|
 Posté le 23/01/2010 @ 23:08 |
Petite astucienne
| Boujour
Je dispose d'un netbook depuis 3 mois qui fonctionnait très bien. Malheureusement depuis que j'ai installé google chrome il y a quelques jours, un virus s'est installé : Malware Defense. J'ai suivi une démarche pour le désinstaller et je n'ai plus de probleme avec ce dernier mais maintenant :
- tout d'abord un message d'erreur s'affiche au démarrage : "le programme d'installation de google a rencontré un probleme et doit fermer" : j'ai desinstallé google chrome de mon pc pour télécharger mozilla mais ce message s'affiche toujours
- ensuite, le démarrage est très long et mon pc peut se planter n'importe quand
- enfin, des sons étranges sortant de je-ne-sais-ou retentissent (et il faut dire que la premiere fois que je l'ai entendu ça m'a fait un peu peur  ) : d'abord ça durait quelques secondes et ça s'arretait, maintenant ça peut durer 1 minute et ça retentit n'importe quand (par exemple tout à l'heure je l'ai entendu 2 fois de suite à 5 mn d'intervalle mais plus rien depuis 30 mn)
Merci de m'aider car je ne suis pas tres calée en informatique ! |
|
|
|
|
|
Posté le 23/01/2010 à 23:10 |
Petite astucienne
| Logfile of random's system information tool 1.06 (written by random/random)
Run by Floriane Garcia at 2010-01-23 22:38:16
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 56 GB (66%) free of 85 GB
Total RAM: 1015 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38:25, on 23/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Application Data\SeekService\seekservice149.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Documents and Settings\Floriane Garcia\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winsudate\gibusr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Winsudate\gibsvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\SeekService\seekservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Floriane Garcia\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Floriane Garcia.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask && Record Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Floriane Garcia\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SA9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Auto EPSON Stylus DX4000 Series sur GARCIA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SF3.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S192.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Floriane Garcia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cliconfg64.exe] C:\DOCUME~1\FLORIA~1\LOCALS~1\Temp\cliconfg64.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; AskTB5.4)" -"http://www.jeux.fr/jeu/Crashed-Ice.html"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: SeekService Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekService\seekservice149.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
--
End of file - 8830 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2377512271-749011200-1622839487-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2377512271-749011200-1622839487-1006UA.job
C:\WINDOWS\tasks\Norton Security Scan for Floriane Garcia.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-05 113512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask && Record Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-06-04 1144712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-26 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-26 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask && Record Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-06-04 1144712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-12-04 114688]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-12-17 622592]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-11-12 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-11-12 114688]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-11-12 94208]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-01-23 416768]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-08-05 647520]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-26 149280]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-02-14 17508864]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-20 57344]
"EoEngine"= []
"SoftwareHelper"=C:\Documents and Settings\Floriane Garcia\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-01-19 2743104]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EPSON Stylus DX4000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-09-21 139264]
"Auto EPSON Stylus DX4000 Series sur GARCIA"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-09-21 139264]
"EPSON Stylus DX4000 Series (Copie 1)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-09-21 139264]
"WinUsr"=C:\Program Files\Winsudate\gibusr.exe [2009-12-20 88304]
"Google Update"=C:\Documents and Settings\Floriane Garcia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-14 135664]
"cliconfg64.exe"=C:\DOCUME~1\FLORIA~1\LOCALS~1\Temp\cliconfg64.exe []
"Malware Defense"=C:\Program Files\Malware Defense\mdefense.exe -noscan []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe [2009-07-31 468408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-20 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Documents and Settings\Floriane Garcia\Menu Démarrer\Programmes\Démarrage
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-11-12 155648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ef6124e-ce0d-11de-9aed-0025d317be87}]
shell\AutoRun\command - F:\EmDesk.exe
shell\EmDesk\command - F:\EmDesk.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a66b2c4-028e-11df-9b70-0025d317be87}]
shell\AutoRun\command - E:\Toshiba\Launcher\start.exe
======List of files/folders created in the last 1 months======
2010-01-23 22:38:17 ----D---- C:\Program Files\trend micro
2010-01-23 22:38:16 ----D---- C:\rsit
2010-01-22 21:21:01 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\Auslogics
2010-01-22 21:20:54 ----D---- C:\Program Files\Auslogics
2010-01-22 18:59:01 ----D---- C:\Program Files\Mozilla Firefox
2010-01-21 22:35:01 ----SHD---- C:\Config.Msi
2010-01-21 21:12:39 ----A---- C:\WINDOWS\system32\tmp.txt
2010-01-21 21:11:11 ----A---- C:\rapport.txt
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\VACFix.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\swxcacls.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\swsc.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\swreg.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\Process.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\o4Patch.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\IEDFix.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\dumphive.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\404Fix.exe
