|
Posté le 01/12/2009 @ 17:56 |
Petit astucien
|
|
|
|
|
|
|
Posté le 01/12/2009 à 18:12 |
Grand Maître astucien | lavaredo06. Bien venu sur PCA. Demande de faire déplacer ton sujet au forum sécurité pour ça clic sur le triangle jaune au dessus de ton post!
Modifié par chaseur57150 le 01/12/2009 18:15 |
|
Posté le 02/12/2009 à 09:40 |
Equipe PC Astuces
| Bonjour,
Le sujet a ÚtÚ dÚplacÚ par la modÚration dans un forum plus adÚquat.
Vous pouvez continuer la discussion Ó la suite.
A bient¶t. |
|
Posté le 02/12/2009 à 18:31 |
Grande Maîtresse astucienne | bonsoir et bienvenue sur PCA Sécurité
pour y voir plus clair, j'aimerais ceci :
Télécharge random's system information tool (RSIT) par random/random TUTO
et sauvegarde-le sur le Bureau.
- Double-clique sur RSIT.exe afin de lancer RSIT
- Clique Continue à l'écran Disclaimer.
- Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSITle téléchargera et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
|
|
Posté le 02/12/2009 à 19:08 |
Petit astucien
| bonsoir Philae, merci de me répondre....ci-joint les fichiers demandés......
LOG. Txt........
Logfile of random's system information tool 1.06 (written by random/random) Run by AP-GP at 2009-12-02 18:42:40 Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 System drive C: has 87 GB (58%) free of 148 GB Total RAM: 1471 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:44:04, on 02/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal
Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE C:\Windows\System32\mobsync.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\conime.exe C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\AP-GP\Desktop\RSIT.exe C:\Program Files\trend micro\AP-GP.exe C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file) O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O15 - Trusted Zone: *.line6.net O17 - HKLM\System\CCS\Services\Tcpip\..\{80488DA7-4657-49E3-82F4-0FC12E67DF7B}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{80488DA7-4657-49E3-82F4-0FC12E67DF7B}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{80488DA7-4657-49E3-82F4-0FC12E67DF7B}: NameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{80488DA7-4657-49E3-82F4-0FC12E67DF7B}: NameServer = 192.168.1.1 O17 - HKLM\System\CS4\Services\Tcpip\..\{80488DA7-4657-49E3-82F4-0FC12E67DF7B}: NameServer = 192.168.1.1 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\ORSP Client\fsorsp.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
-- End of file - 6812 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\Scheduled scanning task.job C:\Windows\tasks\SyncBack Banque Annette.job C:\Windows\tasks\SyncBack syncro banque Annette.job C:\Windows\tasks\User_Feed_Synchronization-{F7CBA8A6-6E64-44F5-AFBD-4B282BC69B99}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}] Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-04-09 688128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A87E45F-537A-40B4-B812-E2544C21A09F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-21 669168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-08 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] SearchSettings Class - C:\Program Files\Search Settings\kb128\SearchSettings.dll [2009-04-09 1091584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-04-09 688128] Locked {CCC7A320-B3CA-4199-B1A6-9F516DD69829} {472734EA-242A-422B-ADF8-83D1E48CC825}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"=C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE [2008-12-04 182936] "F-Secure TNB"=C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe [2008-12-04 957024] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2009-08-16 955392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine] []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe [2009-11-03 313784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-14 221184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-14 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe [2007-12-03 2600960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\Windows\system32\NvCpl.dll [2006-10-09 7741440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] C:\Windows\system32\nvsvc.dll [2006-10-09 90191]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe [2009-04-09 970240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareHelper] []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\Windows\SOUNDMAN.EXE [2009-04-14 604704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-28 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-01-10 223984]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^AP-GP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-08-18 384000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cc3bfa6-dc33-11de-bc26-000ea642f7db}] shell\AutoRun\command - M:\TotalLock.exe
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - NOTEPAD.EXE %1 .reg - open - NOTEPAD.EXE %1 .scr - open - NOTEPAD.EXE %1 .vbs - open - NOTEPAD.EXE %1
======List of files/folders created in the last 1 months======
2009-12-02 18:42:41 ----D---- C:\Program Files\trend micro 2009-12-02 18:42:40 ----D---- C:\rsit 2009-12-02 18:14:36 ----A---- C:\Windows\ntbtlog.txt 2009-12-02 17:37:30 ----D---- C:\Program Files\SuperCopier2 2009-12-02 13:40:03 ----DC---- C:\ProgramData\{9B942F8A-65B4-447E-8E88-B9AEA3526FD4} 2009-12-02 13:39:23 ----D---- C:\Users\AP-GP\AppData\Roaming\Fighters 2009-12-02 12:27:45 ----A---- C:\cleannavi.txt 2009-12-02 12:27:05 ----D---- C:\Program Files\Navilog1 2009-12-02 11:24:26 ----A---- C:\TB.txt 2009-12-02 11:22:28 ----D---- C:\ToolBar SD 2009-11-28 19:59:25 ----D---- C:\Program Files\Windows Live 2009-11-28 19:57:16 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition 2009-11-28 19:54:19 ----D---- C:\Program Files\Common Files\Windows Live 2009-11-27 19:30:15 ----D---- C:\Users\AP-GP\AppData\Roaming\vlc 2009-11-26 10:17:23 ----A---- C:\Windows\SysMech.INI 2009-11-24 09:51:59 ----A---- C:\Windows\BDTSupport.dll 2009-11-24 09:51:57 ----A---- C:\Windows\SGDetectionTool.dll 2009-11-24 09:51:56 ----A---- C:\Windows\PCTBDRes.dll 2009-11-24 09:51:56 ----A---- C:\Windows\PCTBDCore.dll 2009-11-23 23:30:38 ----D---- C:\Users\AP-GP\AppData\Roaming\PC Tools 2009-11-23 23:30:38 ----D---- C:\ProgramData\PC Tools 2009-11-23 23:30:38 ----D---- C:\Program Files\Spyware Doctor 2009-11-19 19:15:21 ----HD---- C:\$AVG 2009-11-19 19:11:59 ----D---- C:\Program Files\AVG 2009-11-19 19:11:58 ----D---- C:\ProgramData\avg9 2009-11-19 17:08:44 ----A---- C:\Windows\system32\mbam-log-2009-11-19 (17-07-40).txt 2009-11-17 14:54:54 ----D---- C:\Program Files\2BrightSparks 2009-11-16 18:23:28 ----A---- C:\Windows\Setup.INI 2009-11-16 09:32:51 ----D---- C:\Users\AP-GP\AppData\Roaming\U3 2009-11-13 18:31:50 ----D---- C:\ProgramData\InstallShield 2009-11-13 18:31:22 ----D---- C:\Program Files\LaCie 2009-11-13 18:27:44 ----D---- C:\Windows\system32\URTTEMP 2009-11-11 17:43:53 ----A---- C:\Windows\system32\VACFix.exe 2009-11-11 17:43:53 ----A---- C:\Windows\system32\o4Patch.exe 2009-11-11 17:43:53 ----A---- C:\Windows\system32\IEDFix.C.exe 2009-11-11 17:43:53 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe 2009-11-11 17:43:53 ----A---- C:\Windows\system32\404Fix.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\WS2Fix.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\VCCLSID.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\swxcacls.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\swsc.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\swreg.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\SrchSTS.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\Process.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\IEDFix.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\dumphive.exe 2009-11-10 08:46:05 ----D---- C:\Program Files\Microsoft Sync Framework 2009-11-09 17:43:30 ----A---- C:\Windows\system32\GEARAspi.dll 2009-11-05 12:52:26 ----D---- C:\Program Files\Registry Mechanic 2009-11-04 21:15:46 ----D---- C:\Program Files\iPod(24) 2009-11-04 21:15:40 ----D---- C:\Program Files\iTunes(25) 2009-11-04 09:40:24 ----D---- C:\Program Files\Softland 2009-11-03 11:30:27 ----A---- C:\EventLOG.txt 2009-11-03 10:29:07 ----A---- C:\Windows\system32\mshtml.dll
======List of files/folders modified in the last 1 months======
