> Tous les forums > Forum Sécurité
 mon pc portable bugge et rame
Ajouter un message à la discussion
Page : [1] 
Page 1 sur 1
flolof
  Posté le 23/01/2010 @ 23:08 
Aller en bas de la page 
Petite astucienne

Boujour

Je dispose d'un netbook depuis 3 mois qui fonctionnait très bien. Malheureusement depuis que j'ai installé google chrome il y a quelques jours, un virus s'est installé : Malware Defense. J'ai suivi une démarche pour le désinstaller et je n'ai plus de probleme avec ce dernier mais maintenant :

- tout d'abord un message d'erreur s'affiche au démarrage : "le programme d'installation de google a rencontré un probleme et doit fermer" : j'ai desinstallé google chrome de mon pc pour télécharger mozilla mais ce message s'affiche toujours

- ensuite, le démarrage est très long et mon pc peut se planter n'importe quand

- enfin, des sons étranges sortant de je-ne-sais-ou retentissent (et il faut dire que la premiere fois que je l'ai entendu ça m'a fait un peu peur ) : d'abord ça durait quelques secondes et ça s'arretait, maintenant ça peut durer 1 minute et ça retentit n'importe quand (par exemple tout à l'heure je l'ai entendu 2 fois de suite à 5 mn d'intervalle mais plus rien depuis 30 mn)

Merci de m'aider car je ne suis pas tres calée en informatique !

Publicité
flolof
 Posté le 23/01/2010 à 23:10 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Logfile of random's system information tool 1.06 (written by random/random)
Run by Floriane Garcia at 2010-01-23 22:38:16
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 56 GB (66%) free of 85 GB
Total RAM: 1015 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:38:25, on 23/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Application Data\SeekService\seekservice149.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Documents and Settings\Floriane Garcia\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winsudate\gibusr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\Winsudate\gibsvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\SeekService\seekservice.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Floriane Garcia\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\Floriane Garcia.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask && Record Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\Floriane Garcia\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SA9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Auto EPSON Stylus DX4000 Series sur GARCIA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SF3.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S192.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Floriane Garcia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cliconfg64.exe] C:\DOCUME~1\FLORIA~1\LOCALS~1\Temp\cliconfg64.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; AskTB5.4)" -"http://www.jeux.fr/jeu/Crashed-Ice.html"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: SeekService Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\SeekService\seekservice149.exe
O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe

--
End of file - 8830 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2377512271-749011200-1622839487-1006Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2377512271-749011200-1622839487-1006UA.job
C:\WINDOWS\tasks\Norton Security Scan for Floriane Garcia.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-05 113512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask && Record Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-06-04 1144712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask && Record Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2009-06-04 1144712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-12-04 114688]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-12-17 622592]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-11-12 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-11-12 114688]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-11-12 94208]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-01-23 416768]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-08-05 647520]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-26 149280]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-02-14 17508864]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-20 57344]
"EoEngine"= []
"SoftwareHelper"=C:\Documents and Settings\Floriane Garcia\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe [2008-12-09 368224]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-01-19 2743104]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EPSON Stylus DX4000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-09-21 139264]
"Auto EPSON Stylus DX4000 Series sur GARCIA"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-09-21 139264]
"EPSON Stylus DX4000 Series (Copie 1)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-09-21 139264]
"WinUsr"=C:\Program Files\Winsudate\gibusr.exe [2009-12-20 88304]
"Google Update"=C:\Documents and Settings\Floriane Garcia\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-14 135664]
"cliconfg64.exe"=C:\DOCUME~1\FLORIA~1\LOCALS~1\Temp\cliconfg64.exe []
"Malware Defense"=C:\Program Files\Malware Defense\mdefense.exe -noscan []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-20 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

C:\Documents and Settings\Floriane Garcia\Menu Démarrer\Programmes\Démarrage
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-11-12 155648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ef6124e-ce0d-11de-9aed-0025d317be87}]
shell\AutoRun\command - F:\EmDesk.exe
shell\EmDesk\command - F:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a66b2c4-028e-11df-9b70-0025d317be87}]
shell\AutoRun\command - E:\Toshiba\Launcher\start.exe


======List of files/folders created in the last 1 months======

2010-01-23 22:38:17 ----D---- C:\Program Files\trend micro
2010-01-23 22:38:16 ----D---- C:\rsit
2010-01-22 21:21:01 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\Auslogics
2010-01-22 21:20:54 ----D---- C:\Program Files\Auslogics
2010-01-22 18:59:01 ----D---- C:\Program Files\Mozilla Firefox
2010-01-21 22:35:01 ----SHD---- C:\Config.Msi
2010-01-21 21:12:39 ----A---- C:\WINDOWS\system32\tmp.txt
2010-01-21 21:11:11 ----A---- C:\rapport.txt
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\VACFix.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\swxcacls.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\swsc.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\swreg.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\Process.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\o4Patch.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\IEDFix.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\dumphive.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\404Fix.exe
2010-01-21 21:00:18 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-21 19:56:55 ----D---- C:\Program Files\Malware Defense
2010-01-19 22:27:24 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-19 22:27:15 ----D---- C:\Program Files\Alwil Software
2010-01-19 22:27:15 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-01-19 22:09:19 ----D---- C:\WINDOWS\system32\LogFiles
2010-01-19 21:53:33 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
2010-01-16 21:41:39 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\EoRezo
2010-01-14 17:24:26 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 14:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-10 10:23:49 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\bamEnglish.08AE7BFC096D057FBA48C7E4F898C35F7FA11BBA.1
2010-01-10 10:23:41 ----D---- C:\Program Files\ILoveENGLISH
2010-01-10 10:23:36 ----D---- C:\Program Files\Fichiers communs\Adobe AIR
2010-01-09 18:43:57 ----D---- C:\Program Files\TuxGuitar-Jet
2009-12-30 21:57:51 ----D---- C:\Program Files\Full Tilt Poker