2010-01-21 21:00:18 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-21 19:56:55 ----D---- C:\Program Files\Malware Defense
2010-01-19 22:27:24 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-19 22:27:15 ----D---- C:\Program Files\Alwil Software
2010-01-19 22:27:15 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-01-19 22:09:19 ----D---- C:\WINDOWS\system32\LogFiles
2010-01-19 21:53:33 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
2010-01-16 21:41:39 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\EoRezo
2010-01-14 17:24:26 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 14:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-10 10:23:49 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\bamEnglish.08AE7BFC096D057FBA48C7E4F898C35F7FA11BBA.1
2010-01-10 10:23:41 ----D---- C:\Program Files\ILoveENGLISH
2010-01-10 10:23:36 ----D---- C:\Program Files\Fichiers communs\Adobe AIR
2010-01-09 18:43:57 ----D---- C:\Program Files\TuxGuitar-Jet
2009-12-30 21:57:51 ----D---- C:\Program Files\Full Tilt Poker
======List of files/folders modified in the last 1 months======
2010-01-23 22:38:17 ----RD---- C:\Program Files
2010-01-23 22:36:59 ----D---- C:\WINDOWS\Temp
2010-01-23 22:05:29 ----D---- C:\WINDOWS
2010-01-23 21:55:30 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\LimeWire
2010-01-23 21:55:03 ----D---- C:\WINDOWS\system32
2010-01-23 13:33:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-23 11:12:37 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\vlc
2010-01-23 10:33:17 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-23 10:22:20 ----D---- C:\Program Files\SeekService
2010-01-23 10:17:32 ----D---- C:\Documents and Settings\All Users\Application Data\SeekService
2010-01-22 22:55:31 ----HD---- C:\WINDOWS\inf
2010-01-22 22:55:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 22:55:25 ----D---- C:\Program Files\Internet Explorer
2010-01-22 22:55:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-22 18:43:52 ----D---- C:\Program Files\Google
2010-01-22 18:43:52 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-01-22 18:43:51 ----SHD---- C:\WINDOWS\Installer
2010-01-21 22:41:02 ----D---- C:\WINDOWS\system32\drivers
2010-01-21 21:22:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-21 21:00:43 ----D---- C:\Documents and Settings
2010-01-21 20:03:12 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-21 19:46:22 ----D---- C:\WINDOWS\Prefetch
2010-01-19 23:15:36 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-19 22:27:34 ----D---- C:\WINDOWS\WinSxS
2010-01-19 16:49:01 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\Mozilla
2010-01-17 13:26:32 ----SHD---- C:\RECYCLER
2010-01-17 12:41:06 ----A---- C:\WINDOWS\imsins.BAK
2010-01-17 12:28:41 ----SD---- C:\WINDOWS\Tasks
2010-01-13 15:20:24 ----D---- C:\WINDOWS\AppPatch
2010-01-10 10:23:47 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-10 10:23:36 ----D---- C:\Program Files\Fichiers communs
2010-01-10 10:23:16 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\Adobe
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-02 16:05:57 ----RSD---- C:\WINDOWS\Fonts
2009-12-25 18:01:17 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2009-12-24 11:54:21 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\dvdcss
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-19 28240]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-19 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-19 46544]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-19 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-19 100304]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-09-18 1326528]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-19 23248]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-11-12 1181824]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-14 5029376]
R3 Ktp;Elantech Smart-Pad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2009-02-12 93696]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-09-23 38400]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S1 SRTSP;SRTSP; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS []
S1 SRTSPX;SRTSPX; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-06 1684736]
S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-05 1389056]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS []
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-19 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-26 153376]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SeekService Service;SeekService Service; C:\Documents and Settings\All Users\Application Data\SeekService\seekservice149.exe [2010-01-22 46048]
R2 WinSvc;Gestionnaire de mise à jour Winsudate; C:\Program Files\Winsudate\gibsvc.exe [2009-12-20 70896]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-19 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-19 40384]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-14 135664]
S2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF----------------- |
|
Posté le 23/01/2010 à 23:41 |
 Grand Maître astucien | Bonsoir.
Télécharge load_tdsskiller de Loup Blanc sur ton Bureau
http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe
Lance load_tdsskiller en double-cliquant dessus. Clic droit et exécuter en tant qu'administrateur avec Vista/Sept
L'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller, puis va lancer le scan.
A la fin du scan, appuie sur une touche pour continuer, comme l'indique le message dans la fenêtre noire d'invite de commande
Le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse
Le fichier est enregistré ici : C:\tdsskiller\report.txt
Fais redémarrer ton PC.
Désactive ton antivirus
Télécharge rkill de Grinler :
http://download.bleepingcomputer.com/grinler/rkill.exe.
Lance l'outil, il ne nécessite pas d'installation.
Télécharge et installe Malwarebytes Anti-Malware de RubbeR DuckY
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
A la fin de l'installation, veille à ce que l'option Mettre à jour Malwarebytes' Anti-Malware soit cochée. Clique sur "Terminer"
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur le bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free, clique sur OK.
Laisse les Mises à jour se télécharger.
Lance Malwarebytes Anti-Malware.