2009-12-02 18:43:13 ----D---- C:\Windows\Prefetch 2009-12-02 18:43:00 ----D---- C:\Windows\Temp 2009-12-02 18:42:41 ----RD---- C:\Program Files 2009-12-02 18:22:15 ----D---- C:\Windows 2009-12-02 18:21:59 ----D---- C:\Windows\Tasks 2009-12-02 18:18:49 ----AD---- C:\ProgramData\TEMP 2009-12-02 18:14:35 ----D---- C:\ProgramData\iolo 2009-12-02 18:12:33 ----D---- C:\ProgramData\Spybot - Search & Destroy 2009-12-02 18:12:28 ----D---- C:\Windows\system32\LogFiles 2009-12-02 18:11:33 ----D---- C:\Windows\system32\catroot2 2009-12-02 18:03:25 ----D---- C:\Windows\system32\catroot 2009-12-02 18:03:22 ----D---- C:\Windows\winsxs 2009-12-02 14:37:24 ----SHD---- C:\Windows\Installer 2009-12-02 13:40:03 ----HD---- C:\ProgramData 2009-12-02 12:06:12 ----A---- C:\rapport.txt 2009-12-02 12:04:54 ----D---- C:\Windows\System32 2009-12-02 12:04:52 ----A---- C:\Windows\system32\tmp.txt 2009-12-02 10:55:43 ----D---- C:\Windows\system32\config 2009-12-02 10:01:11 ----SHD---- C:\System Volume Information 2009-12-02 09:16:16 ----D---- C:\Windows\system32\Tasks 2009-11-29 20:02:20 ----D---- C:\Program Files\Mozilla Firefox 2009-11-29 19:52:33 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-11-29 19:52:30 ----D---- C:\Windows\inf 2009-11-29 11:16:52 ----D---- C:\Windows\system32\Msdtc 2009-11-29 11:16:43 ----D---- C:\Windows\system32\wbem 2009-11-29 11:15:29 ----D---- C:\Windows\system32\spool 2009-11-29 11:15:29 ----D---- C:\Users\AP-GP\AppData\Roaming\IrfanView 2009-11-29 11:15:28 ----D---- C:\Program Files\AusLogics Disk Defrag 2009-11-29 11:15:25 ----D---- C:\Windows\registration 2009-11-28 20:01:08 ----D---- C:\Program Files\Common Files\microsoft shared 2009-11-28 19:57:21 ----RSD---- C:\Windows\assembly 2009-11-28 19:54:19 ----D---- C:\Program Files\Common Files 2009-11-28 19:53:59 ----SD---- C:\ProgramData\Microsoft 2009-11-28 11:54:20 ----SHD---- C:\Boot 2009-11-27 18:09:12 ----D---- C:\Windows\Microsoft.NET 2009-11-27 14:08:16 ----D---- C:\Program Files\Paint.NET 2009-11-27 11:19:04 ----D---- C:\Windows\system32\drivers 2009-11-27 11:18:58 ----D---- C:\Users\AP-GP\AppData\Roaming\dvdcss 2009-11-27 11:18:46 ----D---- C:\Program Files\Common Files\PC Tools 2009-11-23 18:18:27 ----D---- C:\Windows\Minidump 2009-11-19 18:18:09 ----A---- C:\Users\AP-GP\AppData\Roaming\SetValue.bat 2009-11-19 18:18:09 ----A---- C:\Users\AP-GP\AppData\Roaming\GetValue.vbs 2009-11-17 13:19:44 ----D---- C:\Program Files\Common Files\Acronis 2009-11-17 13:15:15 ----D---- C:\ProgramData\Acronis 2009-11-13 18:31:29 ----SD---- C:\Windows\Downloaded Program Files 2009-11-13 18:31:25 ----D---- C:\Program Files\Common Files\InstallShield 2009-11-13 18:30:08 ----D---- C:\Windows\Downloaded Installations 2009-11-13 18:27:45 ----D---- C:\Program Files\Internet Explorer 2009-11-09 17:43:30 ----DC---- C:\Windows\system32\DRVSTORE 2009-11-09 17:43:23 ----D---- C:\Program Files\iTunes 2009-11-09 17:41:00 ----D---- C:\Program Files\iPod 2009-11-09 17:40:58 ----D---- C:\Program Files\Common Files\Apple 2009-11-09 15:59:38 ----D---- C:\Program Files\QuickTime 2009-11-07 19:24:22 ----D---- C:\Program Files\CA Yahoo! Anti-Spy 2009-11-03 09:40:34 ----A---- C:\Windows\system32\IncContxMenu.dll 2009-11-03 09:40:14 ----A---- C:\Windows\system32\Incinerator.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\Securitoo\av_fw\HIPS\drivers\fshs.sys [2008-12-04 67808] R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys [2008-12-04 35552] R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys [2008-12-04 70944] R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\minifilter\fsvista.sys [2008-12-04 12384] R1 pctgntdi;pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [2009-09-24 229304] R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2008-01-23 501560] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2009-06-18 4172832] R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520] R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\minifilter\fsgk.sys [2009-09-14 99960] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 L6UX1;Service - Line 6 UX1; C:\Windows\System32\Drivers\L6UX1.sys [2009-01-07 530816] R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\lvusbsta.sys [2004-10-08 22016] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-10-09 4428160] R3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648] R3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 cmpci;TerraTec Aureon 5.1 (WDM); C:\Windows\system32\drivers\cmaudio.sys [2002-07-16 379726] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2007-12-02 15352] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-09-21 43520] S3 FETNDIS;Service de pilote de carte VIA famille Rhine 10/100Mo Fast Ethernet; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 NCHSSVAD;SoundTap Recorder; C:\Windows\system32\drivers\nchssvad.sys [2009-01-22 27136] S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072] S3 pctplsg;pctplsg; \??\C:\Windows\System32\drivers\pctplsg.sys [2009-09-03 70408] S3 QCMerced;Logitech QuickCam Communicate; C:\Windows\system32\DRIVERS\LVCM.sys [2004-10-08 585824] S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2009-10-08 33552] S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344] S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144] S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 VIAudio;Contrôleur audio VIA AC'97; C:\Windows\system32\drivers\ac97via.sys [2006-11-02 68096] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2008-12-04 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2008-12-04 25184] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-10-08 112592] R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe [2008-12-04 215648] R2 FSMA;F-Secure Management Agent; C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE [2008-12-04 117400] R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-10-20 659376] R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-10-20 659376] R2 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600] R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe [2008-12-04 490080] R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe [2008-12-04 510560] R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\Securitoo\av_fw\ORSP Client\fsorsp.exe [2008-12-04 55904] S2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-09-25 65536] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-12 183280] S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
-----------------EOF-----------------
INFO.Txt
Logfile of random's system information tool 1.06 (written by random/random) Run by AP-GP at 2009-12-02 18:42:40 Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 System drive C: has 87 GB (58%) free of 148 GB Total RAM: 1471 MB (56% free)
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:44:04, on 02/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal
Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE C:\Windows\System32\mobsync.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\conime.exe C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\AP-GP\Desktop\RSIT.exe C:\Program Files\trend micro\AP-GP.exe C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file) O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file) O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O15 - Trusted Zone: *.line6.net O17 - HKLM\System\CCS\Services\Tcpip\..\{80488DA7-4657-49E3-82F4-0FC12E67DF7B}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{80488DA7-4657-49E3-82F4-0FC12E67DF7B}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{80488DA7-4657-49E3-82F4-0FC12E67DF7B}: NameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{80488DA7-4657-49E3-82F4-0FC12E67DF7B}: NameServer = 192.168.1.1 O17 - HKLM\System\CS4\Services\Tcpip\..\{80488DA7-4657-49E3-82F4-0FC12E67DF7B}: NameServer = 192.168.1.1 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\ORSP Client\fsorsp.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
