer le rapport)


Ensuite, utilisation d'un autre outil:


Étape 1: MSNFix (de !aur3n7)
Fermer toutes les applications ouvertes (il y aura peut-être redémarrage).
Télécharger MSNFix.zip depuis http://sosvirus.changelog.fr/MSNFix.zip
Enregistrer ce fichier sur le Bureau.

Note:
Process.exe est détecté par certains antivirus/antispyware comme étant un RiskTool (outil dangereux).
Il s'agit d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait avoir des actions néfastes.
Dans le cas de MSNFix, il faut le laisser s'exécuter (si nécessaire, arrêter momentanément la protection en temps réel de l'antivirus/antispyware).


Décompresser la totalité de l'archive (clic droit, Extraire tout).
Ouvrir le dossier MSNFix qui vient d'être créé sur le Bureau et faire un double clic sur MSNFix.bat pour lancer l'outil.
Si cela est demandé, choisir la langue française (F suivi de Entrée).
Choisir l'option R (Rechercher) puis faire Entrée.
Si une infection est détectée (un message le signale), appuyer sur une touche pour lancer le nettoyage.

Note :
Si une erreur de suppression est détectée, un message s'affichera demandant de faire redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de faire redémarrer le PC en mode normal.


Étape 2: Résultats
Envoyer en réponse le rapport de MSNFix (contenu du fichier ********-*******.txt situé dans le dossier MSNFix, les **** représentent la date et l'heure, en chiffres).
Si et seulement si tu ne trouves pas ce fichier, il faut envoyer le contenu du fichier SystemDrive\Windows\msnfix.txt
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede maryruss » 03 Juin 2009, 15:59

Rebonjour NickW,

Voici les dernières nouvelles: pour le Lop S&D en mode normal, j'obtiens le même résultat qu'en mode sans échec.

Pour MSNFix, une fois lancé, il me dit qu'une infection a été trouvé, je lance donc le nettoyage mais à l'étape 1/3, il me donne le message suivant :" Le système ne peut trouver le fichier incl/msnRK.txt" puis il "gèle" là, je dois donc repartir mon ordinateur... j'ai fait l'essai en mode normal et sans échec et j'obtiens le mêm résultat à chaque fois....

SVP aidez-moi j'en peux plus...

Maryruss
maryruss
 
Messages: 9
Inscription: 29 Mai 2009, 14:17

Messagede nickW » 04 Juin 2009, 00:17

Bonsoir,

Recherche de processus cachés:

Étape 1: RootRepeal (de AD)
Télécharger RootRepeal via un clic droit sur le lien ci-dessous:
http://rootrepeal.googlepages.com/RootRepeal.zip
Enregistrer le fichier sur le Bureau.
Créer un nouveau dossier nommé RootRepeal à la racine du disque système (généralement C:\)

Décompresser l'archive téléchargée dans ce nouveau dossier RootRepeal


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 3: RootRepeal (de AD)
Dans l'Explorateur, ouvrir le dossier RootRepeal
Faire un double clic sur RootRepeal.exe pour lancer l'outil.

Cliquer sur l'onglet Report (en bas de la fenêtre)
Cliquer sur le bouton Scan
Dans la nouvelle fenêtre Select Scan, cocher:
+ Drivers
+ Files
+ Processes
+ SSDT
+ Stealth Objects
+ Hidden Services

Cliquer sur le bouton OK
Dans la nouvelle fenêtre Select Drives, cocher le lecteur système (C:\).
Cliquer sur le bouton OK pour lancer l'analyse

Note: Cette analyse prend un certain temps. NE PAS LANCER d'autres programmes tant qu'elle est active.

Lorsque l'analyse est terminée, le bouton Save Report sera disponible
Cliquer sur ce bouton Save Report et enregistrer le fichier rapport dans le dossier RootRepeal sous le nom RootRepeal-090603.txt

Ouvrir le menu File, cliquer sur Exit pour fermer le programme.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 5: Résultats
Envoyer en réponse:
*- le rapport de RootRepeal (contenu du fichier RootRepeal-090603.txt)
Ce rapport peut être très long. Bien vérifier qu'il est complet dans le message envoyé. Si nécessaire, le découper en plusieurs messages.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede maryruss » 04 Juin 2009, 19:00

Rebonjour,

Voici le rapport RootRepeal tel que demandé:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Time: 2009/06/04 13:19
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: ac7m9lex.SYS
Image Path: C:\WINDOWS\System32\Drivers\ac7m9lex.SYS
Address: 0xF6BB3000 Size: 421888 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB2CF7000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8B8F000 Size: 8192 File Visible: No Signed: -
Status: -

Name: PCI_NTPNP9678
Image Path: \Driver\PCI_NTPNP9678
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB286B000 Size: 49152 File Visible: No Signed: -
Status: -

Name: UACaaanxossmkusoff.sys
Image Path: C:\WINDOWS\system32\drivers\UACaaanxossmkusoff.sys
Address: 0xB2F8C000 Size: 77824 File Visible: - Signed: -
Status: Hidden from Windows API!