Dans l'onglet "Recherche", coche Exécuter un examen complet et Rechercher.
Sélectionne ton disque dur et clique sur Lancer l'examen.
A la fin du scan, sélectionne tout et clique sur Supprimer la sélection.
Poste le rapport qui s'ouvre après cette suppression.
Redémarre le pc.
Il se trouve dans l'onglet Rapports/Logs avec la date et l'heure d'exécution.
Tutoriel maison
Poste un nouveau rapport RSIT et donne des nouvelles.
@+ |
|
Posté le 23/01/2010 à 23:46 |
Grand Maître astucien | Ajout. en suivant.
Télécharge AD-Remover :
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe
Double clique sur AD-R.exe
Choisis la langue d'affichage, tape F et Entrer
Clique oui sur le disclaimer qui s'affiche pour poursuivre.
Au menu principal choisi l'option "L ( lancer le nettoyage )"
Clique sur la touche Entrer pour valider l'opération.
Poste le rapport qui apparait à la fin .
Le rapport est sauvegardé sous C:\Ad-report(date).log
Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
@+ |
|
Posté le 23/01/2010 à 23:51 |
Petite astucienne
| voila tout d'abord le rapport de TDSS
23:44:26:453 2268 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
23:44:26:453 2268 ================================================================================
23:44:26:453 2268 SystemInfo:
23:44:26:453 2268 OS Version: 5.1.2600 ServicePack: 3.0
23:44:26:453 2268 Product type: Workstation
23:44:26:453 2268 ComputerName: FLORIANE
23:44:26:453 2268 UserName: Floriane Garcia
23:44:26:453 2268 Windows directory: C:\WINDOWS
23:44:26:453 2268 Processor architecture: Intel x86
23:44:26:453 2268 Number of processors: 1
23:44:26:453 2268 Page size: 0x1000
23:44:26:453 2268 Boot type: Normal boot
23:44:26:453 2268 ================================================================================
23:44:26:468 2268 UnloadDriverW: NtUnloadDriver error 2
23:44:26:468 2268 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
23:44:26:468 2268 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
23:44:26:500 2268 UtilityInit: KLMD drop and load success
23:44:26:500 2268 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
23:44:26:500 2268 UtilityInit: KLMD open success
23:44:26:500 2268 UtilityInit: Initialize success
23:44:26:500 2268
23:44:26:500 2268 Scanning Services ...
23:44:26:500 2268 CreateRegParser: Registry parser init started
23:44:26:500 2268 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
23:44:26:500 2268 CreateRegParser: DisableWow64Redirection error
23:44:26:500 2268 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
23:44:26:500 2268 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
23:44:26:500 2268 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:44:26:500 2268 wfopen_ex: Trying to KLMD file open
23:44:26:500 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
23:44:26:500 2268 wfopen_ex: File opened ok (Flags 2)
23:44:26:500 2268 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: E04B48
23:44:26:500 2268 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
23:44:26:500 2268 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
23:44:26:500 2268 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:44:26:500 2268 wfopen_ex: Trying to KLMD file open
23:44:26:500 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
23:44:26:500 2268 wfopen_ex: File opened ok (Flags 2)
23:44:26:500 2268 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: E04BB0
23:44:26:500 2268 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
23:44:26:500 2268 CreateRegParser: EnableWow64Redirection error
23:44:26:500 2268 CreateRegParser: RegParser init completed
23:44:26:953 2268 GetAdvancedServicesInfo: Raw services enum returned 333 services
23:44:26:953 2268 ScanTDL2Services: Exact detect H8SRTd.sys (h: 1)
23:44:26:953 2268 RegNode HKLM\SYSTEM\ControlSet001\services\H8SRTd.sys infected by TDSS rootkit ... 23:44:26:953 2268 will be deleted on reboot
23:44:26:953 2268 DeleteTDL2Service: SafeBoot Minimal doesn't infected
23:44:26:953 2268 DeleteTDL2Service: SafeBoot Network doesn't infected
23:44:26:953 2268 RegNode HKLM\SYSTEM\ControlSet002\services\H8SRTd.sys infected by TDSS rootkit ... 23:44:26:953 2268 will be deleted on reboot
23:44:26:953 2268 DeleteTDL2Service: SafeBoot Minimal doesn't infected
23:44:26:953 2268 DeleteTDL2Service: SafeBoot Network doesn't infected
23:44:26:968 2268 File C:\WINDOWS\system32\drivers\H8SRTlvdvwmttap.sys infected by TDSS rootkit ... 23:44:26:968 2268 will be deleted on reboot
23:44:26:968 2268 DeleteTDL2Service: Module enum: Name: H8SRTd. Type: 1
23:44:26:968 2268 DeleteTDL2Service: Module clone ImagePath, skipping
23:44:26:968 2268 DeleteTDL2Service: Module enum: Name: H8SRTc. Type: 1
23:44:26:968 2268 File C:\WINDOWS\system32\H8SRTulbbaorobr.dll infected by TDSS rootkit ... 23:44:26:968 2268 will be deleted on reboot
23:44:26:968 2268 DeleteTDL2Service: Module enum: Name: H8SRTsrcr. Type: 1
