Pc infecté ou pas ??
Dernière réponse : dans Sécurité
Bonsoir en zonant sur le forum j'ai cru comprendre que j'avais un virus ,je me permet de vous poster plusieurs rapports ,à savoir HijackThis,rsit et rooter,merci de votre aide ,parce que la je suis perdue
alors voila les rapports:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-08-30 00:22:19
Microsoft Windows XP Édition familiale Service Pack 1
System drive C: has 50 GB (84%) free of 60 GB
Total RAM: 191 MB (36% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:22:28, on 30/08/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
J:\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [netmon] C:\WINDOWS\system\dllcache.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mset] C:\WINDOWS\system32\mset.exe
O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINDOWS\system32\sysmgr.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: VMwareService - Unknown owner - C:\WINDOWS\system\VMwareService.exe
O23 - Service: Windows Spool Services (WinSpoolSvc) - Unknown owner - C:\WINDOWS\system32\csrsc.exe
--
End of file - 3806 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-09-18 848144]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RestoreIT!"=C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE [2004-02-06 122880]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2004-04-23 3756032]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2004-04-23 46080]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-07-08 86016]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 163840]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 57344]
"netmon"=C:\WINDOWS\system\dllcache.exe [2009-08-14 55808]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"mset"=C:\WINDOWS\system32\mset.exe [2009-08-29 36377]
"Microsoft(R) System Manager"=C:\WINDOWS\system32\sysmgr.exe []
"Windows Network Firewall"=C:\WINDOWS\System32\firewall.exe [2003-08-22 102912]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2003-04-24 20480]
"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2003-04-14 1498032]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dllcache]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsass]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dllcache]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\lsass]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2009-08-30 00:22:19 ----D---- C:\rsit
2009-08-29 23:43:13 ----A---- C:\cleannavi.txt
2009-08-29 23:42:58 ----D---- C:\Program Files\Navilog1
2009-08-29 23:22:43 ----D---- C:\Program Files\SlimBrowser
2009-08-29 23:20:24 ----D---- C:\WINDOWS\pss
2009-08-29 23:19:46 ----A---- C:\WINDOWS\System32\mset.exe
2009-08-29 23:06:32 ----A---- C:\WINDOWS\System32\msvcrt2.dll
2009-08-29 23:03:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-29 23:00:31 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-29 22:56:56 ----D---- C:\Program Files\CCleaner
2009-08-29 22:41:56 ----D---- C:\Program Files\Lavalys
2009-08-29 22:41:31 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-08-29 22:40:57 ----D---- C:\Program Files\Trend Micro
2009-08-29 21:39:20 ----A---- C:\WINDOWS\logfile32.txt
2009-08-29 21:39:19 ----RSH---- C:\WINDOWS\mslsrv32.exe
2009-08-29 21:34:40 ----D---- C:\WINDOWS\System32\bits
2009-08-29 21:34:31 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2009-08-26 16:49:01 ----ASH---- C:\Documents and Settings\Administrateur\Application Data\desktop.ini
2009-08-26 16:49:00 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-08-26 16:49:00 ----D---- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2009-08-26 16:49:00 ----D---- C:\Documents and Settings\Administrateur\Application Data\Identities
2009-08-26 16:49:00 ----D---- C:\Documents and Settings\Administrateur\Application Data\Ahead
2009-08-26 16:49:00 ----D---- C:\Documents and Settings\Administrateur\Application Data\Adobe
2009-08-21 14:31:51 ----D---- C:\WINDOWS\Minidump
2009-08-20 18:06:29 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-08-20 17:34:22 ----D---- C:\WINDOWS\System32\PreInstall
2009-08-20 17:34:18 ----A---- C:\WINDOWS\System32\spupdsvc.exe
2009-08-20 17:34:17 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-08-20 17:34:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-14 23:14:57 ----A---- C:\WINDOWS\System32\x.exe
2009-08-14 22:56:44 ----RSH---- C:\WINDOWS\System32\csrsc.exe
2009-08-14 21:54:13 ----N---- C:\WINDOWS\System32\bitsprx3.dll
2009-08-14 21:54:13 ----N---- C:\WINDOWS\System32\bitsprx2.dll
2009-08-14 21:54:13 ----A---- C:\WINDOWS\System32\winhttp.dll
2009-08-14 21:54:13 ----A---- C:\WINDOWS\System32\qmgrprxy.dll
2009-08-14 21:47:37 ----RSH---- C:\WINDOWS\msdriver32.exe
2009-08-14 21:47:11 ----D---- C:\WINDOWS\System32\SoftwareDistribution
2009-08-14 21:44:50 ----D---- C:\WINDOWS\SoftwareDistribution
2009-08-14 21:44:39 ----A---- C:\WINDOWS\System32\wuweb.dll
2009-08-14 21:44:39 ----A---- C:\WINDOWS\System32\wups.dll