======List of files/folders modified in the last 1 months======

2010-01-23 22:38:17 ----RD---- C:\Program Files
2010-01-23 22:36:59 ----D---- C:\WINDOWS\Temp
2010-01-23 22:05:29 ----D---- C:\WINDOWS
2010-01-23 21:55:30 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\LimeWire
2010-01-23 21:55:03 ----D---- C:\WINDOWS\system32
2010-01-23 13:33:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-23 11:12:37 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\vlc
2010-01-23 10:33:17 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-23 10:22:20 ----D---- C:\Program Files\SeekService
2010-01-23 10:17:32 ----D---- C:\Documents and Settings\All Users\Application Data\SeekService
2010-01-22 22:55:31 ----HD---- C:\WINDOWS\inf
2010-01-22 22:55:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 22:55:25 ----D---- C:\Program Files\Internet Explorer
2010-01-22 22:55:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-22 18:43:52 ----D---- C:\Program Files\Google
2010-01-22 18:43:52 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-01-22 18:43:51 ----SHD---- C:\WINDOWS\Installer
2010-01-21 22:41:02 ----D---- C:\WINDOWS\system32\drivers
2010-01-21 21:22:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-21 21:00:43 ----D---- C:\Documents and Settings
2010-01-21 20:03:12 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-21 19:46:22 ----D---- C:\WINDOWS\Prefetch
2010-01-19 23:15:36 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-19 22:27:34 ----D---- C:\WINDOWS\WinSxS
2010-01-19 16:49:01 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\Mozilla
2010-01-17 13:26:32 ----SHD---- C:\RECYCLER
2010-01-17 12:41:06 ----A---- C:\WINDOWS\imsins.BAK
2010-01-17 12:28:41 ----SD---- C:\WINDOWS\Tasks
2010-01-13 15:20:24 ----D---- C:\WINDOWS\AppPatch
2010-01-10 10:23:47 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-10 10:23:36 ----D---- C:\Program Files\Fichiers communs
2010-01-10 10:23:16 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\Adobe
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-02 16:05:57 ----RSD---- C:\WINDOWS\Fonts
2009-12-25 18:01:17 ----D---- C:\Program Files\Fichiers communs\Symantec Shared
2009-12-24 11:54:21 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-19 28240]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-19 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-19 46544]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-19 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-19 100304]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-09-18 1326528]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-19 23248]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-11-12 1181824]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-14 5029376]
R3 Ktp;Elantech Smart-Pad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2009-02-12 93696]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-09-23 38400]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S1 SRTSP;SRTSP; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS []
S1 SRTSPX;SRTSPX; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-06 1684736]
S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-05 1389056]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS []
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-19 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-26 153376]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 SeekService Service;SeekService Service; C:\Documents and Settings\All Users\Application Data\SeekService\seekservice149.exe [2010-01-22 46048]
R2 WinSvc;Gestionnaire de mise à jour Winsudate; C:\Program Files\Winsudate\gibsvc.exe [2009-12-20 70896]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-19 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-19 40384]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-14 135664]
S2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

nardino
 Posté le 23/01/2010 à 23:41 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonsoir.

Télécharge load_tdsskiller de Loup Blanc sur ton Bureau
http://fradesch.perso.cegetel.net/transf/Load_tdsskiller.exe

Lance load_tdsskiller en double-cliquant dessus. Clic droit et exécuter en tant qu'administrateur avec Vista/Sept
L'outil va se connecter au Net pour télécharger une copie à jour de TDSSKiller, puis va lancer le scan.
A la fin du scan, appuie sur une touche pour continuer, comme l'indique le message dans la fenêtre noire d'invite de commande
Le rapport s'affichera automatiquement : copie-colle son contenu dans ta prochaine réponse
Le fichier est enregistré ici : C:\tdsskiller\report.txt
Fais redémarrer ton PC.

Désactive ton antivirus

Télécharge rkill de Grinler :
http://download.bleepingcomputer.com/grinler/rkill.exe.

Lance l'outil, il ne nécessite pas d'installation.

Télécharge et installe Malwarebytes Anti-Malware de RubbeR DuckY
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

A la fin de l'installation, veille à ce que l'option Mettre à jour Malwarebytes' Anti-Malware soit cochée. Clique sur "Terminer"
Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur le bureau.
Au premier lancement, une fenêtre t'annonce que la version est Free, clique sur OK.
Laisse les Mises à jour se télécharger.

Lance Malwarebytes Anti-Malware.
Dans l'onglet "Recherche", coche Exécuter un examen complet et Rechercher.
Sélectionne ton disque dur et clique sur Lancer l'examen.

A la fin du scan, sélectionne tout et clique sur Supprimer la sélection.
Poste le rapport qui s'ouvre après cette suppression.
Redémarre le pc.
Il se trouve dans l'onglet Rapports/Logs avec la date et l'heure d'exécution.
Tutoriel maison

Poste un nouveau rapport RSIT et donne des nouvelles.

@+

nardino
 Posté le 23/01/2010 à 23:46 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Ajout. en suivant.

Télécharge AD-Remover :
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

Double clique sur AD-R.exe

Choisis la langue d'affichage, tape F et Entrer
Clique oui sur le disclaimer qui s'affiche pour poursuivre.
Au menu principal choisi l'option "L ( lancer le nettoyage )"
Clique sur la touche Entrer pour valider l'opération.
Poste le rapport qui apparait à la fin .