23:44:26:968 2268 File C:\WINDOWS\system32\H8SRTqlmskdudnd.dat infected by TDSS rootkit ... 23:44:26:968 2268 will be deleted on reboot
23:44:26:968 2268 DeleteTDL2Service: Module enum: Name: h8srtserf. Type: 1
23:44:26:968 2268 File C:\WINDOWS\system32\H8SRTjqhmqwfrww.dll infected by TDSS rootkit ... 23:44:26:968 2268 will be deleted on reboot
23:44:26:968 2268 DeleteTDL2Service: Module enum: Name: h8srtmsg. Type: 1
23:44:26:968 2268 File C:\WINDOWS\system32\H8SRTxymovhorvg.dll infected by TDSS rootkit ... 23:44:26:968 2268 will be deleted on reboot
23:44:26:968 2268 DeleteTDL2Service: Module enum: Name: h8srtbbr. Type: 1
23:44:26:968 2268 File C:\WINDOWS\system32\H8SRTycvvkltenk.dll infected by TDSS rootkit ... 23:44:26:968 2268 will be deleted on reboot
23:44:26:968 2268 ScanTDL2Services: DeleteEvilService(H8SRTd.sys) success
23:44:26:968 2268 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
23:44:26:968 2268 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
23:44:26:968 2268
23:44:26:968 2268 Scanning Kernel memory ...
23:44:26:968 2268 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
23:44:26:968 2268 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 865C9A08
23:44:26:968 2268 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects
23:44:26:968 2268
23:44:26:968 2268 DetectCureTDL3: DEVICE_OBJECT: 86583C68
23:44:26:968 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86583C68
23:44:26:968 2268 KLMD_ReadMem: Trying to ReadMemory 0x86583C68[0x38]
23:44:26:968 2268 DetectCureTDL3: DRIVER_OBJECT: 865C9A08
23:44:26:968 2268 KLMD_ReadMem: Trying to ReadMemory 0x865C9A08[0xA8]
23:44:26:968 2268 KLMD_ReadMem: Trying to ReadMemory 0xE1518618[0x18]
23:44:26:968 2268 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
23:44:26:968 2268 DetectCureTDL3: IrpHandler (0) addr: F75CEBB0
23:44:26:968 2268 DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (2) addr: F75CEBB0
23:44:26:968 2268 DetectCureTDL3: IrpHandler (3) addr: F75C8D1F
23:44:26:968 2268 DetectCureTDL3: IrpHandler (4) addr: F75C8D1F
23:44:26:968 2268 DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (9) addr: F75C92E2
23:44:26:968 2268 DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (14) addr: F75C93BB
23:44:26:968 2268 DetectCureTDL3: IrpHandler (15) addr: F75CCF28
23:44:26:984 2268 DetectCureTDL3: IrpHandler (16) addr: F75C92E2
23:44:26:984 2268 DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:44:26:984 2268 DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:44:26:984 2268 DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:44:26:984 2268 DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:44:26:984 2268 DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:44:26:984 2268 DetectCureTDL3: IrpHandler (22) addr: F75CAC82
23:44:26:984 2268 DetectCureTDL3: IrpHandler (23) addr: F75CF99E
23:44:26:984 2268 DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:44:26:984 2268 DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:44:26:984 2268 DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:44:26:984 2268 TDL3_FileDetect: Processing driver: Disk
23:44:26:984 2268 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:26:984 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:27:000 2268 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
23:44:27:000 2268
23:44:27:000 2268 DetectCureTDL3: DEVICE_OBJECT: 86583030
23:44:27:000 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86583030
23:44:27:000 2268 KLMD_ReadMem: Trying to ReadMemory 0x86583030[0x38]
23:44:27:000 2268 DetectCureTDL3: DRIVER_OBJECT: 865C9A08
23:44:27:000 2268 KLMD_ReadMem: Trying to ReadMemory 0x865C9A08[0xA8]
23:44:27:000 2268 KLMD_ReadMem: Trying to ReadMemory 0xE1518618[0x18]
23:44:27:000 2268 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
23:44:27:000 2268 DetectCureTDL3: IrpHandler (0) addr: F75CEBB0
23:44:27:000 2268 DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (2) addr: F75CEBB0
23:44:27:000 2268 DetectCureTDL3: IrpHandler (3) addr: F75C8D1F
23:44:27:000 2268 DetectCureTDL3: IrpHandler (4) addr: F75C8D1F
23:44:27:000 2268 DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (9) addr: F75C92E2
23:44:27:000 2268 DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (14) addr: F75C93BB
23:44:27:000 2268 DetectCureTDL3: IrpHandler (15) addr: F75CCF28
23:44:27:000 2268 DetectCureTDL3: IrpHandler (16) addr: F75C92E2
23:44:27:000 2268 DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (22) addr: F75CAC82
23:44:27:000 2268 DetectCureTDL3: IrpHandler (23) addr: F75CF99E
23:44:27:000 2268 DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:44:27:000 2268 TDL3_FileDetect: Processing driver: Disk
23:44:27:000 2268 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:27:000 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:27:000 2268 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
23:44:27:000 2268
23:44:27:000 2268 DetectCureTDL3: DEVICE_OBJECT: 86572C68
23:44:27:000 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86572C68