2009-08-14 21:44:39 ----A---- C:\WINDOWS\System32\wucltui.dll
2009-08-14 21:44:39 ----A---- C:\WINDOWS\System32\wuaueng1.dll
2009-08-14 21:44:39 ----A---- C:\WINDOWS\System32\wuauclt1.exe
2009-08-14 21:44:39 ----A---- C:\WINDOWS\System32\wuapi.dll
======List of files/folders modified in the last 1 months======
2009-08-29 23:59:49 ----D---- C:\WINDOWS\Temp
2009-08-29 23:52:13 ----HD---- C:\WINDOWS\inf
2009-08-29 23:52:00 ----D---- C:\WINDOWS\System32\CatRoot
2009-08-29 23:51:57 ----D---- C:\WINDOWS\LastGood
2009-08-29 23:51:56 ----D---- C:\WINDOWS\System32\CatRoot2
2009-08-29 23:51:54 ----D---- C:\WINDOWS
2009-08-29 23:50:31 ----D---- C:\WINDOWS\Debug
2009-08-29 23:46:15 ----D---- C:\WINDOWS\Prefetch
2009-08-29 23:43:51 ----D---- C:\WINDOWS\system32
2009-08-29 23:42:58 ----RD---- C:\Program Files
2009-08-29 22:41:31 ----D---- C:\Program Files\Fichiers communs
2009-08-29 22:07:43 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-29 22:06:16 ----RASH---- C:\boot.ini
2009-08-29 22:05:47 ----SHD---- C:\RECYCLER
2009-08-29 22:05:33 ----D---- C:\WINDOWS\System32\drivers
2009-08-29 21:53:35 ----A---- C:\WINDOWS\ModemLog_Creative Modem Blaster V.92 DI5733-1 #2.txt
2009-08-29 21:38:47 ----D---- C:\WINDOWS\system
2009-08-29 21:35:27 ----HD---- C:\Program Files\Uninstall Information
2009-08-29 21:35:27 ----D---- C:\Program Files\Fichiers communs\System
2009-08-29 21:35:26 ----D---- C:\Program Files\Outlook Express
2009-08-29 21:35:25 ----RSHDC---- C:\WINDOWS\System32\dllcache
2009-08-29 21:34:38 ----D---- C:\Program Files\Maison et Intérieur 3D
2009-08-29 21:33:38 ----SHD---- C:\WINDOWS\Installer
2009-08-29 21:33:04 ----D---- C:\Program Files\Canon
2009-08-26 17:30:34 ----A---- C:\WINDOWS\DUMP427b.tmp
2009-08-26 17:28:30 ----A---- C:\WINDOWS\DUMP422b.tmp
2009-08-26 17:26:26 ----A---- C:\WINDOWS\DUMP4111.tmp
2009-08-26 17:25:05 ----A---- C:\WINDOWS\DUMP424a.tmp
2009-08-26 17:23:43 ----A---- C:\WINDOWS\DUMP43a2.tmp
2009-08-26 17:22:23 ----A---- C:\WINDOWS\DUMP42d6.tmp
2009-08-26 17:20:59 ----A---- C:\WINDOWS\DUMP419c.tmp
2009-08-26 17:19:38 ----A---- C:\WINDOWS\DUMP4170.tmp
2009-08-26 17:18:17 ----A---- C:\WINDOWS\DUMP41dd.tmp
2009-08-26 17:16:57 ----A---- C:\WINDOWS\DUMP42b6.tmp
2009-08-26 17:15:29 ----A---- C:\WINDOWS\DUMP4268.tmp
2009-08-26 17:14:07 ----A---- C:\WINDOWS\DUMP42d5.tmp
2009-08-26 17:12:46 ----A---- C:\WINDOWS\DUMP42f6.tmp
2009-08-26 17:11:25 ----A---- C:\WINDOWS\DUMP43df.tmp
2009-08-26 17:10:01 ----A---- C:\WINDOWS\DUMP43d0.tmp
2009-08-26 17:08:36 ----A---- C:\WINDOWS\DUMP4296.tmp
2009-08-26 17:06:31 ----A---- C:\WINDOWS\DUMP42f5.tmp
2009-08-26 17:04:24 ----A---- C:\WINDOWS\DUMP4323.tmp
2009-08-26 17:02:18 ----A---- C:\WINDOWS\DUMP423c.tmp
2009-08-26 17:00:13 ----A---- C:\WINDOWS\DUMP4249.tmp
2009-08-26 16:58:07 ----A---- C:\WINDOWS\DUMP41dc.tmp
2009-08-26 16:56:03 ----A---- C:\WINDOWS\DUMP416f.tmp
2009-08-26 16:54:02 ----A---- C:\WINDOWS\DUMP4333.tmp
2009-08-26 16:51:46 ----A---- C:\WINDOWS\DUMP4517.tmp
2009-08-26 16:48:59 ----D---- C:\Documents and Settings
2009-08-26 16:45:53 ----A---- C:\WINDOWS\DUMP1bf4.tmp
2009-08-26 16:44:32 ----A---- C:\WINDOWS\DUMP43cf.tmp
2009-08-26 16:43:12 ----A---- C:\WINDOWS\DUMP427a.tmp
2009-08-26 16:41:52 ----A---- C:\WINDOWS\DUMP4362.tmp
2009-08-26 16:40:35 ----A---- C:\WINDOWS\DUMP4279.tmp
2009-08-26 16:39:16 ----A---- C:\WINDOWS\DUMP4287.tmp
2009-08-26 16:37:54 ----A---- C:\WINDOWS\DUMP4278.tmp
2009-08-26 16:36:31 ----A---- C:\WINDOWS\DUMP41ad.tmp
2009-08-26 16:35:12 ----A---- C:\WINDOWS\DUMP41cc.tmp
2009-08-26 16:33:55 ----A---- C:\WINDOWS\DUMP4026.tmp
2009-08-26 16:32:35 ----A---- C:\WINDOWS\DUMP43ee.tmp
2009-08-26 16:31:16 ----A---- C:\WINDOWS\DUMP423b.tmp
2009-08-26 16:29:54 ----A---- C:\WINDOWS\DUMP4160.tmp
2009-08-26 16:28:34 ----A---- C:\WINDOWS\DUMP420b.tmp
2009-08-26 16:27:16 ----A---- C:\WINDOWS\DUMP4372.tmp
2009-08-26 16:25:53 ----A---- C:\WINDOWS\DUMP422a.tmp
2009-08-26 16:24:31 ----A---- C:\WINDOWS\DUMP415f.tmp
2009-08-26 16:23:11 ----A---- C:\WINDOWS\DUMP423a.tmp
2009-08-26 16:21:50 ----A---- C:\WINDOWS\DUMP4141.tmp
2009-08-26 16:20:32 ----A---- C:\WINDOWS\DUMP41fb.tmp
2009-08-26 16:19:13 ----A---- C:\WINDOWS\DUMP4054.tmp
2009-08-26 16:17:52 ----A---- C:\WINDOWS\DUMP4277.tmp
2009-08-26 16:16:32 ----A---- C:\WINDOWS\DUMP3fd7.tmp
2009-08-26 16:15:11 ----A---- C:\WINDOWS\DUMP4314.tmp
2009-08-26 16:13:48 ----A---- C:\WINDOWS\DUMP41bc.tmp
2009-08-26 16:12:27 ----A---- C:\WINDOWS\DUMP4371.tmp
2009-08-26 16:11:06 ----A---- C:\WINDOWS\DUMP43a1.tmp
2009-08-26 16:09:42 ----A---- C:\WINDOWS\DUMP4305.tmp
2009-08-26 16:08:22 ----A---- C:\WINDOWS\DUMP420a.tmp
2009-08-26 16:07:03 ----A---- C:\WINDOWS\DUMP4110.tmp
2009-08-26 16:05:41 ----A---- C:\WINDOWS\DUMP4258.tmp
2009-08-26 16:04:18 ----A---- C:\WINDOWS\DUMP4313.tmp
2009-08-26 16:02:54 ----A---- C:\WINDOWS\DUMP40e3.tmp
2009-08-26 16:01:32 ----A---- C:\WINDOWS\DUMP3f6a.tmp
2009-08-26 16:00:12 ----A---- C:\WINDOWS\DUMP4229.tmp
2009-08-26 15:58:49 ----A---- C:\WINDOWS\DUMP41cb.tmp
2009-08-26 15:57:30 ----A---- C:\WINDOWS\DUMP43a0.tmp