Le rapport est sauvegardé sous C:\Ad-report(date).log

Note :
"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

@+

flolof
 Posté le 23/01/2010 à 23:51 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

voila tout d'abord le rapport de TDSS

23:44:26:453 2268 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
23:44:26:453 2268 ================================================================================
23:44:26:453 2268 SystemInfo:

23:44:26:453 2268 OS Version: 5.1.2600 ServicePack: 3.0
23:44:26:453 2268 Product type: Workstation
23:44:26:453 2268 ComputerName: FLORIANE
23:44:26:453 2268 UserName: Floriane Garcia
23:44:26:453 2268 Windows directory: C:\WINDOWS
23:44:26:453 2268 Processor architecture: Intel x86
23:44:26:453 2268 Number of processors: 1
23:44:26:453 2268 Page size: 0x1000
23:44:26:453 2268 Boot type: Normal boot
23:44:26:453 2268 ================================================================================
23:44:26:468 2268 UnloadDriverW: NtUnloadDriver error 2
23:44:26:468 2268 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
23:44:26:468 2268 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
23:44:26:500 2268 UtilityInit: KLMD drop and load success
23:44:26:500 2268 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
23:44:26:500 2268 UtilityInit: KLMD open success
23:44:26:500 2268 UtilityInit: Initialize success
23:44:26:500 2268
23:44:26:500 2268 Scanning Services ...
23:44:26:500 2268 CreateRegParser: Registry parser init started
23:44:26:500 2268 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
23:44:26:500 2268 CreateRegParser: DisableWow64Redirection error
23:44:26:500 2268 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
23:44:26:500 2268 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
23:44:26:500 2268 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:44:26:500 2268 wfopen_ex: Trying to KLMD file open
23:44:26:500 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
23:44:26:500 2268 wfopen_ex: File opened ok (Flags 2)
23:44:26:500 2268 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: E04B48
23:44:26:500 2268 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
23:44:26:500 2268 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
23:44:26:500 2268 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:44:26:500 2268 wfopen_ex: Trying to KLMD file open
23:44:26:500 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
23:44:26:500 2268 wfopen_ex: File opened ok (Flags 2)
23:44:26:500 2268 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: E04BB0
23:44:26:500 2268 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
23:44:26:500 2268 CreateRegParser: EnableWow64Redirection error
23:44:26:500 2268 CreateRegParser: RegParser init completed
23:44:26:953 2268 GetAdvancedServicesInfo: Raw services enum returned 333 services
23:44:26:953 2268 ScanTDL2Services: Exact detect H8SRTd.sys (h: 1)
23:44:26:953 2268 RegNode HKLM\SYSTEM\ControlSet001\services\H8SRTd.sys infected by TDSS rootkit ... 23:44:26:953 2268 will be deleted on reboot
23:44:26:953 2268 DeleteTDL2Service: SafeBoot Minimal doesn't infected
23:44:26:953 2268 DeleteTDL2Service: SafeBoot Network doesn't infected
23:44:26:953 2268 RegNode HKLM\SYSTEM\ControlSet002\services\H8SRTd.sys infected by TDSS rootkit ... 23:44:26:953 2268 will be deleted on reboot
23:44:26:953 2268 DeleteTDL2Service: SafeBoot Minimal doesn't infected
23:44:26:953 2268 DeleteTDL2Service: SafeBoot Network doesn't infected
23:44:26:968 2268 File C:\WINDOWS\system32\drivers\H8SRTlvdvwmttap.sys infected by TDSS rootkit ... 23:44:26:968 2268 will be deleted on reboot
23:44:26:968 2268 DeleteTDL2Service: Module enum: Name: H8SRTd. Type: 1
23:44:26:968 2268 DeleteTDL2Service: Module clone ImagePath, skipping
23:44:26:968 2268 DeleteTDL2Service: Module enum: Name: H8SRTc. Type: 1
23:44:26:968 2268 File C:\WINDOWS\system32\H8SRTulbbaorobr.dll infected by TDSS rootkit ... 23:44:26:968 2268 will be deleted on reboot
23:44:26:968 2268 DeleteTDL2Service: Module enum: Name: H8SRTsrcr. Type: 1
23:44:26:968 2268 File C:\WINDOWS\system32\H8SRTqlmskdudnd.dat infected by TDSS rootkit ... 23:44:26:968 2268 will be deleted on reboot
23:44:26:968 2268 DeleteTDL2Service: Module enum: Name: h8srtserf. Type: 1
23:44:26:968 2268 File C:\WINDOWS\system32\H8SRTjqhmqwfrww.dll infected by TDSS rootkit ... 23:44:26:968 2268 will be deleted on reboot
23:44:26:968 2268 DeleteTDL2Service: Module enum: Name: h8srtmsg. Type: 1
23:44:26:968 2268 File C:\WINDOWS\system32\H8SRTxymovhorvg.dll infected by TDSS rootkit ... 23:44:26:968 2268 will be deleted on reboot
23:44:26:968 2268 DeleteTDL2Service: Module enum: Name: h8srtbbr. Type: 1
23:44:26:968 2268 File C:\WINDOWS\system32\H8SRTycvvkltenk.dll infected by TDSS rootkit ... 23:44:26:968 2268 will be deleted on reboot
23:44:26:968 2268 ScanTDL2Services: DeleteEvilService(H8SRTd.sys) success
23:44:26:968 2268 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
23:44:26:968 2268 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
23:44:26:968 2268
23:44:26:968 2268 Scanning Kernel memory ...
23:44:26:968 2268 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
23:44:26:968 2268 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 865C9A08