-- End of file - 6812 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\Scheduled scanning task.job C:\Windows\tasks\SyncBack Banque Annette.job C:\Windows\tasks\SyncBack syncro banque Annette.job C:\Windows\tasks\User_Feed_Synchronization-{F7CBA8A6-6E64-44F5-AFBD-4B282BC69B99}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}] Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-04-09 688128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A87E45F-537A-40B4-B812-E2544C21A09F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-21 669168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-08 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}] SearchSettings Class - C:\Program Files\Search Settings\kb128\SearchSettings.dll [2009-04-09 1091584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-04-09 688128] Locked {CCC7A320-B3CA-4199-B1A6-9F516DD69829} {472734EA-242A-422B-ADF8-83D1E48CC825}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"=C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE [2008-12-04 182936] "F-Secure TNB"=C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe [2008-12-04 957024] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2009-08-16 955392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine] []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe [2009-11-03 313784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-14 221184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-14 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe [2007-12-03 2600960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\Windows\system32\NvCpl.dll [2006-10-09 7741440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] C:\Windows\system32\nvsvc.dll [2006-10-09 90191]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe [2009-04-09 970240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareHelper] []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\Windows\SOUNDMAN.EXE [2009-04-14 604704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-28 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-01-10 223984]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^AP-GP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-08-18 384000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5cc3bfa6-dc33-11de-bc26-000ea642f7db}] shell\AutoRun\command - M:\TotalLock.exe
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - NOTEPAD.EXE %1 .reg - open - NOTEPAD.EXE %1 .scr - open - NOTEPAD.EXE %1 .vbs - open - NOTEPAD.EXE %1
======List of files/folders created in the last 1 months======
2009-12-02 18:42:41 ----D---- C:\Program Files\trend micro 2009-12-02 18:42:40 ----D---- C:\rsit 2009-12-02 18:14:36 ----A---- C:\Windows\ntbtlog.txt 2009-12-02 17:37:30 ----D---- C:\Program Files\SuperCopier2 2009-12-02 13:40:03 ----DC---- C:\ProgramData\{9B942F8A-65B4-447E-8E88-B9AEA3526FD4} 2009-12-02 13:39:23 ----D---- C:\Users\AP-GP\AppData\Roaming\Fighters 2009-12-02 12:27:45 ----A---- C:\cleannavi.txt 2009-12-02 12:27:05 ----D---- C:\Program Files\Navilog1 2009-12-02 11:24:26 ----A---- C:\TB.txt 2009-12-02 11:22:28 ----D---- C:\ToolBar SD 2009-11-28 19:59:25 ----D---- C:\Program Files\Windows Live 2009-11-28 19:57:16 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition 2009-11-28 19:54:19 ----D---- C:\Program Files\Common Files\Windows Live 2009-11-27 19:30:15 ----D---- C:\Users\AP-GP\AppData\Roaming\vlc 2009-11-26 10:17:23 ----A---- C:\Windows\SysMech.INI 2009-11-24 09:51:59 ----A---- C:\Windows\BDTSupport.dll 2009-11-24 09:51:57 ----A---- C:\Windows\SGDetectionTool.dll 2009-11-24 09:51:56 ----A---- C:\Windows\PCTBDRes.dll 2009-11-24 09:51:56 ----A---- C:\Windows\PCTBDCore.dll 2009-11-23 23:30:38 ----D---- C:\Users\AP-GP\AppData\Roaming\PC Tools 2009-11-23 23:30:38 ----D---- C:\ProgramData\PC Tools 2009-11-23 23:30:38 ----D---- C:\Program Files\Spyware Doctor 2009-11-19 19:15:21 ----HD---- C:\$AVG 2009-11-19 19:11:59 ----D---- C:\Program Files\AVG 2009-11-19 19:11:58 ----D---- C:\ProgramData\avg9 2009-11-19 17:08:44 ----A---- C:\Windows\system32\mbam-log-2009-11-19 (17-07-40).txt 2009-11-17 14:54:54 ----D---- C:\Program Files\2BrightSparks 2009-11-16 18:23:28 ----A---- C:\Windows\Setup.INI 2009-11-16 09:32:51 ----D---- C:\Users\AP-GP\AppData\Roaming\U3 2009-11-13 18:31:50 ----D---- C:\ProgramData\InstallShield 2009-11-13 18:31:22 ----D---- C:\Program Files\LaCie 2009-11-13 18:27:44 ----D---- C:\Windows\system32\URTTEMP 2009-11-11 17:43:53 ----A---- C:\Windows\system32\VACFix.exe 2009-11-11 17:43:53 ----A---- C:\Windows\system32\o4Patch.exe 2009-11-11 17:43:53 ----A---- C:\Windows\system32\IEDFix.C.exe 2009-11-11 17:43:53 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe 2009-11-11 17:43:53 ----A---- C:\Windows\system32\404Fix.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\WS2Fix.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\VCCLSID.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\swxcacls.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\swsc.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\swreg.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\SrchSTS.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\Process.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\IEDFix.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\dumphive.exe 2009-11-10 08:46:05 ----D---- C:\Program Files\Microsoft Sync Framework 2009-11-09 17:43:30 ----A---- C:\Windows\system32\GEARAspi.dll 2009-11-05 12:52:26 ----D---- C:\Program Files\Registry Mechanic 2009-11-04 21:15:46 ----D---- C:\Program Files\iPod(24) 2009-11-04 21:15:40 ----D---- C:\Program Files\iTunes(25) 2009-11-04 09:40:24 ----D---- C:\Program Files\Softland 2009-11-03 11:30:27 ----A---- C:\EventLOG.txt 2009-11-03 10:29:07 ----A---- C:\Windows\system32\mshtml.dll
======List of files/folders modified in the last 1 months======
2009-12-02 18:43:13 ----D---- C:\Windows\Prefetch 2009-12-02 18:43:00 ----D---- C:\Windows\Temp 2009-12-02 18:42:41 ----RD---- C:\Program Files 2009-12-02 18:22:15 ----D---- C:\Windows 2009-12-02 18:21:59 ----D---- C:\Windows\Tasks 2009-12-02 18:18:49 ----AD---- C:\ProgramData\TEMP 2009-12-02 18:14:35 ----D---- C:\ProgramData\iolo 2009-12-02 18:12:33 ----D---- C:\ProgramData\Spybot - Search & Destroy 2009-12-02 18:12:28 ----D---- C:\Windows\system32\LogFiles 2009-12-02 18:11:33 ----D---- C:\Windows\system32\catroot2 2009-12-02 18:03:25 ----D---- C:\Windows\system32\catroot 2009-12-02 18:03:22 ----D---- C:\Windows\winsxs 2009-12-02 14:37:24 ----SHD---- C:\Windows\Installer 2009-12-02 13:40:03 ----HD---- C:\ProgramData 2009-12-02 12:06:12 ----A---- C:\rapport.txt 2009-12-02 12:04:54 ----D---- C:\Windows\System32 2009-12-02 12:04:52 ----A---- C:\Windows\system32\tmp.txt 2009-12-02 10:55:43 ----D---- C:\Windows\system32\config 2009-12-02 10:01:11 ----SHD---- C:\System Volume Information 2009-12-02 09:16:16 ----D---- C:\Windows\system32\Tasks 2009-11-29 20:02:20 ----D---- C:\Program Files\Mozilla Firefox 2009-11-29 19:52:33 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-11-29 19:52:30 ----D---- C:\Windows\inf 2009-11-29 11:16:52 ----D---- C:\Windows\system32\Msdtc 2009-11-29 11:16:43 ----D---- C:\Windows\system32\wbem 2009-11-29 11:15:29 ----D---- C:\Windows\system32\spool 2009-11-29 11:15:29 ----D---- C:\Users\AP-GP\AppData\Roaming\IrfanView 2009-11-29 11:15:28 ----D---- C:\Program Files\AusLogics Disk Defrag 2009-11-29 11:15:25 ----D---- C:\Windows\registration 2009-11-28 20:01:08 ----D---- C:\Program Files\Common Files\microsoft shared 2009-11-28 19:57:21 ----RSD---- C:\Windows\assembly 2009-11-28 19:54:19 ----D---- C:\Program Files\Common Files 2009-11-28 19:53:59 ----SD---- C:\ProgramData\Microsoft 2009-11-28 11:54:20 ----SHD---- C:\Boot 2009-11-27 18:09:12 ----D---- C:\Windows\Microsoft.NET 2009-11-27 14:08:16 ----D---- C:\Program Files\Paint.NET 2009-11-27 11:19:04 ----D---- C:\Windows\system32\drivers 2009-11-27 11:18:58 ----D---- C:\Users\AP-GP\AppData\Roaming\dvdcss 2009-11-27 11:18:46 ----D---- C:\Program Files\Common Files\PC Tools 2009-11-23 18:18:27 ----D---- C:\Windows\Minidump 2009-11-19 18:18:09 ----A---- C:\Users\AP-GP\AppData\Roaming\SetValue.bat 2009-11-19 18:18:09 ----A---- C:\Users\AP-GP\AppData\Roaming\GetValue.vbs 2009-11-17 13:19:44 ----D---- C:\Program Files\Common Files\Acronis 2009-11-17 13:15:15 ----D---- C:\ProgramData\Acronis 2009-11-13 18:31:29 ----SD---- C:\Windows\Downloaded Program Files 2009-11-13 18:31:25 ----D---- C:\Program Files\Common Files\InstallShield 2009-11-13 18:30:08 ----D---- C:\Windows\Downloaded Installations 2009-11-13 18:27:45 ----D---- C:\Program Files\Internet Explorer 2009-11-09 17:43:30 ----DC---- C:\Windows\system32\DRVSTORE 2009-11-09 17:43:23 ----D---- C:\Program Files\iTunes 2009-11-09 17:41:00 ----D---- C:\Program Files\iPod 2009-11-09 17:40:58 ----D---- C:\Program Files\Common Files\Apple 2009-11-09 15:59:38 ----D---- C:\Program Files\QuickTime 2009-11-07 19:24:22 ----D---- C:\Program Files\CA Yahoo! Anti-Spy 2009-11-03 09:40:34 ----A---- C:\Windows\system32\IncContxMenu.dll 2009-11-03 09:40:14 ----A---- C:\Windows\system32\Incinerator.