2009-08-26 15:56:12 ----A---- C:\WINDOWS\DUMP415e.tmp
2009-08-26 15:54:51 ----A---- C:\WINDOWS\DUMP4248.tmp
2009-08-26 15:53:28 ----A---- C:\WINDOWS\DUMP4025.tmp
2009-08-26 15:52:07 ----A---- C:\WINDOWS\DUMP4342.tmp
2009-08-26 15:50:47 ----A---- C:\WINDOWS\DUMP4140.tmp
2009-08-26 15:49:26 ----A---- C:\WINDOWS\DUMP3fe7.tmp
2009-08-26 15:48:06 ----A---- C:\WINDOWS\DUMP4352.tmp
2009-08-26 15:46:42 ----A---- C:\WINDOWS\DUMP40e2.tmp
2009-08-26 15:45:21 ----A---- C:\WINDOWS\DUMP4035.tmp
2009-08-26 15:44:00 ----A---- C:\WINDOWS\DUMP41db.tmp
2009-08-26 15:42:38 ----A---- C:\WINDOWS\DUMP40d1.tmp
2009-08-26 15:41:15 ----A---- C:\WINDOWS\DUMP4064.tmp
2009-08-26 15:39:56 ----A---- C:\WINDOWS\DUMP41fa.tmp
2009-08-26 15:38:34 ----A---- C:\WINDOWS\DUMP4304.tmp
2009-08-26 15:37:16 ----A---- C:\WINDOWS\DUMP42f4.tmp
2009-08-26 15:35:58 ----A---- C:\WINDOWS\DUMP44f8.tmp
2009-08-26 15:34:37 ----A---- C:\WINDOWS\DUMP413f.tmp
2009-08-26 15:33:14 ----A---- C:\WINDOWS\DUMP416e.tmp
2009-08-26 15:31:53 ----A---- C:\WINDOWS\DUMP40e1.tmp
2009-08-26 15:30:33 ----A---- C:\WINDOWS\DUMP4239.tmp
2009-08-26 15:29:10 ----A---- C:\WINDOWS\DUMP3fa8.tmp
2009-08-26 15:27:53 ----A---- C:\WINDOWS\DUMP4045.tmp
2009-08-26 15:26:19 ----A---- C:\WINDOWS\DUMP4006.tmp
2009-08-26 15:25:03 ----A---- C:\WINDOWS\DUMP45a4.tmp
2009-08-26 15:23:37 ----A---- C:\WINDOWS\DUMP4016.tmp
2009-08-26 15:21:34 ----A---- C:\WINDOWS\DUMP41ac.tmp
2009-08-14 21:47:33 ----D---- C:\WINDOWS\Help
2009-08-14 21:44:48 ----HD---- C:\Program Files\WindowsUpdate
2009-08-02 15:04:01 ----A---- C:\WINDOWS\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\System32\drivers\AFS2K.sys [2004-08-19 43488]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-07-03 25216]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-07-03 53120]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2003-07-03 16000]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2003-04-24 35328]
S2 FBAPI;FBAPI; \??\C:\WINDOWS\System32\drivers\FBAPI.sys []
S3 AgereSoftModem;Creative Modem Blaster V.92 DI5733; C:\WINDOWS\System32\DRIVERS\AGRSM.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-02-20 815296]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-08-11 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-08-11 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-08-11 21488]
S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2007-02-14 68922]
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-04-23 2167552]
S3 NVENET;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2004-01-29 93764]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-07-03 28160]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2003-04-24 258560]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-04-23 122947]
S2 VMwareService;VMwareService; C:\WINDOWS\system\VMwareService.exe [2009-08-14 1293312]
S2 WinSpoolSvc;Windows Spool Services; C:\WINDOWS\system32\csrsc.exe [2009-08-14 43008]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 40960]
S3 Ip6FwHlp;Pare-feu de connexion Internet IPv6; C:\WINDOWS\System32\svchost.exe [2003-04-24 12800]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-08-11 90112]
S3 PsShutdownSvc;PsShutdown; C:\WINDOWS\System32\PSSDNSVC.EXE [2004-07-08 73728]
-----------------EOF-----------------
Ensuite rsit
info.txt logfile of random's system information tool 1.06 2009-08-30 00:22:30
======Uninstall list======
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
Ahead Nero Burning ROM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Correctif Windows XP - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
DOMOS Version 2.1.36a-->"C:\Program Files\DOMOS2\unins000.exe"
EVEREST Corporate Edition v5.02-->"C:\Program Files\Lavalys\EVEREST Corporate Edition\unins000.exe"
Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
Internet Explorer Q831167-->C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q831167.inf
La Tacheronne-->"C:\Program Files\La Tacheronne\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Micro Application - Bibliothèque Multimédia CE1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A08E0744-520D-4A64-BDEA-068F77339FC0}\setup.exe" -l0x40c -uninst -removeonly
Micro Application - Cahier de vacances Vers le CE2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F29B7368-131E-4FB1-90A7-62D93B616A7B}\Setup.exe" -l0x40c -uninst -removeonly
Micro Application - Cartes de visite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97C50B09-C098-41E9-935D-D287F6262D40}\SETUP.EXE" -l0x40c
Micro Application - En route vers la lecture-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA03AA43-E4A5-45AF-9693-77E9EB7AF91F}\setup.exe" -l0x40c -uninst -removeonly
Micro Application - Tout pour réussir son année de CE1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E0DEAF1-8772-4A35-ACC0-B7659E62DE2D}\Setup.exe" -l0x40c -uninst -removeonly
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Money-->MsiExec.exe /I{01A2E33A-8ADA-42D1-9173-8F65149E952F}