23:44:26:968 2268 DetectCureTDL3: KLMD_GetDeviceObjectList returned 5 DevObjects
23:44:26:968 2268
23:44:26:968 2268 DetectCureTDL3: DEVICE_OBJECT: 86583C68
23:44:26:968 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86583C68
23:44:26:968 2268 KLMD_ReadMem: Trying to ReadMemory 0x86583C68[0x38]
23:44:26:968 2268 DetectCureTDL3: DRIVER_OBJECT: 865C9A08
23:44:26:968 2268 KLMD_ReadMem: Trying to ReadMemory 0x865C9A08[0xA8]
23:44:26:968 2268 KLMD_ReadMem: Trying to ReadMemory 0xE1518618[0x18]
23:44:26:968 2268 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
23:44:26:968 2268 DetectCureTDL3: IrpHandler (0) addr: F75CEBB0
23:44:26:968 2268 DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (2) addr: F75CEBB0
23:44:26:968 2268 DetectCureTDL3: IrpHandler (3) addr: F75C8D1F
23:44:26:968 2268 DetectCureTDL3: IrpHandler (4) addr: F75C8D1F
23:44:26:968 2268 DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (9) addr: F75C92E2
23:44:26:968 2268 DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:44:26:968 2268 DetectCureTDL3: IrpHandler (14) addr: F75C93BB
23:44:26:968 2268 DetectCureTDL3: IrpHandler (15) addr: F75CCF28
23:44:26:984 2268 DetectCureTDL3: IrpHandler (16) addr: F75C92E2
23:44:26:984 2268 DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:44:26:984 2268 DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:44:26:984 2268 DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:44:26:984 2268 DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:44:26:984 2268 DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:44:26:984 2268 DetectCureTDL3: IrpHandler (22) addr: F75CAC82
23:44:26:984 2268 DetectCureTDL3: IrpHandler (23) addr: F75CF99E
23:44:26:984 2268 DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:44:26:984 2268 DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:44:26:984 2268 DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:44:26:984 2268 TDL3_FileDetect: Processing driver: Disk
23:44:26:984 2268 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:26:984 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:27:000 2268 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
23:44:27:000 2268
23:44:27:000 2268 DetectCureTDL3: DEVICE_OBJECT: 86583030
23:44:27:000 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86583030
23:44:27:000 2268 KLMD_ReadMem: Trying to ReadMemory 0x86583030[0x38]
23:44:27:000 2268 DetectCureTDL3: DRIVER_OBJECT: 865C9A08
23:44:27:000 2268 KLMD_ReadMem: Trying to ReadMemory 0x865C9A08[0xA8]
23:44:27:000 2268 KLMD_ReadMem: Trying to ReadMemory 0xE1518618[0x18]
23:44:27:000 2268 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
23:44:27:000 2268 DetectCureTDL3: IrpHandler (0) addr: F75CEBB0
23:44:27:000 2268 DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (2) addr: F75CEBB0
23:44:27:000 2268 DetectCureTDL3: IrpHandler (3) addr: F75C8D1F
23:44:27:000 2268 DetectCureTDL3: IrpHandler (4) addr: F75C8D1F
23:44:27:000 2268 DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (9) addr: F75C92E2
23:44:27:000 2268 DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (14) addr: F75C93BB
23:44:27:000 2268 DetectCureTDL3: IrpHandler (15) addr: F75CCF28
23:44:27:000 2268 DetectCureTDL3: IrpHandler (16) addr: F75C92E2
23:44:27:000 2268 DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (22) addr: F75CAC82
23:44:27:000 2268 DetectCureTDL3: IrpHandler (23) addr: F75CF99E
23:44:27:000 2268 DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:44:27:000 2268 TDL3_FileDetect: Processing driver: Disk
23:44:27:000 2268 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:27:000 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:27:000 2268 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
23:44:27:000 2268
23:44:27:000 2268 DetectCureTDL3: DEVICE_OBJECT: 86572C68
23:44:27:000 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 86572C68
23:44:27:000 2268 KLMD_ReadMem: Trying to ReadMemory 0x86572C68[0x38]
23:44:27:000 2268 DetectCureTDL3: DRIVER_OBJECT: 865C9A08
23:44:27:000 2268 KLMD_ReadMem: Trying to ReadMemory 0x865C9A08[0xA8]
23:44:27:000 2268 KLMD_ReadMem: Trying to ReadMemory 0xE1518618[0x18]
23:44:27:000 2268 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
23:44:27:000 2268 DetectCureTDL3: IrpHandler (0) addr: F75CEBB0
23:44:27:000 2268 DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (2) addr: F75CEBB0
23:44:27:000 2268 DetectCureTDL3: IrpHandler (3) addr: F75C8D1F
23:44:27:000 2268 DetectCureTDL3: IrpHandler (4) addr: F75C8D1F
23:44:27:000 2268 DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:44:27:000 2268 DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (9) addr: F75C92E2
23:44:27:015 2268 DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (14) addr: F75C93BB
23:44:27:015 2268 DetectCureTDL3: IrpHandler (15) addr: F75CCF28
23:44:27:015 2268 DetectCureTDL3: IrpHandler (16) addr: F75C92E2
23:44:27:015 2268 DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (22) addr: F75CAC82
23:44:27:015 2268 DetectCureTDL3: IrpHandler (23) addr: F75CF99E
23:44:27:015 2268 DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:44:27:015 2268 TDL3_FileDetect: Processing driver: Disk
23:44:27:015 2268 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:27:015 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:27:015 2268 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