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\Securitoo\av_fw\HIPS\drivers\fshs.sys [2008-12-04 67808] R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys [2008-12-04 35552] R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys [2008-12-04 70944] R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\minifilter\fsvista.sys [2008-12-04 12384] R1 pctgntdi;pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [2009-09-24 229304] R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2008-01-23 501560] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2009-06-18 4172832] R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520] R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\minifilter\fsgk.sys [2009-09-14 99960] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 L6UX1;Service - Line 6 UX1; C:\Windows\System32\Drivers\L6UX1.sys [2009-01-07 530816] R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\lvusbsta.sys [2004-10-08 22016] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-10-09 4428160] R3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648] R3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 cmpci;TerraTec Aureon 5.1 (WDM); C:\Windows\system32\drivers\cmaudio.sys [2002-07-16 379726] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2007-12-02 15352] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-09-21 43520] S3 FETNDIS;Service de pilote de carte VIA famille Rhine 10/100Mo Fast Ethernet; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 NCHSSVAD;SoundTap Recorder; C:\Windows\system32\drivers\nchssvad.sys [2009-01-22 27136] S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072] S3 pctplsg;pctplsg; \??\C:\Windows\System32\drivers\pctplsg.sys [2009-09-03 70408] S3 QCMerced;Logitech QuickCam Communicate; C:\Windows\system32\DRIVERS\LVCM.sys [2004-10-08 585824] S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2009-10-08 33552] S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344] S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144] S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 VIAudio;Contrôleur audio VIA AC'97; C:\Windows\system32\drivers\ac97via.sys [2006-11-02 68096] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2008-12-04 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2008-12-04 25184] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-10-08 112592] R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe [2008-12-04 215648] R2 FSMA;F-Secure Management Agent; C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE [2008-12-04 117400] R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-10-20 659376] R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-10-20 659376] R2 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600] R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe [2008-12-04 490080] R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe [2008-12-04 510560] R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\Securitoo\av_fw\ORSP Client\fsorsp.exe [2008-12-04 55904] S2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-09-25 65536] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-12 183280] S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
-----------------EOF-----------------
|
|
Posté le 03/12/2009 à 10:40 |
Grande Maîtresse astucienne | bonjour,
pas mal d'infection. On va essayer de mettre de l'ordre dans tout ça.
pour commencer
* désactive le TeaTimer de spybot qui ne sert à rien et peut faire échouer une désinfection:! Affiche d'abord le Mode Avancé dans Spybot * Options Avancées : * menu Mode, Mode Avancé. Une colonne de menus apparaît dans la partie gauche : * clique sur Outils, * clique sur Résident, Dans Résident : - >décoche Résident "TeaTimer" pour le désactiver.
ensuite
* Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
./!\ Désactive ton antivirus / antispyware résident / TeaTimer de Spybot (si présent et actif) - Important! - https://forum.pcastuces.com/sujet.asp?f=25&s=37316
- Double-clique sur ToolBar-SD afin de lancer l'installation
- Double-clique dessus pour démarrer l'outil; choisis la langue.
- Sous Vista, faire un clic droit et "Exécuter en tant qu'administrateur" (Elévation des privilèges), puis -> Continuer.
- Au menu principal, choisis l'option 2 et valide par la touche [Entrée].
/!\ Ne ferme pas la fenêtre lors de la suppression /!\
Note 1 : Pour les utilisateurs de Vista, ToolBar-SD se charge de désactiver le "Contrôle des comptes utilisateurs" (UAC), il va redémarrer l'ordinateur et réactiver l'UAC.
** Poste le rapport de ToolBar-SD
- Double-clique sur ToolBar-SD afin de lancer l'installation
ensuite
* fait un scan avec
Malwarebyte's (scan rapide)
Supprime tout ce qu'il te détecte, et poste le rapport
il en restera encore ensuite à faire, je préfère ne pas tout te donner d'un seul coup.
|
|
Posté le 03/12/2009 à 13:50 |
Petit astucien
| désolé Philéa pour le retard ....qq petits problèmes de mise en place avec ToolBar.
voici les infos demandés :
sur Toolbar-S&D :
-----------\\ ToolBar S&D 1.2.9 XP/Vista
"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 ) Option : [2] ( 03/12/2009|13:05 )
[ UAC => 1 ]
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\Dealio\kb127 Supprime! - C:\Program Files\Search Settings\kb128 Supprime! - C:\Program Files\Search Settings\SearchSettings.exe Supprime! - C:\Program Files\Dealio Supprime! - C:\Program Files\Search Settings
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.yahoo.fr/" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Url"="http://go.microsoft.com/fwlink/?LinkID=68928" "Url"="http://go.microsoft.com/fwlink/?LinkID=68929"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome" "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" "Start Page"="http://www.msn.com/"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[ UAC => 1 ]
1 - "C:\ToolBar SD\TB_1.txt" - 02/12/2009|11:27 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - 03/12/2009|13:07 - Option : [2]
-----------\\ Fin du rapport a 13:07:48,59
Sur MAM en examen rapide :
Malwarebytes' Anti-Malware 1.41 Version de la base de données: 3267 Windows 6.0.6002 Service Pack 2
03/12/2009 13:37:21 mbam-log-2009-12-03 (13-37-21).txt
Type de recherche: Examen rapide Eléments examinés: 92799 Temps écoulé: 10 minute(s), 1 second(s)
Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 2 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0
Processus mémoire infecté(s): (Aucun élément nuisible détecté)
Module(s) mémoire infecté(s): (Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s): HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Dossier(s) infecté(s): (Aucun élément nuisible détecté)
Fichier(s) infecté(s): (Aucun élément nuisible détecté).......
|
|
Posté le 03/12/2009 à 16:01 |
Grande Maîtresse astucienne | re
ok on poursuit
Voici un tuto : http://pagesperso-orange.fr/FindyKill.Ad.Remover/uac_vista.html
* Télécharge et installe UsbFix (de C_XX & Chiquitine29) sur ton Bureau : * Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir * Fais un clic droit sur le raccourci UsbFix présent sur ton bureau et choisi éxécuter en tant qu'administrateur . * Choisis l option 1 ( Recherche ) * Laisse travailler l outil. * Ensuite post le rapport UsbFix.txt qui apparaitra.
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt ) Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
ensuite
* Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir * Double clic sur le raccourci UsbFix présent sur ton bureau * choisis l option 2 ( Suppression ) * Ton bureau disparaitra et le pc redémarrera . * Au redémarrage , UsbFix scannera ton pc , laisse travailler l outil. * Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .
Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt ) ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
et reposte ensuite un nouveau rapport RSIT stp
|
|
Posté le 03/12/2009 à 17:31 |
Petit astucien
| 2 petites remarques :
les liens pour le téléchargement de UsbFix non pas fonctionnés. J'ai donc téléchargé le logiciel UsbFix de C_XX & Chiquitine29 version V6.042 depuis Softonic.