23:44:27:000 2268 KLMD_ReadMem: Trying to ReadMemory 0x86572C68[0x38]
23:44:27:000 2268 DetectCureTDL3: DRIVER_OBJECT: 865C9A08
23:44:27:000 2268 KLMD_ReadMem: Trying to ReadMemory 0x865C9A08[0xA8]
23:44:27:000 2268 KLMD_ReadMem: Trying to ReadMemory 0xE1518618[0x18]
23:44:27:000 2268 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
23:44:27:000 2268 DetectCureTDL3: IrpHandler (0) addr: F75CEBB0
23:44:27:000 2268 DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (2) addr: F75CEBB0
23:44:27:000 2268 DetectCureTDL3: IrpHandler (3) addr: F75C8D1F
23:44:27:000 2268 DetectCureTDL3: IrpHandler (4) addr: F75C8D1F
23:44:27:000 2268 DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (9) addr: F75C92E2
23:44:27:015 2268 DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (14) addr: F75C93BB
23:44:27:015 2268 DetectCureTDL3: IrpHandler (15) addr: F75CCF28
23:44:27:015 2268 DetectCureTDL3: IrpHandler (16) addr: F75C92E2
23:44:27:015 2268 DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (22) addr: F75CAC82
23:44:27:015 2268 DetectCureTDL3: IrpHandler (23) addr: F75CF99E
23:44:27:015 2268 DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:44:27:015 2268 TDL3_FileDetect: Processing driver: Disk
23:44:27:015 2268 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:27:015 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:27:015 2268 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
23:44:27:015 2268
23:44:27:015 2268 DetectCureTDL3: DEVICE_OBJECT: 865739F0
23:44:27:015 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 865739F0
23:44:27:015 2268 KLMD_ReadMem: Trying to ReadMemory 0x865739F0[0x38]
23:44:27:015 2268 DetectCureTDL3: DRIVER_OBJECT: 865C9A08
23:44:27:015 2268 KLMD_ReadMem: Trying to ReadMemory 0x865C9A08[0xA8]
23:44:27:015 2268 KLMD_ReadMem: Trying to ReadMemory 0xE1518618[0x18]
23:44:27:015 2268 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
23:44:27:015 2268 DetectCureTDL3: IrpHandler (0) addr: F75CEBB0
23:44:27:015 2268 DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (2) addr: F75CEBB0
23:44:27:015 2268 DetectCureTDL3: IrpHandler (3) addr: F75C8D1F
23:44:27:015 2268 DetectCureTDL3: IrpHandler (4) addr: F75C8D1F
23:44:27:015 2268 DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (9) addr: F75C92E2
23:44:27:015 2268 DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (14) addr: F75C93BB
23:44:27:015 2268 DetectCureTDL3: IrpHandler (15) addr: F75CCF28
23:44:27:015 2268 DetectCureTDL3: IrpHandler (16) addr: F75C92E2
23:44:27:015 2268 DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (22) addr: F75CAC82
23:44:27:015 2268 DetectCureTDL3: IrpHandler (23) addr: F75CF99E
23:44:27:015 2268 DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:44:27:015 2268 TDL3_FileDetect: Processing driver: Disk
23:44:27:015 2268 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:27:015 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:27:015 2268 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
23:44:27:015 2268
23:44:27:015 2268 DetectCureTDL3: DEVICE_OBJECT: 865C8AB8
23:44:27:015 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 865C8AB8
23:44:27:015 2268 DetectCureTDL3: DEVICE_OBJECT: 865899E8
23:44:27:015 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 865899E8
23:44:27:015 2268 DetectCureTDL3: DEVICE_OBJECT: 8658E940
23:44:27:015 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8658E940
23:44:27:015 2268 KLMD_ReadMem: Trying to ReadMemory 0x8658E940[0x38]
23:44:27:015 2268 DetectCureTDL3: DRIVER_OBJECT: 865E2B30
23:44:27:015 2268 KLMD_ReadMem: Trying to ReadMemory 0x865E2B30[0xA8]
23:44:27:015 2268 KLMD_ReadMem: Trying to ReadMemory 0xE10139D0[0x1A]
23:44:27:015 2268 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
23:44:27:015 2268 DetectCureTDL3: IrpHandler (0) addr: F741A6F2
23:44:27:015 2268 DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (2) addr: F741A6F2
23:44:27:015 2268 DetectCureTDL3: IrpHandler (3) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (4) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (9) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (14) addr: F741A712
23:44:27:031 2268 DetectCureTDL3: IrpHandler (15) addr: F7416852
23:44:27:031 2268 DetectCureTDL3: IrpHandler (16) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (22) addr: F741A73C
23:44:27:031 2268 DetectCureTDL3: IrpHandler (23) addr: F7421336
23:44:27:031 2268 DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:44:27:031 2268 KLMD_ReadMem: Trying to ReadMemory 0xF7417864[0x400]
23:44:27:031 2268 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
23:44:27:031 2268 TDL3_FileDetect: Processing driver: atapi
23:44:27:031 2268 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
23:44:27:031 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
23:44:27:046 2268 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
23:44:27:046 2268 UtilityBootReinit: Reboot required for cure complete..