23:44:27:015 2268
23:44:27:015 2268 DetectCureTDL3: DEVICE_OBJECT: 865739F0
23:44:27:015 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 865739F0
23:44:27:015 2268 KLMD_ReadMem: Trying to ReadMemory 0x865739F0[0x38]
23:44:27:015 2268 DetectCureTDL3: DRIVER_OBJECT: 865C9A08
23:44:27:015 2268 KLMD_ReadMem: Trying to ReadMemory 0x865C9A08[0xA8]
23:44:27:015 2268 KLMD_ReadMem: Trying to ReadMemory 0xE1518618[0x18]
23:44:27:015 2268 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
23:44:27:015 2268 DetectCureTDL3: IrpHandler (0) addr: F75CEBB0
23:44:27:015 2268 DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (2) addr: F75CEBB0
23:44:27:015 2268 DetectCureTDL3: IrpHandler (3) addr: F75C8D1F
23:44:27:015 2268 DetectCureTDL3: IrpHandler (4) addr: F75C8D1F
23:44:27:015 2268 DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (9) addr: F75C92E2
23:44:27:015 2268 DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (14) addr: F75C93BB
23:44:27:015 2268 DetectCureTDL3: IrpHandler (15) addr: F75CCF28
23:44:27:015 2268 DetectCureTDL3: IrpHandler (16) addr: F75C92E2
23:44:27:015 2268 DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (22) addr: F75CAC82
23:44:27:015 2268 DetectCureTDL3: IrpHandler (23) addr: F75CF99E
23:44:27:015 2268 DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:44:27:015 2268 TDL3_FileDetect: Processing driver: Disk
23:44:27:015 2268 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:27:015 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
23:44:27:015 2268 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
23:44:27:015 2268
23:44:27:015 2268 DetectCureTDL3: DEVICE_OBJECT: 865C8AB8
23:44:27:015 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 865C8AB8
23:44:27:015 2268 DetectCureTDL3: DEVICE_OBJECT: 865899E8
23:44:27:015 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 865899E8
23:44:27:015 2268 DetectCureTDL3: DEVICE_OBJECT: 8658E940
23:44:27:015 2268 KLMD_GetLowerDeviceObject: Trying to get lower device object for 8658E940
23:44:27:015 2268 KLMD_ReadMem: Trying to ReadMemory 0x8658E940[0x38]
23:44:27:015 2268 DetectCureTDL3: DRIVER_OBJECT: 865E2B30
23:44:27:015 2268 KLMD_ReadMem: Trying to ReadMemory 0x865E2B30[0xA8]
23:44:27:015 2268 KLMD_ReadMem: Trying to ReadMemory 0xE10139D0[0x1A]
23:44:27:015 2268 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
23:44:27:015 2268 DetectCureTDL3: IrpHandler (0) addr: F741A6F2
23:44:27:015 2268 DetectCureTDL3: IrpHandler (1) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (2) addr: F741A6F2
23:44:27:015 2268 DetectCureTDL3: IrpHandler (3) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (4) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (5) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (6) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (7) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (8) addr: 804F355A
23:44:27:015 2268 DetectCureTDL3: IrpHandler (9) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (10) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (11) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (12) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (13) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (14) addr: F741A712
23:44:27:031 2268 DetectCureTDL3: IrpHandler (15) addr: F7416852
23:44:27:031 2268 DetectCureTDL3: IrpHandler (16) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (17) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (18) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (19) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (20) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (21) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (22) addr: F741A73C
23:44:27:031 2268 DetectCureTDL3: IrpHandler (23) addr: F7421336
23:44:27:031 2268 DetectCureTDL3: IrpHandler (24) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (25) addr: 804F355A
23:44:27:031 2268 DetectCureTDL3: IrpHandler (26) addr: 804F355A
23:44:27:031 2268 KLMD_ReadMem: Trying to ReadMemory 0xF7417864[0x400]
23:44:27:031 2268 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
23:44:27:031 2268 TDL3_FileDetect: Processing driver: atapi
23:44:27:031 2268 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
23:44:27:031 2268 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
23:44:27:046 2268 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
23:44:27:046 2268 UtilityBootReinit: Reboot required for cure complete..
23:44:27:046 2268 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmdb.sys) returned status 00000000
23:44:27:046 2268 UtilityBootReinit: KLMD drop success
23:44:27:046 2268 KLMD_ApplyPendList: Pending buffer(12A8_37E8, 1032) dropped successfully
23:44:27:046 2268 UtilityBootReinit: Cure on reboot scheduled successfully
23:44:27:046 2268
23:44:27:046 2268 Completed
23:44:27:046 2268
23:44:27:046 2268 Results:
23:44:27:046 2268 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
23:44:27:046 2268 Registry objects infected / cured / cured on reboot: 2 / 0 / 2
23:44:27:062 2268 File objects infected / cured / cured on reboot: 6 / 0 / 6
23:44:27:062 2268
23:44:27:609 2268 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
23:44:27:609 2268 UtilityDeinit: KLMD(ARK) unloaded successfully