merci pour ton travail je suis obligé de m'absenter ce soir.....a demain
UsbFix option 1
############################## | UsbFix V6.042 |
User : AP-GP (Administrateurs) # PC-DE-AP-GP Update on 15/10/2009 by Chiquitine29, C_XX & Chimay8 Start at: 16:38:56 | 03/12/2009 Website : http://pagesperso-orange.fr/NosTools/index.html
AMD Athlon(tm) XP 3000+ Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-bit) # Service Pack 2 Internet Explorer 8.0.6001.18828 Windows Firewall Status : Enabled
A:\ -> Lecteur de disquettes 3 ½ pouces C:\ -> Disque fixe local # 144,8 Go (83,96 Go free) [HP_PAVILION] # NTFS D:\ -> Disque fixe local # 4,25 Go (2,3 Go free) [HP_RECOVERY] # NTFS E:\ -> Disque CD-ROM F:\ -> Disque CD-ROM G:\ -> Disque fixe local # 74,52 Go (72,62 Go free) # NTFS H:\ -> Disque fixe local # 232,88 Go (225 Go free) [LaCie] # NTFS I:\ -> Disque amovible J:\ -> Disque amovible K:\ -> Disque amovible L:\ -> Disque amovible M:\ -> Disque amovible # 1,88 Go (1,77 Go free) # FAT N:\ -> Disque amovible # 3,84 Go (1,67 Go free) [ZMATE 4GB] # FAT32
############################## | Processus actifs |
C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe C:\Windows\system32\taskeng.exe C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe C:\Program Files\Securitoo\av_fw\ORSP Client\fsorsp.exe C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Securitoo\av_fw\FSAUA\program\fsus.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Program Files\Securitoo\av_fw\FSGUI\fsguidll.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe C:\Windows\system32\conime.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe
################## | Fichiers # Dossiers infectieux |
H:\autorun.inf H:\._autorun.inf
################## | Registre # Clés Run infectieuses |
################## | Registre # Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\{5cc3bfa6-dc33-11de-bc26-000ea642f7db} shell\AutoRun\command =M:\TotalLock.exe
################## | ! Fin du rapport # UsbFix V6.042 ! |
UsbFix_option 2
############################## | UsbFix V6.042 |
User : AP-GP (Administrateurs) # PC-DE-AP-GP Update on 15/10/2009 by Chiquitine29, C_XX & Chimay8 Start at: 17:04:10 | 03/12/2009 Website : http://pagesperso-orange.fr/NosTools/index.html
AMD Athlon(tm) XP 3000+ Microsoft® Windows Vista™ Édition Familiale Basique (6.0.6002 32-bit) # Service Pack 2 Internet Explorer 8.0.6001.18828 Windows Firewall Status : Enabled
A:\ -> Lecteur de disquettes 3 ½ pouces C:\ -> Disque fixe local # 144,8 Go (83,96 Go free) [HP_PAVILION] # NTFS D:\ -> Disque fixe local # 4,25 Go (2,3 Go free) [HP_RECOVERY] # NTFS E:\ -> Disque CD-ROM F:\ -> Disque CD-ROM G:\ -> Disque fixe local # 74,52 Go (72,62 Go free) # NTFS I:\ -> Disque amovible J:\ -> Disque amovible K:\ -> Disque amovible L:\ -> Disque amovible M:\ -> Disque amovible # 1,88 Go (1,77 Go free) # FAT N:\ -> Disque amovible # 3,84 Go (1,67 Go free) [ZMATE 4GB] # FAT32
############################## | Processus actifs |
C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE C:\Program Files\Securitoo\av_fw\Anti-Virus\FSGK32.EXE C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\Program Files\Securitoo\av_fw\Common\FSMB32.EXE C:\Windows\system32\svchost.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Securitoo\av_fw\Common\FCH32.EXE C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Securitoo\av_fw\Common\FAMEH32.EXE C:\Program Files\Securitoo\av_fw\Anti-Virus\fsqh.exe C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fssm32.exe C:\Windows\system32\runonce.exe C:\Program Files\Securitoo\av_fw\ORSP Client\fsorsp.exe C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe C:\Windows\system32\conime.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Securitoo\av_fw\FSAUA\program\fsus.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Program Files\Securitoo\av_fw\Anti-Virus\fsav32.exe
################## | Fichiers # Dossiers infectieux |
################## | Registre # Clés Run infectieuses |
################## | Registre # Mountpoints2 |
Supprimé ! HKCU\...\Explorer\MountPoints2\{5cc3bfa6-dc33-11de-bc26-000ea642f7db}\Shell\AutoRun\Command
################## | Listing des fichiers présent |
[02/11/2009 18:49|--a------|15228] C:\aaw7boot.log [18/09/2006 22:43|--a------|24] C:\autoexec.bat [02/11/2007 15:26|-rahs----|337] C:\Boot.ini.saved [21/09/2003 03:08|-rahs----|4952] C:\Bootfont.bin [11/04/2009 07:36|-rahs----|333257] C:\bootmgr [14/08/2009 17:08|-ra-s----|8192] C:\BOOTSECT.BAK [02/12/2009 12:30|--a------|312] C:\cleannavi.txt [18/09/2006 22:43|--a------|10] C:\config.sys [03/11/2009 11:30|--a------|84] C:\EventLOG.txt [01/01/2003 16:39|-rahs----|0] C:\IO.SYS [01/01/2003 16:39|-rahs----|0] C:\MSDOS.SYS [23/09/2003 18:56|-rahs----|47580] C:\NTDETECT.COM [23/09/2003 19:25|-rahs----|235824] C:\ntldr [?|?|?] C:\pagefile.sys [02/12/2009 12:06|--a------|5689] C:\rapport.txt [26/10/2007 09:19|--a------|8331] C:\resetlog.txt [02/11/2007 16:32|--a------|90] C:\Setup.log [03/12/2009 13:08|--a------|1627] C:\TB.txt [03/12/2009 17:15|--a------|4317] C:\UsbFix.txt [25/03/2008 12:01|--a------|150] C:\YServer.txt [?|?|?] D:\pagefile.sys [18/12/2008 08:06|--a------|76766606] M:\(COMPIL) - Ambiance Animation Soir‚e Disco Dance Remix‚ Par Dj Anas Duree 1h20 Juin 2008.mp3 [16/10/2009 21:11|---------|4096] N:\Videos [21/11/2009 11:51|--a------|5903378] N:\P1000190.JPG [21/11/2009 11:51|--a------|5504615] N:\P1000191.JPG [21/11/2009 11:53|--a------|5474688] N:\P1000192.JPG [21/11/2009 11:54|--a------|5786607] N:\P1000193.JPG [21/11/2009 11:55|--a------|5834078] N:\P1000194.JPG [21/11/2009 11:57|--a------|5729799] N:\P1000195.JPG [21/11/2009 11:59|--a------|6163666] N:\P1000196.JPG [21/11/2009 12:01|--a------|5807295] N:\P1000197.JPG [21/11/2009 12:03|--a------|6012316] N:\P1000198.JPG [21/11/2009 12:08|--a------|6107193] N:\P1000199.JPG [21/11/2009 12:15|--a------|6059589] N:\P1000200.JPG [21/11/2009 14:09|--a------|4900885] N:\P1000201.JPG [21/11/2009 14:09|--a------|4777947] N:\P1000202.JPG [21/11/2009 15:43|--a------|5289995] N:\P1000203.JPG [21/11/2009 16:33|--a------|6187048] N:\P1000204.JPG [21/11/2009 16:37|--a------|5659281] N:\P1000205.JPG [21/11/2009 16:52|--a------|5776386] N:\P1000206.JPG [21/11/2009 17:09|--a------|5195948] N:\P1000207.JPG [21/11/2009 17:09|--a------|5251821] N:\P1000208.JPG [21/11/2009 18:05|--a------|4730029] N:\P1000209.JPG [21/11/2009 18:08|--a------|4546728] N:\P1000210.JPG [21/11/2009 18:09|--a------|4193124] N:\P1000211.JPG [21/11/2009 18:10|--a------|4095808] N:\P1000212.JPG [21/11/2009 18:11|--a------|4704674] N:\P1000213.JPG [21/11/2009 18:18|--a------|5383248] N:\P1000214.JPG [21/11/2009 18:21|--a------|4367559] N:\P1000215.JPG
################## | Vaccination |
# C:\autorun.inf -> Folder created by UsbFix. # D:\autorun.inf -> Folder created by UsbFix. # G:\autorun.inf -> Folder created by UsbFix. # M:\autorun.inf -> Folder created by UsbFix. # N:\autorun.inf -> Folder created by UsbFix.