23:44:27:046 2268 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmdb.sys) returned status 00000000
23:44:27:046 2268 UtilityBootReinit: KLMD drop success
23:44:27:046 2268 KLMD_ApplyPendList: Pending buffer(12A8_37E8, 1032) dropped successfully
23:44:27:046 2268 UtilityBootReinit: Cure on reboot scheduled successfully
23:44:27:046 2268
23:44:27:046 2268 Completed
23:44:27:046 2268
23:44:27:046 2268 Results:
23:44:27:046 2268 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
23:44:27:046 2268 Registry objects infected / cured / cured on reboot: 2 / 0 / 2
23:44:27:062 2268 File objects infected / cured / cured on reboot: 6 / 0 / 6
23:44:27:062 2268
23:44:27:609 2268 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
23:44:27:609 2268 UtilityDeinit: KLMD(ARK) unloaded successfully |
|
Posté le 24/01/2010 à 10:27 |
Petite astucienne
| ensuite le rapport de Malwarebytes'
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3621
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
24/01/2010 00:49:30
mbam-log-2010-01-24 (00-49-30).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 212976
Temps écoulé: 48 minute(s), 50 second(s)
Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 24
Processus mémoire infecté(s):
C:\Documents and Settings\Floriane Garcia\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Unloaded process successfully.
C:\Program Files\Winsudate\gibusr.exe (Adware.Gibmedia) -> Unloaded process successfully.
C:\Program Files\Winsudate\gibsvc.exe (Adware.Gibmedia) -> Unloaded process successfully.
C:\Program Files\SeekService\seekservice.exe (Adware.Agent) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winsvc (Adware.Gibmedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekservice (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\softwarehelper (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winusr (Adware.Gibmedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cliconfg64.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\Winsudate (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\Documents and Settings\Floriane Garcia\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibusr.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibsvc.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\SeekService\seekservice.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekService\seekservice149.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Floriane Garcia\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\SeekService\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibcom.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibidl.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibupt.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP20\A0004979.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP21\A0005074.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP24\A0005184.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP30\A0006374.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP35\A0007065.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP51\A0011380.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP51\A0011381.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP51\A0011384.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP51\A0014454.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\tazebama.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h8srtkrl32mainweq.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h8srtshsyst.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\H8SRT7e36.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Floriane Garcia\Local Settings\Temp\H8SRTec2b.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
et le rapport de Ad-Report
.
======= RAPPORT D'AD-REMOVER 1.1.4.6_I | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 21.01.2010 à 9:13
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 10:31:23, 24/01/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: FLORIANE | Utilisateur actuel: Floriane Garcia
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
Service: *SeekService Service*
C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
C:\Program Files\Ask.com
C:\Program Files\SeekService
C:\DOCUME~1\FLORIA~1\APPLIC~1\EoRezo
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekService
C:\Documents and Settings\Floriane Garcia\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\Mathilde\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\LocalService\Application Data\EoRezo
(!) -- Fichiers temporaires supprimés.
.
HKCU\software\Ask.com
HKCU\software\AskToolbar
HKCU\software\EoRezo
HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\software\classes\appid\GenericAskToolbar.DLL
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\software\classes\GenericAskToolbar.ToolbarWnd
HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1
HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine
HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
HKLM\software\microsoft\windows\currentversion\uninstall\SoftwareUpdate_is1
HKLM\software\SeekService
HKU\.default\software\AskToolbar
HKU\.default\software\EoRezo
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.6 [fr] *
.
Nom du profil: qtai8m8k.default (Floriane Garcia)
.
(FLORIA~1, prefs.js) Browser.startup.homepage, hxxp://www.google.fr/ig?hl=fr
(FLORIA~1, prefs.js) Extensions.enabledItems, {20a82645-c095-46ed-80e3-08825760534b}:1.1,jqs@sun.com:1.0,{86009AEF-9162-4EBC-B698-FF71D7B6B049}:1.0,{0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.1,hashcolouredtabs@bristol.ac.uk:0.4.22,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6,{b41cb5f0-2e52-11de-8c30-0800200c9a66}:2.0.5
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\windows\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Start Page Redirect Cache_TIMESTAMP: 70d56a296577ca01
Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
Start Page Redirect Cache AcceptLangs: fr
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Use Custom Search URL: 0 (0x0)
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\windows\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 0 (0x0)
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
5357 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
165 Fichier(s) - C:\DOCUME~1\FLORIA~1\LOCALS~1\Temp
87 Fichier(s) - C:\WINDOWS\Temp
0 Fichier(s) - C:\WINDOWS\Prefetch
.