Microsoft Office 2000 CD-ROM 2-->MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
NVIDIA Drivers-->C:\WINDOWS\System32\nvuenet.exe UninstallGUI
Photo et imagerie HP 3.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Recover Pro-->C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\un_vback.exe
Sea Life Park Empire-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0F0484A-FC2D-4F06-91C0-D106B82CE26B}\setup.exe" -l0x40c -uninst
SlimBrowser (remove only)-->"C:\Program Files\SlimBrowser\uninst.exe"
Uninstall Dual Mode Camera-->"C:\Program Files\JL2005D\unins000.exe"
Visionneuse Journal Windows Microsoft-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
=====HijackThis Backups=====
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\mslsrv32.exe [2009-08-29]
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\system\1sass.exe [2009-08-29]
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe [2009-08-29]
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\mslsrv32.exe [2009-08-29]
O4 - HKCU\..\Run: [Tiscali] C:\Kit Tiscali\Jumbo Tiscali.exe [2009-08-29]
======System event log======
Computer Name: PCTEK
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).
Record Number: 425
Source Name: Service Control Manager
Time Written: 20090829231744.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: PCTEK
Event Code: 7036
Message: Le service Connexions réseau est entré dans l'état : en cours d'exécution.
Record Number: 424
Source Name: Service Control Manager
Time Written: 20090829231744.000000+120
Event Type: Informations
User:
Computer Name: PCTEK
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Connexions réseau.
Record Number: 423
Source Name: Service Control Manager
Time Written: 20090829231744.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: PCTEK
Event Code: 7036
Message: Le service Fax est entré dans l'état : arrêté.
Record Number: 422
Source Name: Service Control Manager
Time Written: 20090829231744.000000+120
Event Type: Informations
User:
Computer Name: PCTEK
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.
Record Number: 421
Source Name: Service Control Manager
Time Written: 20090829231744.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: PCTEK
Event Code: 1000
Message: Application défaillante explorer.exe, version 6.0.2800.1257, module défaillant , version 0.0.0.0, adresse de défaillance 0x00000000.
Record Number: 174
Source Name: Application Error
Time Written: 20090815220142.000000+120
Event Type: erreur
User:
Computer Name: PCTEK
Event Code: 1000
Message: Application défaillante msdriver32.exe, version 0.0.0.0, module défaillant msdriver32.exe, version 0.0.0.0, adresse de défaillance 0x0001442a.
Record Number: 173
Source Name: Application Error
Time Written: 20090815220136.000000+120
Event Type: erreur
User:
Computer Name: PCTEK
Event Code: 4097
Message: L'application, C:\WINDOWS\Explorer.EXE, a généré une erreur d'application
L'erreur s'est produite le 08/15/2009 à 11:18:41.125
L'exception générée était c0000005 à l'adresse 00000000 (<nosymbols>)
Record Number: 172
Source Name: DrWatson
Time Written: 20090815111841.000000+120
Event Type: Informations
User:
Computer Name: PCTEK
Event Code: 1000
Message: Application défaillante explorer.exe, version 6.0.2800.1257, module défaillant , version 0.0.0.0, adresse de défaillance 0x00000000.
Record Number: 171
Source Name: Application Error
Time Written: 20090815111840.000000+120
Event Type: erreur
User:
Computer Name: PCTEK
Event Code: 4097
Message: L'application, C:\WINDOWS\Explorer.EXE, a généré une erreur d'application
L'erreur s'est produite le 08/15/2009 à 10:59:48.203
L'exception générée était c0000005 à l'adresse 00000000 (<nosymbols>)
Record Number: 170
Source Name: DrWatson
Time Written: 20090815105948.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAFEBOOT_OPTION"=MINIMAL
-----------------EOF-----------------
et enfin rooter:
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 1
[32_bits] - x86 Family 6 Model 8 Stepping 1, AuthenticAMD
.
Error OpenService (wscsvc) : 1060
[SharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !
.
Internet Explorer 6.0.2800.1106
.
C:\ [Fixed-NTFS] .. ( Total:58 Go - Free:49 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Removable]
.
Scan : 00:24.53
Path : J:\Rooter.exe
User : Administrateur ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (128)
______ \??\C:\WINDOWS\system32\csrss.exe (176)
______ \??\C:\WINDOWS\system32\winlogon.exe (200)
______ C:\WINDOWS\system32\services.exe (244)
______ C:\WINDOWS\system32\lsass.exe (256)
______ C:\WINDOWS\system32\svchost.exe (420)
______ C:\WINDOWS\system32\svchost.exe (444)
______ C:\WINDOWS\Explorer.EXE (680)
______ C:\WINDOWS\system32\NOTEPAD.EXE (1536)
______ J:\Rooter.exe (1588)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:63063189504)
\Device\Harddisk0\Partition2 (Start_Offset:63063221760 | Length:6999713280)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 00:24.53
.