################## | ! Fin du rapport # UsbFix V6.042 ! |
enfin le nouveau rapport Hijack This : log_1.txt
Logfile of random's system information tool 1.06 (written by random/random) Run by AP-GP at 2009-12-03 17:17:26 Microsoft® Windows Vista™ Édition Familiale Basique Service Pack 2 System drive C: has 86 GB (58%) free of 148 GB Total RAM: 1471 MB (63% free)
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:20:18, on 03/12/2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal
Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Windows\system32\taskeng.exe C:\Windows\explorer.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\AP-GP\Desktop\RSIT.exe C:\Program Files\trend micro\AP-GP.exe C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file) O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file) O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O13 - Gopher Prefix: O15 - Trusted Zone: *.line6.net O17 - HKLM\System\CCS\Services\Tcpip\..\{80488DA7-4657-49E3-82F4-0FC12E67DF7B}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{80488DA7-4657-49E3-82F4-0FC12E67DF7B}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{80488DA7-4657-49E3-82F4-0FC12E67DF7B}: NameServer = 192.168.1.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{80488DA7-4657-49E3-82F4-0FC12E67DF7B}: NameServer = 192.168.1.1 O17 - HKLM\System\CS4\Services\Tcpip\..\{80488DA7-4657-49E3-82F4-0FC12E67DF7B}: NameServer = 192.168.1.1 O17 - HKLM\System\CS5\Services\Tcpip\..\{80488DA7-4657-49E3-82F4-0FC12E67DF7B}: NameServer = 192.168.1.1 O17 - HKLM\System\CS6\Services\Tcpip\..\{80488DA7-4657-49E3-82F4-0FC12E67DF7B}: NameServer = 192.168.1.1 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Securitoo\av_fw\ORSP Client\fsorsp.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
-- End of file - 6692 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\Scheduled scanning task.job C:\Windows\tasks\SyncBack Banque Annette.job C:\Windows\tasks\SyncBack syncro banque Annette.job C:\Windows\tasks\User_Feed_Synchronization-{F7CBA8A6-6E64-44F5-AFBD-4B282BC69B99}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}] Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-04-09 688128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A87E45F-537A-40B4-B812-E2544C21A09F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll [2009-06-21 669168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-08 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - Dealio Toolbar - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll [2009-04-09 688128] Locked {CCC7A320-B3CA-4199-B1A6-9F516DD69829} {472734EA-242A-422B-ADF8-83D1E48CC825}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "F-Secure Manager"=C:\Program Files\Securitoo\av_fw\Common\FSM32.EXE [2008-12-04 182936] "F-Secure TNB"=C:\Program Files\Securitoo\av_fw\FSGUI\TNBUtil.exe [2008-12-04 957024] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2009-08-16 955392]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine] []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe [2009-11-03 313784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray] []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-06-14 221184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-14 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe [2009-10-28 141600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaCie Backup] C:\Program Files\LaCie\Backup Software\\LaCieBackup.exe [2007-12-03 2600960]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] C:\Windows\system32\NvCpl.dll [2006-10-09 7741440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] C:\Windows\system32\nvsvc.dll [2006-10-09 90191]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] C:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareHelper] []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] C:\Windows\SOUNDMAN.EXE [2009-04-14 604704]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-11-28 68856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [2008-01-10 223984]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^AP-GP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 "UacDisableNotify"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"=FFFFFFFF "NoDriveTypeAutoRun"=255 "HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "BindDirectlyToPropertySetStorage"= "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\Orange\Connectivity\ConnectivityManager.exe"="C:\Program Files\Orange\Connectivity\ConnectivityManager.exe:*:enabled:CSS"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - NOTEPAD.EXE %1 .vbs - open - NOTEPAD.EXE %1
======List of files/folders created in the last 1 months======
2009-12-03 17:15:59 ----RASHD---- C:\autorun.inf 2009-12-03 17:03:11 ----A---- C:\UsbFix.txt 2009-12-03 16:37:12 ----D---- C:\UsbFix 2009-12-03 12:09:14 ----A---- C:\Windows\system32\tzres.dll 2009-12-03 12:00:49 ----SHD---- C:\Config.Msi 2009-12-02 18:42:41 ----D---- C:\Program Files\trend micro 2009-12-02 18:42:40 ----D---- C:\rsit 2009-12-02 18:14:36 ----A---- C:\Windows\ntbtlog.txt 2009-12-02 18:04:02 ----A---- C:\Windows\system32\msxml6.dll 2009-12-02 18:03:59 ----A---- C:\Windows\system32\msxml3.dll 2009-12-02 18:02:53 ----A---- C:\Windows\system32\WSDApi.dll 2009-12-02 17:37:30 ----D---- C:\Program Files\SuperCopier2 2009-12-02 13:40:03 ----DC---- C:\ProgramData\{9B942F8A-65B4-447E-8E88-B9AEA3526FD4} 2009-12-02 13:39:23 ----D---- C:\Users\AP-GP\AppData\Roaming\Fighters 2009-12-02 12:27:45 ----A---- C:\cleannavi.txt 2009-12-02 12:27:05 ----D---- C:\Program Files\Navilog1 2009-12-02 11:24:26 ----A---- C:\TB.txt 2009-12-02 11:22:28 ----D---- C:\ToolBar SD 2009-11-28 19:59:25 ----D---- C:\Program Files\Windows Live 2009-11-28 19:57:16 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition 2009-11-28 19:54:19 ----D---- C:\Program Files\Common Files\Windows Live 2009-11-27 19:30:15 ----D---- C:\Users\AP-GP\AppData\Roaming\vlc 2009-11-26 10:17:23 ----A---- C:\Windows\SysMech.INI 2009-11-24 09:51:59 ----A---- C:\Windows\BDTSupport.dll 2009-11-24 09:51:57 ----A---- C:\Windows\SGDetectionTool.dll 2009-11-24 09:51:56 ----A---- C:\Windows\PCTBDRes.dll 2009-11-24 09:51:56 ----A---- C:\Windows\PCTBDCore.dll 2009-11-23 23:30:38 ----D---- C:\Users\AP-GP\AppData\Roaming\PC Tools 2009-11-23 23:30:38 ----D---- C:\ProgramData\PC Tools 2009-11-23 23:30:38 ----D---- C:\Program Files\Spyware Doctor 2009-11-19 19:15:21 ----HD---- C:\$AVG 2009-11-19 19:11:59 ----D---- C:\Program Files\AVG 2009-11-19 19:11:58 ----D---- C:\ProgramData\avg9 2009-11-19 17:08:44 ----A---- C:\Windows\system32\mbam-log-2009-11-19 (17-07-40).txt 2009-11-17 14:54:54 ----D---- C:\Program Files\2BrightSparks 2009-11-16 18:23:28 ----A---- C:\Windows\Setup.INI 2009-11-16 09:32:51 ----D---- C:\Users\AP-GP\AppData\Roaming\U3 2009-11-13 18:31:50 ----D---- C:\ProgramData\InstallShield 2009-11-13 18:31:22 ----D---- C:\Program Files\LaCie 2009-11-13 18:27:44 ----D---- C:\Windows\system32\URTTEMP 2009-11-11 17:43:53 ----A---- C:\Windows\system32\VACFix.exe 2009-11-11 17:43:53 ----A---- C:\Windows\system32\o4Patch.exe 2009-11-11 17:43:53 ----A---- C:\Windows\system32\IEDFix.C.exe 2009-11-11 17:43:53 ----A---- C:\Windows\system32\Agent.OMZ.Fix.exe 2009-11-11 17:43:53 ----A---- C:\Windows\system32\404Fix.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\WS2Fix.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\VCCLSID.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\swxcacls.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\swsc.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\swreg.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\SrchSTS.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\Process.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\IEDFix.exe 2009-11-11 17:43:52 ----A---- C:\Windows\system32\dumphive.exe 2009-11-10 08:46:05 ----D---- C:\Program Files\Microsoft Sync Framework 2009-11-09 17:43:30 ----A---- C:\Windows\system32\GEARAspi.dll 2009-11-05 12:52:26 ----D---- C:\Program Files\Registry Mechanic 2009-11-04 21:15:46 ----D---- C:\Program Files\iPod(24) 2009-11-04 21:15:40 ----D---- C:\Program Files\iTunes(25) 2009-11-04 09:40:24 ----D---- C:\Program Files\Softland
======List of files/folders modified in the last 1 months======