Name: uphcleanhlp.sys
Image Path: C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Address: 0xB1F1B000 Size: 8960 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\UACcabivqelaaycwie.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACdjksxrthrprnjjs.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACdpxcgmfoovrxcxk.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\uacinit.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACtcbgmdpaadflxop.dat
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACvcxwdcexsnawmut.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACwnirftmydruitmb.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\UACydqolruqvlmhvtn.log
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC3090.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\Temp\UAC7fd9.tmp
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\UACaaanxossmkusoff.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Utilisateur\Local Settings\Temp\UAC6912.tmp
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Utilisateur\Local Settings\Application Data\Microsoft\Messenger\marylenelemieux@msn.com\SharingMetadata\puce204@hotmail.com\DFSR\Staging\CS{A463D8F2-5324-FC32-C0CF-92FBD8B1DD09}\01\10-{A463D8F2-5324-FC32-C0CF-92FBD8B1DD09}-v1-{6AECBE35-FA91-4C5F-8C47-A0104C5DE2B2}-v10-Downloaded.frx
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Utilisateur\Application Data\Macromedia\Flash Player\#SharedObjects\7SB5SVQN\include.classistatic.com\include\c3js\classifieds\rel1\FLASH\getMachId.swf\mach_data.sol:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
Status: Invisible to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: winlogon.exe (PID: 940) Address: 0x006a0000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: winlogon.exe (PID: 940) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: services.exe (PID: 988) Address: 0x00720000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: services.exe (PID: 988) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: lsass.exe (PID: 1016) Address: 0x00760000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: lsass.exe (PID: 1016) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: svchost.exe (PID: 1212) Address: 0x00700000 Size: 49152

Object: Hidden Module [Name: UAC3090.tmpxrthrprnjjs.dll]
Process: svchost.exe (PID: 1212) Address: 0x00a00000 Size: 200704

Object: Hidden Module [Name: UACwnirftmydruitmb.dll]
Process: svchost.exe (PID: 1212) Address: 0x00b30000 Size: 69632

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: svchost.exe (PID: 1212) Address: 0x00cd0000 Size: 45056

Object: Hidden Module [Name: UACdjksxrthrprnjjs.dll]
Process: svchost.exe (PID: 1212) Address: 0x02870000 Size: 200704

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: svchost.exe (PID: 1212) Address: 0x02fc0000 Size: 49152

Object: Hidden Module [Name: UACdpxcgmfoovrxcxk.dll]
Process: svchost.exe (PID: 1212) Address: 0x03060000 Size: 53248

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: svchost.exe (PID: 1212) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: svchost.exe (PID: 1304) Address: 0x00700000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: svchost.exe (PID: 1304) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: MsMpEng.exe (PID: 1456) Address: 0x008e0000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: MsMpEng.exe (PID: 1456) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: svchost.exe (PID: 1512) Address: 0x00700000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: svchost.exe (PID: 1512) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: InCDsrv.exe (PID: 1536) Address: 0x005f0000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: InCDsrv.exe (PID: 1536) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: svchost.exe (PID: 1644) Address: 0x00700000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: svchost.exe (PID: 1644) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: Fws.exe (PID: 1712) Address: 0x00910000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: Fws.exe (PID: 1712) Address: 0x00be0000 Size: 49152

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: svchost.exe (PID: 1852) Address: 0x00700000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: svchost.exe (PID: 1852) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: svchost.exe (PID: 1952) Address: 0x00700000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: svchost.exe (PID: 1952) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: spoolsv.exe (PID: 252) Address: 0x00990000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: spoolsv.exe (PID: 252) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: sched.exe (PID: 308) Address: 0x009f0000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: sched.exe (PID: 308) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: svchost.exe (PID: 436) Address: 0x00700000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: svchost.exe (PID: 436) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: Explorer.EXE (PID: 708) Address: 0x00c20000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: Explorer.EXE (PID: 708) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: ctfmon.exe (PID: 820) Address: 0x009a0000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: ctfmon.exe (PID: 820) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: avguard.exe (PID: 892) Address: 0x009d0000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: avguard.exe (PID: 892) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: dvpapi.exe (PID: 1368) Address: 0x00720000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: dvpapi.exe (PID: 1368) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: ITMRTSVC.exe (PID: 1416) Address: 0x00760000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: ITMRTSVC.exe (PID: 1416) Address: 0x003f0000 Size: 45056

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: PDAgent.exe (PID: 1680) Address: 0x009c0000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: PDAgent.exe (PID: 1680) Address: 0x00a90000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: MSASCui.exe (PID: 1996) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: MSASCui.exe (PID: 1996) Address: 0x00bf0000 Size: 49152

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: type32.exe (PID: 2004) Address: 0x00ab0000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: type32.exe (PID: 2004) Address: 0x009f0000 Size: 45056

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: point32.exe (PID: 2024) Address: 0x00ac0000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: point32.exe (PID: 2024) Address: 0x00b80000 Size: 49152