flolof
 Posté le 24/01/2010 à 10:27 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

ensuite le rapport de Malwarebytes'

Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3621
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

24/01/2010 00:49:30
mbam-log-2010-01-24 (00-49-30).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 212976
Temps écoulé: 48 minute(s), 50 second(s)

Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 24

Processus mémoire infecté(s):
C:\Documents and Settings\Floriane Garcia\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Unloaded process successfully.
C:\Program Files\Winsudate\gibusr.exe (Adware.Gibmedia) -> Unloaded process successfully.
C:\Program Files\Winsudate\gibsvc.exe (Adware.Gibmedia) -> Unloaded process successfully.
C:\Program Files\SeekService\seekservice.exe (Adware.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\winsvc (Adware.Gibmedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\seekservice (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\H8SRT (Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\softwarehelper (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winusr (Adware.Gibmedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cliconfg64.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malware defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Winsudate (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Floriane Garcia\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibusr.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibsvc.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\SeekService\seekservice.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\SeekService\seekservice149.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Floriane Garcia\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdate.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\SeekService\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibcom.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibidl.dll (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\Program Files\Winsudate\gibupt.exe (Adware.Gibmedia) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP20\A0004979.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP21\A0005074.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP24\A0005184.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP30\A0006374.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP35\A0007065.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP51\A0011380.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP51\A0011381.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP51\A0011384.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{8CC83852-EFCB-49A9-AB72-AF79E80D5FB1}\RP51\A0014454.dll (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\tazebama.dll (Worm.Mabezat) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h8srtkrl32mainweq.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h8srtshsyst.dll (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\H8SRT7e36.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Floriane Garcia\Local Settings\Temp\H8SRTec2b.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

et le rapport de Ad-Report

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_I | UNIQUEMENT XP/VISTA/7 =======
.
Mis à jour par C_XX le 21.01.2010 à 9:13
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 10:31:23, 24/01/2010 | Mode Normal | Option: CLEAN
Exécuté de: C:\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: FLORIANE | Utilisateur actuel: Floriane Garcia
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
Service: *SeekService Service*

C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
C:\Program Files\Ask.com
C:\Program Files\SeekService
C:\DOCUME~1\FLORIA~1\APPLIC~1\EoRezo
C:\DOCUME~1\ALLUSE~1\APPLIC~1\SeekService
C:\Documents and Settings\Floriane Garcia\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\LocalService\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\Mathilde\Local Settings\Application Data\AskToolbar
C:\Documents and Settings\LocalService\Application Data\EoRezo

(!) -- Fichiers temporaires supprimés.

.
HKCU\software\Ask.com
HKCU\software\AskToolbar
HKCU\software\EoRezo
HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
HKLM\software\classes\appid\GenericAskToolbar.DLL
HKLM\Software\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\software\classes\GenericAskToolbar.ToolbarWnd
HKLM\software\classes\GenericAskToolbar.ToolbarWnd.1
HKLM\software\classes\installer\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine
HKLM\software\microsoft\windows\currentversion\uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
HKLM\software\microsoft\windows\currentversion\uninstall\SoftwareUpdate_is1
HKLM\software\SeekService
HKU\.default\software\AskToolbar
HKU\.default\software\EoRezo
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.6 [fr] *
.
Nom du profil: qtai8m8k.default (Floriane Garcia)
.
(FLORIA~1, prefs.js) Browser.startup.homepage, hxxp://www.google.fr/ig?hl=fr
(FLORIA~1, prefs.js) Extensions.enabledItems, {20a82645-c095-46ed-80e3-08825760534b}:1.1,jqs@sun.com:1.0,{86009AEF-9162-4EBC-B698-FF71D7B6B049}:1.0,{0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.1,hashcolouredtabs@bristol.ac.uk:0.4.22,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6,{b41cb5f0-2e52-11de-8c30-0800200c9a66}:2.0.5
.
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\windows\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Enable Browser Extensions: yes
Start Page Redirect Cache_TIMESTAMP: 70d56a296577ca01
Start Page Redirect Cache: hxxp://fr.msn.com/?ocid=iehp
Start Page Redirect Cache AcceptLangs: fr
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Use Custom Search URL: 0 (0x0)
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\windows\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 0 (0x0)
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
5357 Octet(s) - C:\Ad-Report-CLEAN[1].log
.
165 Fichier(s) - C:\DOCUME~1\FLORIA~1\LOCALS~1\Temp
87 Fichier(s) - C:\WINDOWS\Temp
0 Fichier(s) - C:\WINDOWS\Prefetch
.
17 Fichier(s) - C:\Ad-Remover\BACKUP
43 Fichier(s) - C:\Ad-Remover\QUARANTINE
.
Fin à: 10:38:58 | 24/01/2010 - CLEAN[1]
.
============== E.O.F ==============
.



Modifié par flolof le 24/01/2010 10:41
flolof
 Posté le 24/01/2010 à 10:43 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

enfin un nouveau rapport RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Floriane Garcia at 2010-01-24 10:42:18
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 58 GB (68%) free of 85 GB
Total RAM: 1015 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:42:25, on 24/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Floriane Garcia\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\Floriane Garcia.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SA9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Auto EPSON Stylus DX4000 Series sur GARCIA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_SF3.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON Stylus DX4000 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE /FU "C:\WINDOWS\TEMP\E_S192.tmp" /EF "HKCU"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6.3; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; AskTB5.4)" -"http://www.jeux.fr/jeu/Crashed-Ice.html"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)

--
End of file - 7564 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Floriane Garcia.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-05 113512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-26 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-12-04 114688]
"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-12-17 622592]
"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-11-12 98304]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-11-12 114688]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-11-12 94208]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-01-23 416768]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-08-05 647520]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-26 149280]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-02-14 17508864]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-20 57344]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-01-19 2743104]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EPSON Stylus DX4000 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-09-21 139264]
"Auto EPSON Stylus DX4000 Series sur GARCIA"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-09-21 139264]
"EPSON Stylus DX4000 Series (Copie 1)"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBEE.EXE [2006-09-21 139264]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"=C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe [2009-07-31 468408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2008-06-20 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

C:\Documents and Settings\Floriane Garcia\Menu Démarrer\Programmes\Démarrage
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-11-12 155648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ef6124e-ce0d-11de-9aed-0025d317be87}]
shell\AutoRun\command - F:\EmDesk.exe
shell\EmDesk\command - F:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a66b2c4-028e-11df-9b70-0025d317be87}]
shell\AutoRun\command - E:\Toshiba\Launcher\start.exe