2009-12-03 17:20:16 ----D---- C:\Windows\Temp 2009-12-03 17:18:12 ----D---- C:\Program Files\Mozilla Firefox 2009-12-03 17:13:52 ----SHD---- C:\$Recycle.Bin 2009-12-03 17:13:46 ----SHD---- C:\RECYCLER 2009-12-03 17:13:44 ----D---- C:\Windows\Prefetch 2009-12-03 17:05:28 ----D---- C:\Windows\Tasks 2009-12-03 17:02:24 ----AD---- C:\ProgramData\TEMP 2009-12-03 16:29:03 ----D---- C:\Windows\System32 2009-12-03 16:29:03 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-12-03 16:29:02 ----D---- C:\Windows\inf 2009-12-03 13:06:27 ----RD---- C:\Program Files 2009-12-03 12:42:53 ----D---- C:\Windows\rescache 2009-12-03 12:31:44 ----D---- C:\ProgramData\Spybot - Search & Destroy 2009-12-03 12:20:17 ----D---- C:\Windows\system32\fr-FR 2009-12-03 12:18:50 ----SHD---- C:\Boot 2009-12-03 12:18:50 ----D---- C:\Windows\system32\config 2009-12-03 12:11:36 ----D---- C:\Windows\winsxs 2009-12-03 12:10:57 ----D---- C:\Windows\system32\catroot 2009-12-03 12:04:38 ----D---- C:\ProgramData\iolo 2009-12-03 12:04:11 ----D---- C:\Windows\Debug 2009-12-03 12:03:13 ----SHD---- C:\Windows\Installer 2009-12-03 12:03:08 ----D---- C:\Windows 2009-12-03 12:00:31 ----SHD---- C:\System Volume Information 2009-12-03 10:36:42 ----D---- C:\Program Files\OpenOffice.org 3 2009-12-03 10:35:03 ----RSD---- C:\Windows\assembly 2009-12-03 09:13:52 ----D---- C:\Windows\system32\Tasks 2009-12-02 18:12:28 ----D---- C:\Windows\system32\LogFiles 2009-12-02 18:11:33 ----D---- C:\Windows\system32\catroot2 2009-12-02 13:40:03 ----HD---- C:\ProgramData 2009-12-02 12:06:12 ----A---- C:\rapport.txt 2009-12-02 12:04:52 ----A---- C:\Windows\system32\tmp.txt 2009-11-29 11:16:52 ----D---- C:\Windows\system32\Msdtc 2009-11-29 11:16:43 ----D---- C:\Windows\system32\wbem 2009-11-29 11:15:29 ----D---- C:\Windows\system32\spool 2009-11-29 11:15:29 ----D---- C:\Users\AP-GP\AppData\Roaming\IrfanView 2009-11-29 11:15:25 ----D---- C:\Windows\registration 2009-11-28 20:01:08 ----D---- C:\Program Files\Common Files\microsoft shared 2009-11-28 19:54:19 ----D---- C:\Program Files\Common Files 2009-11-28 19:53:59 ----SD---- C:\ProgramData\Microsoft 2009-11-27 18:09:12 ----D---- C:\Windows\Microsoft.NET 2009-11-27 14:08:16 ----D---- C:\Program Files\Paint.NET 2009-11-27 11:19:04 ----D---- C:\Windows\system32\drivers 2009-11-27 11:18:58 ----D---- C:\Users\AP-GP\AppData\Roaming\dvdcss 2009-11-27 11:18:46 ----D---- C:\Program Files\Common Files\PC Tools 2009-11-23 18:18:27 ----D---- C:\Windows\Minidump 2009-11-19 18:18:09 ----A---- C:\Users\AP-GP\AppData\Roaming\SetValue.bat 2009-11-19 18:18:09 ----A---- C:\Users\AP-GP\AppData\Roaming\GetValue.vbs 2009-11-17 13:19:44 ----D---- C:\Program Files\Common Files\Acronis 2009-11-17 13:15:15 ----D---- C:\ProgramData\Acronis 2009-11-13 18:31:29 ----SD---- C:\Windows\Downloaded Program Files 2009-11-13 18:31:25 ----D---- C:\Program Files\Common Files\InstallShield 2009-11-13 18:30:08 ----D---- C:\Windows\Downloaded Installations 2009-11-13 18:27:45 ----D---- C:\Program Files\Internet Explorer 2009-11-09 17:43:30 ----DC---- C:\Windows\system32\DRVSTORE 2009-11-09 17:43:23 ----D---- C:\Program Files\iTunes 2009-11-09 17:41:00 ----D---- C:\Program Files\iPod 2009-11-09 17:40:58 ----D---- C:\Program Files\Common Files\Apple 2009-11-09 15:59:38 ----D---- C:\Program Files\QuickTime 2009-11-07 19:24:22 ----D---- C:\Program Files\CA Yahoo! Anti-Spy 2009-11-05 18:36:21 ----A---- C:\Windows\system32\mrt.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\Securitoo\av_fw\HIPS\drivers\fshs.sys [2008-12-04 67808] R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys [2008-12-04 35552] R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys [2008-12-04 70944] R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\minifilter\fsvista.sys [2008-12-04 12384] R1 pctgntdi;pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [2009-09-24 229304] R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2008-01-23 501560] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\Windows\system32\drivers\RTKVAC.SYS [2009-06-18 4172832] R3 FETND6V;VIA Rhine Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6v.sys [2008-09-22 43520] R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\minifilter\fsgk.sys [2009-09-14 99960] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2009-05-18 26600] R3 L6UX1;Service - Line 6 UX1; C:\Windows\System32\Drivers\L6UX1.sys [2009-01-07 530816] R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\lvusbsta.sys [2004-10-08 22016] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2006-10-09 4428160] R3 VST_DPV;VST_DPV; C:\Windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648] R3 VSTHWBS2;VSTHWBS2; C:\Windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904] R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\VSTCNXT3.SYS [2006-11-02 654336] S3 cmpci;TerraTec Aureon 5.1 (WDM); C:\Windows\system32\drivers\cmaudio.sys [2002-07-16 379726] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2007-12-02 15352] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service; C:\Windows\system32\DRIVERS\fetnd5bv.sys [2007-09-21 43520] S3 FETNDIS;Service de pilote de carte VIA famille Rhine 10/100Mo Fast Ethernet; C:\Windows\system32\DRIVERS\fetnd5.sys [2006-11-02 45568] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 NCHSSVAD;SoundTap Recorder; C:\Windows\system32\drivers\nchssvad.sys [2009-01-22 27136] S3 PCAMp50;PCAMp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCAMp50.sys [2006-11-28 28224] S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\Windows\System32\Drivers\PCASp50.sys [2006-11-28 27072] S3 pctplsg;pctplsg; \??\C:\Windows\System32\drivers\pctplsg.sys [2009-09-03 70408] S3 QCMerced;Logitech QuickCam Communicate; C:\Windows\system32\DRIVERS\LVCM.sys [2004-10-08 585824] S3 TfNetMon;TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [2009-10-08 33552] S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216] S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2005-05-26 21344] S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2005-05-26 38144] S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2005-06-24 39036] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 VIAudio;Contrôleur audio VIA AC'97; C:\Windows\system32\drivers\ac97via.sys [2006-11-02 68096] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSfilter.sys [2008-12-04 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\Securitoo\av_fw\Anti-Virus\Win2K\FSrec.sys [2008-12-04 25184] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-10-08 112592] R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\Securitoo\av_fw\Anti-Virus\fsgk32st.exe [2008-12-04 215648] R2 FSMA;F-Secure Management Agent; C:\Program Files\Securitoo\av_fw\Common\FSMA32.EXE [2008-12-04 117400] R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-10-20 659376] R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2009-10-20 659376] R2 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600] R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\Securitoo\av_fw\FSAUA\program\fsaua.exe [2008-12-04 490080] R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\Securitoo\av_fw\FWES\Program\fsdfwd.exe [2008-12-04 510560] R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\Securitoo\av_fw\ORSP Client\fsorsp.exe [2008-12-04 55904] S2 FTRTSVC;France Telecom Routing Table Service; C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe [2007-09-25 65536] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-12 183280] S3 aspnet_state;Service d'état ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048] S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-10-28 545568] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
-----------------EOF-----------------
|
|
Posté le 03/12/2009 à 22:26 |
Grande Maîtresse astucienne | bonsoir,
les liens pour le téléchargement de UsbFix non pas fonctionnés. J'ai donc téléchargé le logiciel UsbFix de C_XX & Chiquitine29 version V6.042 depuis Softonic.
désolée, mais chiquitine passe son temps à changer d'hébergeur, j'ai du mal à suivre
je regarde le dernier rapport.
|
|
Posté le 03/12/2009 à 22:44 |
Grande Maîtresse astucienne | re bonsoir,
on continue
* lance hijackthis "do a system scan only" puis coche ces lignes :
R3 - Default URLSearchHook is missing O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: (no name) - {0A87E45F-537A-40B4-B812-E2544C21A09F} - (no file)
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file) O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - (no file)
* clique sur FIX CHECKED
* via ajout et suppression de programmes, supprime
Dealio Toolbar
et
- Télécharge OTM (de Old_Timer) sur ton bureau,
- Double-clique sur OTM.exe pour lancer le programme,
- Copie la liste de fichiers ou de dossiers ci-dessous dans la citation et colle-la dans la fenêtre du programme "Paste Instructions for Items to be Moved" :
Begin copying here:
:Files
C:\Program Files\Dealio Toolbar C:\Windows\system32\tmp.txt
:Reg [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]
:Commands [emptytemp] [reboot]
- Clique sur MoveIt! pour lancer la suppression,
- Le résultat appraraîtra dans le cadre Results.