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: jusched.exe (PID: 2036) Address: 0x00bd0000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: jusched.exe (PID: 2036) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: avgnt.exe (PID: 172) Address: 0x00ab0000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: avgnt.exe (PID: 172) Address: 0x00b70000 Size: 49152

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: qttask.exe (PID: 208) Address: 0x009c0000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: qttask.exe (PID: 208) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: SMAgent.exe (PID: 628) Address: 0x006f0000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: SMAgent.exe (PID: 628) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: svchost.exe (PID: 468) Address: 0x00700000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: svchost.exe (PID: 468) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: uphclean.exe (PID: 2092) Address: 0x006f0000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: uphclean.exe (PID: 2092) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: VaultClientUpgrade.exe (PID: 2136) Address: 0x00660000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: VaultClientUpgrade.exe (PID: 2136) Address: 0x00730000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: IMApp.exe (PID: 2196) Address: 0x00be0000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: IMApp.exe (PID: 2196) Address: 0x00cb0000 Size: 49152

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: alg.exe (PID: 3476) Address: 0x00780000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: alg.exe (PID: 3476) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: usnsvc.exe (PID: 692) Address: 0x00610000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: usnsvc.exe (PID: 692) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: RootRepeal.exe (PID: 3512) Address: 0x00b00000 Size: 49152

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: RootRepeal.exe (PID: 3512) Address: 0x10000000 Size: 45056

Object: Hidden Module [Name: UACcabivqelaaycwie.dll]
Process: ImNotfy.exe (PID: 3788) Address: 0x00dd0000 Size: 45056

Object: Hidden Module [Name: UACvcxwdcexsnawmut.dll]
Process: ImNotfy.exe (PID: 3788) Address: 0x012a0000 Size: 49152

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x82fd71e8 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x82aa5478 Size: 121

Object: Hidden Code [Driver: ac7m9lexࠅఈ灐畳妈, IRP_MJ_CREATE]
Process: System Address: 0x82d451e8 Size: 121

Object: Hidden Code [Driver: ac7m9lexࠅఈ灐畳妈, IRP_MJ_CLOSE]
Process: System Address: 0x82d451e8 Size: 121

Object: Hidden Code [Driver: ac7m9lexࠅఈ灐畳妈, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82d451e8 Size: 121

Object: Hidden Code [Driver: ac7m9lexࠅఈ灐畳妈, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82d451e8 Size: 121

Object: Hidden Code [Driver: ac7m9lexࠅఈ灐畳妈, IRP_MJ_POWER]
Process: System Address: 0x82d451e8 Size: 121

Object: Hidden Code [Driver: ac7m9lexࠅఈ灐畳妈, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82d451e8 Size: 121

Object: Hidden Code [Driver: ac7m9lexࠅఈ灐畳妈, IRP_MJ_PNP]
Process: System Address: 0x82d451e8 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x82deb790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x82deb790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x82deb790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x82deb790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82deb790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82deb790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82deb790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82deb790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x82deb790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82deb790 Size: 121

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x82deb790 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x82fd81e8 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]
Process: System Address: 0x82dee790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]
Process: System Address: 0x82dee790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82dee790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82dee790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]
Process: System Address: 0x82dee790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82dee790 Size: 121

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]
Process: System Address: 0x82dee790 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x82f671e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x82f671e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x82f671e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x82f671e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82f671e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82f671e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82f671e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x82f671e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x82f671e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82f671e8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x82f671e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8273b1e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8273b1e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8273b1e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8273b1e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8273b1e8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8273b1e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x82e221e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x82e221e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82e221e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x82e221e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x82e221e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x82e221e8 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x82e221e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x827361e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఄ扏济KnownDlls-呓, IRP_MJ_CREATE]
Process: System Address: 0x82b6f1e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఄ扏济KnownDlls-呓, IRP_MJ_CLOSE]
Process: System Address: 0x82b6f1e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఄ扏济KnownDlls-呓, IRP_MJ_READ]
Process: System Address: 0x82b6f1e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఄ扏济KnownDlls-呓, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x82b6f1e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఄ扏济KnownDlls-呓, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x82b6f1e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఄ扏济KnownDlls-呓, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x82b6f1e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఄ扏济KnownDlls-呓, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x82b6f1e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఄ扏济KnownDlls-呓, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x82b6f1e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఄ扏济KnownDlls-呓, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x82b6f1e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఄ扏济KnownDlls-呓, IRP_MJ_SHUTDOWN]
Process: System Address: 0x82b6f1e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఄ扏济KnownDlls-呓, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x82b6f1e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఄ扏济KnownDlls-呓, IRP_MJ_CLEANUP]
Process: System Address: 0x82b6f1e8 Size: 121

Object: Hidden Code [Driver: Cdfsࠅఄ扏济KnownDlls-呓, IRP_MJ_PNP]
Process: System Address: 0x82b6f1e8 Size: 121

Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACaaanxossmkusoff.sys

==EOF==
maryruss
 
Messages: 9
Inscription: 29 Mai 2009, 14:17

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 41 invités

cron