C:\Rooter$\Rooter_2.txt - (30/08/2009 | 00:24.53)
Merci a tous et toutes
alors voila les rapports:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-08-30 00:22:19
Microsoft Windows XP Édition familiale Service Pack 1
System drive C: has 50 GB (84%) free of 60 GB
Total RAM: 191 MB (36% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:22:28, on 30/08/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
J:\RSIT.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Administrateur.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [netmon] C:\WINDOWS\system\dllcache.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [mset] C:\WINDOWS\system32\mset.exe
O4 - HKLM\..\Run: [Microsoft(R) System Manager] C:\WINDOWS\system32\sysmgr.exe
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: PsShutdown (PsShutdownSvc) - Systems Internals - C:\WINDOWS\System32\PSSDNSVC.EXE
O23 - Service: VMwareService - Unknown owner - C:\WINDOWS\system\VMwareService.exe
O23 - Service: Windows Spool Services (WinSpoolSvc) - Unknown owner - C:\WINDOWS\system32\csrsc.exe
--
End of file - 3806 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}]
C:\Program Files\Microsoft Money\System\mnyside.dll [2002-07-17 163906]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Radio - C:\WINDOWS\System32\msdxm.ocx [2003-09-18 848144]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RestoreIT!"=C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE [2004-02-06 122880]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2004-04-23 3756032]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2004-04-23 46080]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2004-07-08 86016]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 163840]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd.exe [2003-06-25 57344]
"netmon"=C:\WINDOWS\system\dllcache.exe [2009-08-14 55808]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"mset"=C:\WINDOWS\system32\mset.exe [2009-08-29 36377]
"Microsoft(R) System Manager"=C:\WINDOWS\system32\sysmgr.exe []
"Windows Network Firewall"=C:\WINDOWS\System32\firewall.exe [2003-08-22 102912]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2003-04-24 20480]
"MSMSGS"=C:\Program Files\Messenger\MSMSGS.EXE [2003-04-14 1498032]
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Adobe Gamma Loader.exe.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dllcache]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsass]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dllcache]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\lsass]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======List of files/folders created in the last 1 months======
2009-08-30 00:22:19 ----D---- C:\rsit
2009-08-29 23:43:13 ----A---- C:\cleannavi.txt
2009-08-29 23:42:58 ----D---- C:\Program Files\Navilog1
2009-08-29 23:22:43 ----D---- C:\Program Files\SlimBrowser
2009-08-29 23:20:24 ----D---- C:\WINDOWS\pss
2009-08-29 23:19:46 ----A---- C:\WINDOWS\System32\mset.exe
2009-08-29 23:06:32 ----A---- C:\WINDOWS\System32\msvcrt2.dll
2009-08-29 23:03:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-29 23:00:31 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-29 22:56:56 ----D---- C:\Program Files\CCleaner
2009-08-29 22:41:56 ----D---- C:\Program Files\Lavalys
2009-08-29 22:41:31 ----D---- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-08-29 22:40:57 ----D---- C:\Program Files\Trend Micro
2009-08-29 21:39:20 ----A---- C:\WINDOWS\logfile32.txt
2009-08-29 21:39:19 ----RSH---- C:\WINDOWS\mslsrv32.exe
2009-08-29 21:34:40 ----D---- C:\WINDOWS\System32\bits
2009-08-29 21:34:31 ----HDC---- C:\WINDOWS\$NtUninstallKB842773$
2009-08-26 16:49:01 ----ASH---- C:\Documents and Settings\Administrateur\Application Data\desktop.ini
2009-08-26 16:49:00 ----SD---- C:\Documents and Settings\Administrateur\Application Data\Microsoft
2009-08-26 16:49:00 ----D---- C:\Documents and Settings\Administrateur\Application Data\InterTrust
2009-08-26 16:49:00 ----D---- C:\Documents and Settings\Administrateur\Application Data\Identities
2009-08-26 16:49:00 ----D---- C:\Documents and Settings\Administrateur\Application Data\Ahead
2009-08-26 16:49:00 ----D---- C:\Documents and Settings\Administrateur\Application Data\Adobe
2009-08-21 14:31:51 ----D---- C:\WINDOWS\Minidump
2009-08-20 18:06:29 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-08-20 17:34:22 ----D---- C:\WINDOWS\System32\PreInstall
2009-08-20 17:34:18 ----A---- C:\WINDOWS\System32\spupdsvc.exe
2009-08-20 17:34:17 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-08-20 17:34:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-14 23:14:57 ----A---- C:\WINDOWS\System32\x.exe