17 Fichier(s) - C:\Ad-Remover\BACKUP
43 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 10:38:58 | 24/01/2010 - CLEAN[1]
.
============== E.O.F ==============
.
Modifié par flolof le 24/01/2010 10:41 |
|
Posté le 24/01/2010 à 10:43 |
Petite astucienne
| enfin un nouveau rapport RSIT
Logfile of random's system information tool 1.06 (written by random/random)
Run by Floriane Garcia at 2010-01-24 10:42:18
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 58 GB (68%) free of 85 GB
Total RAM: 1015 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:25, on 24/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Floriane Garcia\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\Floriane Garcia.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SA9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Auto EPSON Stylus DX4000 Series sur GARCIA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SF3.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S192.tmp" /EF "HKCU"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; AskTB5.4)" -"http://www.jeux.fr/jeu/Crashed-Ice.html"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
--
End of file - 7564 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Floriane Garcia.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-05 113512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-26 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-26 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-12-04 114688]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-12-17 622592]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-11-12 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-11-12 114688]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-11-12 94208]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-01-23 416768]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-08-05 647520]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-26 149280]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-02-14 17508864]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-20 57344]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-01-19 2743104]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EPSON Stylus DX4000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-09-21 139264]
"Auto EPSON Stylus DX4000 Series sur GARCIA"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-09-21 139264]
"EPSON Stylus DX4000 Series (Copie 1)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-09-21 139264]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe [2009-07-31 468408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-20 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Documents and Settings\Floriane Garcia\Menu Démarrer\Programmes\Démarrage
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-11-12 155648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ef6124e-ce0d-11de-9aed-0025d317be87}]
shell\AutoRun\command - F:\EmDesk.exe
shell\EmDesk\command - F:\EmDesk.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a66b2c4-028e-11df-9b70-0025d317be87}]
shell\AutoRun\command - E:\Toshiba\Launcher\start.exe
======List of files/folders created in the last 1 months======
2010-01-24 10:29:42 ----D---- C:\Ad-Remover
2010-01-23 23:58:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-23 23:58:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-23 23:58:26 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\Malwarebytes
2010-01-23 23:44:26 ----A---- C:\TDSSKiller.2.2.2_23.01.2010_23.44.26_log.txt
2010-01-23 23:44:24 ----D---- C:\tdsskiller
2010-01-23 22:38:17 ----D---- C:\Program Files\trend micro
2010-01-23 22:38:16 ----D---- C:\rsit
2010-01-22 21:21:01 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\Auslogics
2010-01-22 21:20:54 ----D---- C:\Program Files\Auslogics
2010-01-22 18:59:01 ----D---- C:\Program Files\Mozilla Firefox
2010-01-22 18:31:55 ----A---- C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll
2010-01-21 22:35:01 ----SHD---- C:\Config.Msi
2010-01-21 21:12:39 ----A---- C:\WINDOWS\system32\tmp.txt
2010-01-21 21:11:11 ----A---- C:\rapport.txt
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\VACFix.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\swxcacls.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\swsc.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\swreg.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\Process.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\o4Patch.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\IEDFix.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\dumphive.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\404Fix.exe
2010-01-21 21:00:18 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-21 17:16:32 ----A---- C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll
2010-01-19 22:27:24 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-19 22:27:15 ----D---- C:\Program Files\Alwil Software
2010-01-19 22:27:15 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-01-19 22:09:19 ----D---- C:\WINDOWS\system32\LogFiles
2010-01-19 21:53:33 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
2010-01-14 17:24:26 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 14:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-10 10:23:49 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\bamEnglish.08AE7BFC096D057FBA48C7E4F898C35F7FA11BBA.1
2010-01-10 10:23:41 ----D---- C:\Program Files\ILoveENGLISH
2010-01-10 10:23:36 ----D---- C:\Program Files\Fichiers communs\Adobe AIR
2010-01-09 18:43:57 ----D---- C:\Program Files\TuxGuitar-Jet
2009-12-30 21:57:51 ----D---- C:\Program Files\Full Tilt Poker
======List of files/folders modified in the last 1 months======
2010-01-24 10:39:34 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\LimeWire
2010-01-24 10:36:17 ----D---- C:\WINDOWS\Prefetch
2010-01-24 10:36:16 ----D---- C:\WINDOWS\Temp
2010-01-24 10:33:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-24 10:33:02 ----RD---- C:\Program Files
2010-01-24 10:32:59 ----SD---- C:\WINDOWS\Tasks