======List of files/folders created in the last 1 months======

2010-01-24 10:29:42 ----D---- C:\Ad-Remover
2010-01-23 23:58:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-01-23 23:58:43 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2010-01-23 23:58:26 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\Malwarebytes
2010-01-23 23:44:26 ----A---- C:\TDSSKiller.2.2.2_23.01.2010_23.44.26_log.txt
2010-01-23 23:44:24 ----D---- C:\tdsskiller
2010-01-23 22:38:17 ----D---- C:\Program Files\trend micro
2010-01-23 22:38:16 ----D---- C:\rsit
2010-01-22 21:21:01 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\Auslogics
2010-01-22 21:20:54 ----D---- C:\Program Files\Auslogics
2010-01-22 18:59:01 ----D---- C:\Program Files\Mozilla Firefox
2010-01-22 18:31:55 ----A---- C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll
2010-01-21 22:35:01 ----SHD---- C:\Config.Msi
2010-01-21 21:12:39 ----A---- C:\WINDOWS\system32\tmp.txt
2010-01-21 21:11:11 ----A---- C:\rapport.txt
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\VACFix.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\swxcacls.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\swsc.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\swreg.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\Process.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\o4Patch.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\IEDFix.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\dumphive.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2010-01-21 21:10:47 ----A---- C:\WINDOWS\system32\404Fix.exe
2010-01-21 21:00:18 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-21 17:16:32 ----A---- C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll
2010-01-19 22:27:24 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-01-19 22:27:15 ----D---- C:\Program Files\Alwil Software
2010-01-19 22:27:15 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-01-19 22:09:19 ----D---- C:\WINDOWS\system32\LogFiles
2010-01-19 21:53:33 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
2010-01-14 17:24:26 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 14:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-10 10:23:49 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\bamEnglish.08AE7BFC096D057FBA48C7E4F898C35F7FA11BBA.1
2010-01-10 10:23:41 ----D---- C:\Program Files\ILoveENGLISH
2010-01-10 10:23:36 ----D---- C:\Program Files\Fichiers communs\Adobe AIR
2010-01-09 18:43:57 ----D---- C:\Program Files\TuxGuitar-Jet
2009-12-30 21:57:51 ----D---- C:\Program Files\Full Tilt Poker

======List of files/folders modified in the last 1 months======

2010-01-24 10:39:34 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\LimeWire
2010-01-24 10:36:17 ----D---- C:\WINDOWS\Prefetch
2010-01-24 10:36:16 ----D---- C:\WINDOWS\Temp
2010-01-24 10:33:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-24 10:33:02 ----RD---- C:\Program Files
2010-01-24 10:32:59 ----SD---- C:\WINDOWS\Tasks
2010-01-24 10:32:57 ----SHD---- C:\WINDOWS\Installer
2010-01-24 10:30:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-24 00:50:47 ----D---- C:\WINDOWS\system32\drivers
2010-01-24 00:49:30 ----D---- C:\WINDOWS\system32
2010-01-24 00:49:30 ----D---- C:\Documents and Settings
2010-01-24 00:43:21 ----D---- C:\WINDOWS
2010-01-23 11:12:37 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\vlc
2010-01-22 22:55:31 ----HD---- C:\WINDOWS\inf
2010-01-22 22:55:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-22 22:55:25 ----D---- C:\Program Files\Internet Explorer
2010-01-22 22:55:08 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-22 18:43:52 ----D---- C:\Program Files\Google
2010-01-22 18:43:52 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2010-01-21 21:22:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-01-21 20:03:12 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-19 23:15:36 ----D---- C:\Program Files\Microsoft Silverlight
2010-01-19 22:27:34 ----D---- C:\WINDOWS\WinSxS
2010-01-19 16:49:01 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\Mozilla
2010-01-17 13:26:32 ----SHD---- C:\RECYCLER
2010-01-17 12:41:06 ----A---- C:\WINDOWS\imsins.BAK
2010-01-13 15:20:24 ----D---- C:\WINDOWS\AppPatch
2010-01-10 10:23:47 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-01-10 10:23:36 ----D---- C:\Program Files\Fichiers communs
2010-01-10 10:23:16 ----D---- C:\Documents and Settings\Floriane Garcia\Application Data\Adobe
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2010-01-02 16:05:57 ----RSD---- C:\WINDOWS\Fonts
2009-12-25 18:01:17 ----D---- C:\Program Files\Fichiers communs\Symantec Shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-19 28240]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-19 162640]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-19 46544]
R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-19 19024]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-19 100304]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-09-18 1326528]
R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-08 10752]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-19 23248]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-11-12 1181824]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-02-14 5029376]
R3 Ktp;Elantech Smart-Pad; C:\WINDOWS\system32\DRIVERS\ETD.sys [2009-02-12 93696]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1e51x86.sys [2008-09-23 38400]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S1 SRTSP;SRTSP; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSP.SYS []
S1 SRTSPX;SRTSPX; \??\C:\WINDOWS\system32\drivers\NIS\1000000.07D\SRTSPX.SYS []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-06 1684736]
S3 btaudio;Périphérique audio Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys []
S3 BTDriver;Pilote de communications virtuelles Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys []
S3 BTWDNDIS;Serveur d'accès au réseau local Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys []
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-05 1389056]
S3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS []
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-19 40384]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-26 153376]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-19 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-19 40384]
S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-14 135664]
S2 Norton Internet Security;Norton Internet Security; C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Service Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

nardino
 Posté le 24/01/2010 à 12:12 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonjour.

Je pense que ton pc se comporte déjà un peu mieux.

Tu as oublié le passage de rkill ?

Un petite manip pour peaufiner.

Télécharge OTM de OldTimer :
http://oldtimer.geekstogo.com/OTM.exe

Enregistre-le sur le Bureau.
Double-clique sur OTM.exe pour lancer l'outil.
Note :
Sous Vista, clic droit sur le fichier et Exécuter en tant qu'administrateur.
Copie toutes les lignes ci-dessous en citation par CTRL+C dans le presse-papier.