2009-08-14 22:56:44 ----RSH---- C:\WINDOWS\System32\csrsc.exe
2009-08-14 21:54:13 ----N---- C:\WINDOWS\System32\bitsprx3.dll
2009-08-14 21:54:13 ----N---- C:\WINDOWS\System32\bitsprx2.dll
2009-08-14 21:54:13 ----A---- C:\WINDOWS\System32\winhttp.dll
2009-08-14 21:54:13 ----A---- C:\WINDOWS\System32\qmgrprxy.dll
2009-08-14 21:47:37 ----RSH---- C:\WINDOWS\msdriver32.exe
2009-08-14 21:47:11 ----D---- C:\WINDOWS\System32\SoftwareDistribution
2009-08-14 21:44:50 ----D---- C:\WINDOWS\SoftwareDistribution
2009-08-14 21:44:39 ----A---- C:\WINDOWS\System32\wuweb.dll
2009-08-14 21:44:39 ----A---- C:\WINDOWS\System32\wups.dll
2009-08-14 21:44:39 ----A---- C:\WINDOWS\System32\wucltui.dll
2009-08-14 21:44:39 ----A---- C:\WINDOWS\System32\wuaueng1.dll
2009-08-14 21:44:39 ----A---- C:\WINDOWS\System32\wuauclt1.exe
2009-08-14 21:44:39 ----A---- C:\WINDOWS\System32\wuapi.dll
======List of files/folders modified in the last 1 months======
2009-08-29 23:59:49 ----D---- C:\WINDOWS\Temp
2009-08-29 23:52:13 ----HD---- C:\WINDOWS\inf
2009-08-29 23:52:00 ----D---- C:\WINDOWS\System32\CatRoot
2009-08-29 23:51:57 ----D---- C:\WINDOWS\LastGood
2009-08-29 23:51:56 ----D---- C:\WINDOWS\System32\CatRoot2
2009-08-29 23:51:54 ----D---- C:\WINDOWS
2009-08-29 23:50:31 ----D---- C:\WINDOWS\Debug
2009-08-29 23:46:15 ----D---- C:\WINDOWS\Prefetch
2009-08-29 23:43:51 ----D---- C:\WINDOWS\system32
2009-08-29 23:42:58 ----RD---- C:\Program Files
2009-08-29 22:41:31 ----D---- C:\Program Files\Fichiers communs
2009-08-29 22:07:43 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-29 22:06:16 ----RASH---- C:\boot.ini
2009-08-29 22:05:47 ----SHD---- C:\RECYCLER
2009-08-29 22:05:33 ----D---- C:\WINDOWS\System32\drivers
2009-08-29 21:53:35 ----A---- C:\WINDOWS\ModemLog_Creative Modem Blaster V.92 DI5733-1 #2.txt
2009-08-29 21:38:47 ----D---- C:\WINDOWS\system
2009-08-29 21:35:27 ----HD---- C:\Program Files\Uninstall Information
2009-08-29 21:35:27 ----D---- C:\Program Files\Fichiers communs\System
2009-08-29 21:35:26 ----D---- C:\Program Files\Outlook Express
2009-08-29 21:35:25 ----RSHDC---- C:\WINDOWS\System32\dllcache
2009-08-29 21:34:38 ----D---- C:\Program Files\Maison et Intérieur 3D
2009-08-29 21:33:38 ----SHD---- C:\WINDOWS\Installer
2009-08-29 21:33:04 ----D---- C:\Program Files\Canon
2009-08-26 17:30:34 ----A---- C:\WINDOWS\DUMP427b.tmp
2009-08-26 17:28:30 ----A---- C:\WINDOWS\DUMP422b.tmp
2009-08-26 17:26:26 ----A---- C:\WINDOWS\DUMP4111.tmp
2009-08-26 17:25:05 ----A---- C:\WINDOWS\DUMP424a.tmp
2009-08-26 17:23:43 ----A---- C:\WINDOWS\DUMP43a2.tmp
2009-08-26 17:22:23 ----A---- C:\WINDOWS\DUMP42d6.tmp
2009-08-26 17:20:59 ----A---- C:\WINDOWS\DUMP419c.tmp
2009-08-26 17:19:38 ----A---- C:\WINDOWS\DUMP4170.tmp
2009-08-26 17:18:17 ----A---- C:\WINDOWS\DUMP41dd.tmp
2009-08-26 17:16:57 ----A---- C:\WINDOWS\DUMP42b6.tmp
2009-08-26 17:15:29 ----A---- C:\WINDOWS\DUMP4268.tmp
2009-08-26 17:14:07 ----A---- C:\WINDOWS\DUMP42d5.tmp
2009-08-26 17:12:46 ----A---- C:\WINDOWS\DUMP42f6.tmp
2009-08-26 17:11:25 ----A---- C:\WINDOWS\DUMP43df.tmp
2009-08-26 17:10:01 ----A---- C:\WINDOWS\DUMP43d0.tmp
2009-08-26 17:08:36 ----A---- C:\WINDOWS\DUMP4296.tmp
2009-08-26 17:06:31 ----A---- C:\WINDOWS\DUMP42f5.tmp
2009-08-26 17:04:24 ----A---- C:\WINDOWS\DUMP4323.tmp
2009-08-26 17:02:18 ----A---- C:\WINDOWS\DUMP423c.tmp
2009-08-26 17:00:13 ----A---- C:\WINDOWS\DUMP4249.tmp
2009-08-26 16:58:07 ----A---- C:\WINDOWS\DUMP41dc.tmp
2009-08-26 16:56:03 ----A---- C:\WINDOWS\DUMP416f.tmp
2009-08-26 16:54:02 ----A---- C:\WINDOWS\DUMP4333.tmp
2009-08-26 16:51:46 ----A---- C:\WINDOWS\DUMP4517.tmp
2009-08-26 16:48:59 ----D---- C:\Documents and Settings
2009-08-26 16:45:53 ----A---- C:\WINDOWS\DUMP1bf4.tmp
2009-08-26 16:44:32 ----A---- C:\WINDOWS\DUMP43cf.tmp
2009-08-26 16:43:12 ----A---- C:\WINDOWS\DUMP427a.tmp
2009-08-26 16:41:52 ----A---- C:\WINDOWS\DUMP4362.tmp
2009-08-26 16:40:35 ----A---- C:\WINDOWS\DUMP4279.tmp
2009-08-26 16:39:16 ----A---- C:\WINDOWS\DUMP4287.tmp
2009-08-26 16:37:54 ----A---- C:\WINDOWS\DUMP4278.tmp
2009-08-26 16:36:31 ----A---- C:\WINDOWS\DUMP41ad.tmp
2009-08-26 16:35:12 ----A---- C:\WINDOWS\DUMP41cc.tmp
2009-08-26 16:33:55 ----A---- C:\WINDOWS\DUMP4026.tmp
2009-08-26 16:32:35 ----A---- C:\WINDOWS\DUMP43ee.tmp
2009-08-26 16:31:16 ----A---- C:\WINDOWS\DUMP423b.tmp
2009-08-26 16:29:54 ----A---- C:\WINDOWS\DUMP4160.tmp
2009-08-26 16:28:34 ----A---- C:\WINDOWS\DUMP420b.tmp
2009-08-26 16:27:16 ----A---- C:\WINDOWS\DUMP4372.tmp
2009-08-26 16:25:53 ----A---- C:\WINDOWS\DUMP422a.tmp
2009-08-26 16:24:31 ----A---- C:\WINDOWS\DUMP415f.tmp
2009-08-26 16:23:11 ----A---- C:\WINDOWS\DUMP423a.tmp
2009-08-26 16:21:50 ----A---- C:\WINDOWS\DUMP4141.tmp