2010-01-24 10:32:57 ----SHD---- C:\WINDOWS\Installer
2010-01-24 10:30:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-24 00:50:47 ----D---- C:\WINDOWS\system32\drivers
2010-01-24 00:49:30 ----D---- C:\WINDOWS\system32
2010-01-24 00:49:30 ----D---- C:\Documents and Settings
2010-01-24 00:43:21 ----D---- C:\WINDOWS
2010-01-23 11:12:37 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\vlc
2010-01-22 22:55:31 ----HD---- C:\WINDOWS\inf
2010-01-22 22:55:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 22:55:25 ----D---- C:\Program Files\Internet Explorer
2010-01-22 22:55:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-22 18:43:52 ----D---- C:\Program Files\Google
2010-01-22 18:43:52 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-01-21 21:22:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-21 20:03:12 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-19 23:15:36 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-19 22:27:34 ----D---- C:\WINDOWS\WinSxS
2010-01-19 16:49:01 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\Mozilla
2010-01-17 13:26:32 ----SHD---- C:\RECYCLER
2010-01-17 12:41:06 ----A---- C:\WINDOWS\imsins.BAK
2010-01-13 15:20:24 ----D---- C:\WINDOWS\AppPatch
2010-01-10 10:23:47 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-10 10:23:36 ----D---- C:\Program Files\Fichiers communs
2010-01-10 10:23:16 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\Adobe
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-02 16:05:57 ----RSD---- C:\WINDOWS\Fonts
2009-12-25 18:01:17 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-19 28240]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-19 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-19 46544]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-19 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-19 100304]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-09-18 1326528]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-19 23248]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-11-12 1181824]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-14 5029376]
R3 Ktp;Elantech Smart-Pad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2009-02-12 93696]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-09-23 38400]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S1 SRTSP;SRTSP; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS []
S1 SRTSPX;SRTSPX; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-06 1684736]
S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-05 1389056]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS []
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-19 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-26 153376]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-19 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-19 40384]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-14 135664]
S2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF----------------- |
|
Posté le 24/01/2010 à 12:12 |
Grand Maître astucien | Bonjour.
Je pense que ton pc se comporte déjà un peu mieux.
Tu as oublié le passage de rkill ?
Un petite manip pour peaufiner.
Télécharge OTM de OldTimer :
http://oldtimer.geekstogo.com/OTM.exe
Enregistre-le sur le Bureau.
Double-clique sur OTM.exe pour lancer l'outil.
Note :
Sous Vista, clic droit sur le fichier et Exécuter en tant qu'administrateur.
Copie toutes les lignes ci-dessous en citation par CTRL+C dans le presse-papier.
Go
:files
C:\WINDOWS\tasks\Norton Security Scan for Floriane Garcia.job
C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll
C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll
:commands
[purity]
[emptytemp]
Dans OtMoveIt3, place le curseur dans la la fenêtre "Paste Instructions for item to be Moved" et tu cliques sur CTRL+V pour coller le contenu du presse-papier. Clique sur le bouton MoveIt!, le rouge.  Ferme l'outil. Poste le contenu du rapport C:\_OTM\MovedFiles\********_******.logLes * représentent Mois/Jour/Année_Heure/Minutes/Secondes
Mets à jour Adobe Reader
-Acrobat Reader 9.3 :
Sélectionne ton système et la version appropriée ainsi que la langue souhaitée.
Décoche McAfee Security Scan
Clique sur Télécharger maintenant.
Installe-le
Cette version désinstalle les précédentes.
@+ |
|
Posté le 24/01/2010 à 12:53 |
Petite astucienne
| Merci beaucoup, mon pc rame beaucoup moins, est beaucoup plus rapide au démarrage et il ne plante plus 
voila le rapport :
All processes killed
Error: Unable to interpret <Go> in the current context!
========== FILES ==========
C:\WINDOWS\tasks\Norton Security Scan for Floriane Garcia.job moved successfully.
LoadLibrary failed for C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll
C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll moved successfully.
LoadLibrary failed for C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll
C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 11540 bytes
->Temporary Internet Files folder emptied: 71271 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: Floriane Garcia
->Temp folder emptied: 5338958 bytes
->Temporary Internet Files folder emptied: 427704 bytes
->Java cache emptied: 42323458 bytes
->FireFox cache emptied: 56864981 bytes
->Google Chrome cache emptied: 180016424 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 4549729 bytes
->Java cache emptied: 13690431 bytes
User: Mathilde
->Temp folder emptied: 4482432 bytes
->Temporary Internet Files folder emptied: 422768349 bytes
->Java cache emptied: 586541 bytes
->FireFox cache emptied: 66696221 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28858553 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23968452 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 58781 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 811,00 mb
OTM by OldTimer - Version 3.1.6.0 log created on 01242010_124233
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot... |
|
mon pc portable bugge et rame
À LA UNE
PRATIQUE
LOGITHÈQUE
TABLETTE ET MOBILE
BONS PLANS
FONDS D'ÉCRAN
JEUX
FORUM