Go

:files
C:\WINDOWS\tasks\Norton Security Scan for Floriane Garcia.job
C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll
C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll

:commands
[purity]
[emptytemp]



Dans OtMoveIt3, place le curseur dans la la fenêtre "Paste Instructions for item to be Moved" et tu cliques sur CTRL+V pour coller le contenu du presse-papier.
Clique sur le bouton MoveIt!, le rouge.



Ferme l'outil.
Poste le contenu du rapport C:\_OTM\MovedFiles\********_******.log
Les * représentent Mois/Jour/Année_Heure/Minutes/Secondes

Mets à jour Adobe Reader

-Acrobat Reader 9.3 :

Sélectionne ton système et la version appropriée ainsi que la langue souhaitée.
Décoche McAfee Security Scan
Clique sur Télécharger maintenant.
Installe-le
Cette version désinstalle les précédentes.

@+

flolof
 Posté le 24/01/2010 à 12:53 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petite astucienne

Merci beaucoup, mon pc rame beaucoup moins, est beaucoup plus rapide au démarrage et il ne plante plus

voila le rapport :

All processes killed
Error: Unable to interpret <Go> in the current context!
========== FILES ==========
C:\WINDOWS\tasks\Norton Security Scan for Floriane Garcia.job moved successfully.
LoadLibrary failed for C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll
C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll moved successfully.
LoadLibrary failed for C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll
C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrateur
->Temp folder emptied: 11540 bytes
->Temporary Internet Files folder emptied: 71271 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Floriane Garcia
->Temp folder emptied: 5338958 bytes
->Temporary Internet Files folder emptied: 427704 bytes
->Java cache emptied: 42323458 bytes
->FireFox cache emptied: 56864981 bytes
->Google Chrome cache emptied: 180016424 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 4549729 bytes
->Java cache emptied: 13690431 bytes

User: Mathilde
->Temp folder emptied: 4482432 bytes
->Temporary Internet Files folder emptied: 422768349 bytes
->Java cache emptied: 586541 bytes
->FireFox cache emptied: 66696221 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 28858553 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23968452 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 58781 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 811,00 mb


OTM by OldTimer - Version 3.1.6.0 log created on 01242010_124233

Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Page : [1] 
Page 1 sur 1

Vous devez être connecté pour participer à la discussion.
Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !
Recevoir PC Astuces par e-mail


La Lettre quotidienne +226 000 inscrits
Avec l'actu, des logiciels, des applis, des astuces, des bons plans, ...

Les bonnes affaires
Une fois par semaine, un récap des meilleurs offres.

Les fonds d'écran
De jolies photos pour personnaliser votre bureau. Une fois par semaine.

Les nouveaux Bons Plans
Des notifications pour ne pas rater les bons plans publiés sur le site.

Les bons plans du moment PC Astuces

Tous les Bons Plans
79,99 €Casque sans fil Sony WH-CH700N Bluetooth avec réduction de bruit active à 79,99 €
Valable jusqu'au 25 Janvier

Cdiscount fait une belle vente flash sur le casque sans fil Sony WH-CH700N Bluetooth qui passe à 79,99 € livré gratuitement alors qu'on le trouve ailleurs à plus de 120 €. Ce casque sans fil rechargeable (via micro USB) offre jusqu'à 35h d'autonomie. L'AINC (Artificial Intelligence Noise Cancelling) s'adapte à votre environnement, ce qui vous permet d'éliminer les bruits indésirables lors de vos voyages ou si vous êtes avec d'autres personnes dans une même pièce. Une très bonne affaire.


> Voir l'offre
372,66 €Disque dur externe Western Digital Elements Desktop USB 3.0 18 To à 372,66 € livré
Valable jusqu'au 26 Janvier

Amazon Espagne propose actuellement le disque dur externe Western Digital Elements Desktop USB 3.0 18 To à 366,22 € (avec la TVA ajustée). Comptez 6,44 € pour la livraison en France soit un total de 372,66 € livré. On le trouve ailleurs à partir de 460 €. Ce disque dur dispose d'un grande capacité de stockage (18 To) et d'une connectique USB 3.0 qui vous offrira des transferts rapides. Il est compatible USB 2.0. Une très bonne affaire. Notez que le disque dur n'est pas soudé et que vous pouvez le récupérer pour l'utiliser dans un ordinateur ou un NAS (il s'agit d'un disque dur CMR Hélium UltraStar DC HC 550).

Vous pouvez utiliser votre compte Amazon France sur Amazon Espagne et il n'y a pas de douane.


> Voir l'offre
16,99 €Microsoft bluetooth mouse à 16,99 €
Valable jusqu'au 26 Janvier

Amazon fait une promotion sur la souris Microsoft bluetooth mouse qui passe à 16,99 € au lieu de 25 €. La Microsoft Bluetooth Mouse est une souris qui vous suit partout, que ce soit en déplacement, au bureau ou à la maison, elle répond toujours présente. Intégrant un capteur optique de 1000 dpi, elle offre un suivi rapide sur la plupart des surfaces. Sans fil, elle se connecte à votre ordinateur via Bluetooth afin de vous permettre de travailler en toute liberté.


> Voir l'offre

Sujets relatifs
portable HP qui rame
PC portable rame énormément
PC portable rame de nouveau
PC portable qui rame (windows explorer)
mon ordi portable rame
PC PORTABLE INFECTE ET RAME
Vieux pc portable qui rame, infesté ?
portable qui rame+bsod
MON PORTABLE RAME DE + en +
Ordinateur portable rame énormément
Plus de sujets relatifs à mon pc portable bugge et rame
 > Tous les forums > Forum Sécurité