2009-08-26 16:20:32 ----A---- C:\WINDOWS\DUMP41fb.tmp
2009-08-26 16:19:13 ----A---- C:\WINDOWS\DUMP4054.tmp
2009-08-26 16:17:52 ----A---- C:\WINDOWS\DUMP4277.tmp
2009-08-26 16:16:32 ----A---- C:\WINDOWS\DUMP3fd7.tmp
2009-08-26 16:15:11 ----A---- C:\WINDOWS\DUMP4314.tmp
2009-08-26 16:13:48 ----A---- C:\WINDOWS\DUMP41bc.tmp
2009-08-26 16:12:27 ----A---- C:\WINDOWS\DUMP4371.tmp
2009-08-26 16:11:06 ----A---- C:\WINDOWS\DUMP43a1.tmp
2009-08-26 16:09:42 ----A---- C:\WINDOWS\DUMP4305.tmp
2009-08-26 16:08:22 ----A---- C:\WINDOWS\DUMP420a.tmp
2009-08-26 16:07:03 ----A---- C:\WINDOWS\DUMP4110.tmp
2009-08-26 16:05:41 ----A---- C:\WINDOWS\DUMP4258.tmp
2009-08-26 16:04:18 ----A---- C:\WINDOWS\DUMP4313.tmp
2009-08-26 16:02:54 ----A---- C:\WINDOWS\DUMP40e3.tmp
2009-08-26 16:01:32 ----A---- C:\WINDOWS\DUMP3f6a.tmp
2009-08-26 16:00:12 ----A---- C:\WINDOWS\DUMP4229.tmp
2009-08-26 15:58:49 ----A---- C:\WINDOWS\DUMP41cb.tmp
2009-08-26 15:57:30 ----A---- C:\WINDOWS\DUMP43a0.tmp
2009-08-26 15:56:12 ----A---- C:\WINDOWS\DUMP415e.tmp
2009-08-26 15:54:51 ----A---- C:\WINDOWS\DUMP4248.tmp
2009-08-26 15:53:28 ----A---- C:\WINDOWS\DUMP4025.tmp
2009-08-26 15:52:07 ----A---- C:\WINDOWS\DUMP4342.tmp
2009-08-26 15:50:47 ----A---- C:\WINDOWS\DUMP4140.tmp
2009-08-26 15:49:26 ----A---- C:\WINDOWS\DUMP3fe7.tmp
2009-08-26 15:48:06 ----A---- C:\WINDOWS\DUMP4352.tmp
2009-08-26 15:46:42 ----A---- C:\WINDOWS\DUMP40e2.tmp
2009-08-26 15:45:21 ----A---- C:\WINDOWS\DUMP4035.tmp
2009-08-26 15:44:00 ----A---- C:\WINDOWS\DUMP41db.tmp
2009-08-26 15:42:38 ----A---- C:\WINDOWS\DUMP40d1.tmp
2009-08-26 15:41:15 ----A---- C:\WINDOWS\DUMP4064.tmp
2009-08-26 15:39:56 ----A---- C:\WINDOWS\DUMP41fa.tmp
2009-08-26 15:38:34 ----A---- C:\WINDOWS\DUMP4304.tmp
2009-08-26 15:37:16 ----A---- C:\WINDOWS\DUMP42f4.tmp
2009-08-26 15:35:58 ----A---- C:\WINDOWS\DUMP44f8.tmp
2009-08-26 15:34:37 ----A---- C:\WINDOWS\DUMP413f.tmp
2009-08-26 15:33:14 ----A---- C:\WINDOWS\DUMP416e.tmp
2009-08-26 15:31:53 ----A---- C:\WINDOWS\DUMP40e1.tmp
2009-08-26 15:30:33 ----A---- C:\WINDOWS\DUMP4239.tmp
2009-08-26 15:29:10 ----A---- C:\WINDOWS\DUMP3fa8.tmp
2009-08-26 15:27:53 ----A---- C:\WINDOWS\DUMP4045.tmp
2009-08-26 15:26:19 ----A---- C:\WINDOWS\DUMP4006.tmp
2009-08-26 15:25:03 ----A---- C:\WINDOWS\DUMP45a4.tmp
2009-08-26 15:23:37 ----A---- C:\WINDOWS\DUMP4016.tmp
2009-08-26 15:21:34 ----A---- C:\WINDOWS\DUMP41ac.tmp
2009-08-14 21:47:33 ----D---- C:\WINDOWS\Help
2009-08-14 21:44:48 ----HD---- C:\Program Files\WindowsUpdate
2009-08-02 15:04:01 ----A---- C:\WINDOWS\win.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AFS2K;AFS2k; C:\WINDOWS\System32\drivers\AFS2K.sys [2004-08-19 43488]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2003-07-03 25216]
R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2003-07-03 53120]
R3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2003-07-03 16000]
R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]
S1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2003-04-24 35328]
S2 FBAPI;FBAPI; \??\C:\WINDOWS\System32\drivers\FBAPI.sys []
S3 AgereSoftModem;Creative Modem Blaster V.92 DI5733; C:\WINDOWS\System32\DRIVERS\AGRSM.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2004-02-20 815296]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [2003-08-11 51056]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [2003-08-11 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [2003-08-11 21488]
S3 JL2005C;Dual Mode Camera; C:\WINDOWS\System32\Drivers\jl2005c.sys [2007-02-14 68922]
S3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-04-23 2167552]
S3 NVENET;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\System32\DRIVERS\NVENET.sys [2004-01-29 93764]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2003-07-03 28160]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S4 IntelIde;IntelIde; C:\WINDOWS\System32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2003-04-24 258560]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2004-04-23 122947]
S2 VMwareService;VMwareService; C:\WINDOWS\system\VMwareService.exe [2009-08-14 1293312]
S2 WinSpoolSvc;Windows Spool Services; C:\WINDOWS\system32\csrsc.exe [2009-08-14 43008]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 40960]
S3 Ip6FwHlp;Pare-feu de connexion Internet IPv6; C:\WINDOWS\System32\svchost.exe [2003-04-24 12800]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.exe [2003-08-11 90112]
S3 PsShutdownSvc;PsShutdown; C:\WINDOWS\System32\PSSDNSVC.EXE [2004-07-08 73728]
-----------------EOF-----------------
Ensuite rsit
info.txt logfile of random's system information tool 1.06 2009-08-30 00:22:30
======Uninstall list======