- Clique sur Exit pour fermer le programme.
- Poste le rapport qui est situé ici : C:\\\_OTM\MovedFiles
- Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.
* relance MBAM, supprime tout ce qui'l pourrait détecter, poste le rapport.
|
|
Posté le 04/12/2009 à 10:45 |
Petit astucien
| Bonjour Philéa......ci-joint les rapports demandés.
Rapport OTM
All processes killed ========== FILES ========== File/Folder C:\Program Files\Dealio Toolbar not found. C:\Windows\system32\tmp.txt moved successfully. ========== REGISTRY ========== Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: AP-GP ->Temp folder emptied: 37574 bytes ->Temporary Internet Files folder emptied: 2047203 bytes ->Java cache emptied: 29520337 bytes ->FireFox cache emptied: 50145765 bytes ->Google Chrome cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 262144 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 334926 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 13425990 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 91,37 mb OTM by OldTimer - Version 3.1.2.0 log created on 12042009_101036
Files moved on Reboot... File C:\Users\AP-GP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(67)\Content.IE5\FWXAO985\var2=1;var3=91280;var4=;var21=5;var22=1;var23=2;var24=2;var25=1;var26=91573;var7=;var8=0;var9=0;var10=0;var11=;var14=;tile=1;sz=300x250;ord=168210530513247[1].53 not found! File C:\Windows\temp\fb_2032.lck not found!
Registry entries deleted on Reboot...
Rapport MbAM en examen rapide...
Malwarebytes' Anti-Malware 1.41 Version de la base de données: 3267 Windows 6.0.6002 Service Pack 2
04/12/2009 10:38:42 mbam-log-2009-12-04 (10-38-42).txt
Type de recherche: Examen rapide Eléments examinés: 93096 Temps écoulé: 16 minute(s), 8 second(s)
Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0
Processus mémoire infecté(s): (Aucun élément nuisible détecté)
Module(s) mémoire infecté(s): (Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté)
Dossier(s) infecté(s): (Aucun élément nuisible détecté)
Fichier(s) infecté(s): (Aucun élément nuisible détecté).......
|
|
Posté le 04/12/2009 à 14:16 |
Grande Maîtresse astucienne | bonjour,
qu'en est il de tes problèmes initiaux ?
* télécharge ATFCleaner
http://www.atribune.org/ccount/click.php?id=1
Double-clique ATF-Cleaner.exe afin de lancer le programme. Sous l'onglet Main, choisis : Select All Clique sur le bouton Empty Selected Si tu utilises le navigateur Firefox : Clique Firefox au haut et choisis : Select All Clique le bouton Empty Selected NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite. Si tu utilises le navigateur Opera : Clique Opera au haut et choisis : Select All Clique le bouton Empty Selected NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite. Clique Exit, du menu prinicipal, afin de fermer le programme. |
|
Posté le 04/12/2009 à 18:48 |
Petit astucien
| Excuse moi pour ce retard
j'ai effectué qq manip ......(ce qui m'a pris un peu de temps au vue des remises en route du système!! pour plantage voir plus bas) :
A)
- Vista semble plus rapide à l'ouverture et en éxecution,
- pour savoir si le gestionnaire de tâches de windows se comporte normalement
- et pour essayer de copier des fichiers de mon PC vers DD externe (objet de cette demande)
j'ai constaté :Portail Orange
B)
- toujours ce problème de copies vers un DD externe (ex 2 fichiers copiés et plantage)
- le gestionnaire de tâches à l'air de fonctionner à peu près correctement et répond à mes demandes (sauf en cas de plantage là il tourne en rond....)
- que la copie vers mon DD externe de certains fichiers musicaux au format Wav (je compose des musiques) posent problèmes ce sont en général des fichiers de l'ordre de 40Mo ou 30 Mo ???? pourquoi ceux-là et pas les autres??
- par contre apparaît le problème suivant : si j'utilise Ccleaner (avec ou sans mode sans echec) pendant l'opération de nettoyage de Windows Ccleaner "se bloque" sur un fichier de vidage de la poubelle :EX -------> G:\§Recycle.bin\S-1-5-21-29189.......\§R7ZZ2W0\06-piste audio O6 .WAV
G étant le DD externe alors que les suppressions se passent normalement pour C !
si tu as une idée...sinon le Pc tourne normalement.......
A++
|
|
Posté le 04/12/2009 à 20:32 |
Grande Maîtresse astucienne | bonsoir,
A)
- Vista semble plus rapide à l'ouverture et en éxecution,
OK
- pour savoir si le gestionnaire de tâches de windows se comporte normalement
- et pour essayer de copier des fichiers de mon PC vers DD externe (objet de cette demande)
j'ai constaté :Portail Orange
Je n'ai pas compris pour le lien que tu donnes
B)
- toujours ce problème de copies vers un DD externe (ex 2 fichiers copiés et plantage)
- le gestionnaire de tâches à l'air de fonctionner à peu près correctement et répond à mes demandes (sauf en cas de plantage là il tourne en rond....)
- que la copie vers mon DD externe de certains fichiers musicaux au format Wav (je compose des musiques) posent problèmes ce sont en général des fichiers de l'ordre de 40Mo ou 30 Mo ???? pourquoi ceux-là et pas les autres??
aucune idée, je ne suis pas très douée de ce côté là. il faudrait voir sur un des autres forums je pense, à moins que je ne te trouve quelqu'un pour te répondr eici. on va voir ça.
- par contre apparaît le problème suivant : si j'utilise CCleaner (avec ou sans mode sans echec) pendant l'opération de nettoyage de Windows CCleaner "se bloque" sur un fichier de vidage de la poubelle :EX -------> G:\§Recycle.bin\S-1-5-21-29189.......\§R7ZZ2W0\06-piste audio O6 .WAV
G étant le DD externe alors que les suppressions se passent normalement pour C !
oui mais il est branché lorsque tu utilises CCLeaner ?? Vide les corbeilles. Et ré essaye
je ne dirais pas qu'il tourne vraiment normalement puisqu'il te reste des problèmes à régler. Par contre pour ce qui est du côté infectieux, je pense que ce doit etre bon maintenant, mais il faudrait quand même faire ceci par précaution.
ESET on line
|
|
Posté le 07/12/2009 à 09:56 |
Petit astucien
| Bonjour Philéa, suite à te demande ......le rapport ESET
ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=a3e633030a18e14b9db1cccea3edd0f5 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2009-12-06 04:31:12 # local_time=2009-12-06 05:31:12 (+0100, Paris, Madrid) # country="France" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 178662 178662 0 0 # compatibility_mode=1024 16777215 100 0 1441333 1441333 0 0 # compatibility_mode=2305 16775165 100 88 4349 31696636 1260088452 0 # compatibility_mode=5892 16776573 100 100 8255 97624824 0 0 # compatibility_mode=8192 67108863 100 0 3796 3796 0 0 # scanned=143274 # found=0 # cleaned=0 # scan_time=25021 |
|
Posté le 07/12/2009 à 21:25 |
Grande Maîtresse astucienne | bonsoir,
en ce qui concerne le côté infectieux, c'est tout bon pour moi.
tu peux supprimer
- Lance OTmoveIT.
- Clique sur CleanUp! (le programme va télécharger un fichier texte qui servira a nettoyer les programmes que l'on a téléchargé).
NOTE : Normalement, ton firewall (parefeu) devrait te demander si OTmoveIT peut accéder a internet, Autorise le.
- Une liste apparait dans la partie gauche d'OTmoveIT.
- Un message apparait pour confirmer le nettoyage. Confirme.
ensuite pour les autres soucis, il faut te diriger vers les forums adéquats. |
|
Posté le 08/12/2009 à 10:37 |
Petit astucien
| Bonjour Philaé,
Voilà toutes les opérations sont faites....merci encore pour ton travail. Je vais marqué comme résolu pour le côté infectieux. Quant au problème de copie sur DD externe mes recherches s'orientent vers une solution de câble USB2 en "Y"..... |
|
Posté le 08/12/2009 à 10:54 |
Grande Maîtresse astucienne |
bonjour
ok, j'espère que tu trouveras l'autre problème. Bonne journée |
|