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat 5.0-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Fichiers communs\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player ActiveX-->C:\WINDOWS\System32\Macromed\Flash\uninstall_activeX.exe
Adobe Photoshop Elements-->C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Adobe\Photoshop Elements\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop Elements\Uninst.dll"
Ahead Nero Burning ROM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
C-Media WDM Audio Driver-->C:\WINDOWS\system32\cmirmdrv.exe
Correctif Windows XP - KB842773-->C:\WINDOWS\$NtUninstallKB842773$\spuninst\spuninst.exe
DOMOS Version 2.1.36a-->"C:\Program Files\DOMOS2\unins000.exe"
EVEREST Corporate Edition v5.02-->"C:\Program Files\Lavalys\EVEREST Corporate Edition\unins000.exe"
Extension HighMAT pour l'Assistant Graver un CD de Microsoft Windows XP-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
HP PSC & OfficeJet 3.0-->"C:\Program Files\HP\Digital Imaging\{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update-->MsiExec.exe /X{CC0A24CB-87C9-4F1C-A1F2-F87D8D4DDCAF}
Internet Explorer Q831167-->C:\WINDOWS\ieuninst.exe C:\WINDOWS\INF\Q831167.inf
La Tacheronne-->"C:\Program Files\La Tacheronne\unins000.exe"
Memories Disc Creator 2.0-->MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Micro Application - Bibliothèque Multimédia CE1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A08E0744-520D-4A64-BDEA-068F77339FC0}\setup.exe" -l0x40c -uninst -removeonly
Micro Application - Cahier de vacances Vers le CE2-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F29B7368-131E-4FB1-90A7-62D93B616A7B}\Setup.exe" -l0x40c -uninst -removeonly
Micro Application - Cartes de visite-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97C50B09-C098-41E9-935D-D287F6262D40}\SETUP.EXE" -l0x40c
Micro Application - En route vers la lecture-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA03AA43-E4A5-45AF-9693-77E9EB7AF91F}\setup.exe" -l0x40c -uninst -removeonly
Micro Application - Tout pour réussir son année de CE1-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6E0DEAF1-8772-4A35-ACC0-B7659E62DE2D}\Setup.exe" -l0x40c -uninst -removeonly
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Money-->MsiExec.exe /I{01A2E33A-8ADA-42D1-9173-8F65149E952F}
Microsoft Office 2000 CD-ROM 2-->MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Professional-->MsiExec.exe /I{0001040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF040C-6000-11D3-8CFE-0150048383C9}
Microsoft Works 7.0-->MsiExec.exe /I{64D114CE-4234-45C2-B60A-2B07D5A48F72}
Mise à jour pour Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
NVIDIA Drivers-->C:\WINDOWS\System32\nvuenet.exe UninstallGUI
Photo et imagerie HP 3.1-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
Recover Pro-->C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\un_vback.exe
Sea Life Park Empire-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0F0484A-FC2D-4F06-91C0-D106B82CE26B}\setup.exe" -l0x40c -uninst
SlimBrowser (remove only)-->"C:\Program Files\SlimBrowser\uninst.exe"
Uninstall Dual Mode Camera-->"C:\Program Files\JL2005D\unins000.exe"
Visionneuse Journal Windows Microsoft-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
=====HijackThis Backups=====
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\mslsrv32.exe [2009-08-29]
O4 - HKLM\..\Run: [lsass] C:\WINDOWS\system\1sass.exe [2009-08-29]
O4 - HKLM\..\Run: [Windows Network Firewall] C:\WINDOWS\System32\firewall.exe [2009-08-29]
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\mslsrv32.exe [2009-08-29]
O4 - HKCU\..\Run: [Tiscali] C:\Kit Tiscali\Jumbo Tiscali.exe [2009-08-29]
======System event log======
Computer Name: PCTEK
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service NLA (Network Location Awareness).
Record Number: 425
Source Name: Service Control Manager
Time Written: 20090829231744.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: PCTEK
Event Code: 7036
Message: Le service Connexions réseau est entré dans l'état : en cours d'exécution.
Record Number: 424
Source Name: Service Control Manager
Time Written: 20090829231744.000000+120
Event Type: Informations
User:
Computer Name: PCTEK
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Connexions réseau.
Record Number: 423
Source Name: Service Control Manager
Time Written: 20090829231744.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM
Computer Name: PCTEK
Event Code: 7036
Message: Le service Fax est entré dans l'état : arrêté.
Record Number: 422
Source Name: Service Control Manager
Time Written: 20090829231744.000000+120
Event Type: Informations
User:
Computer Name: PCTEK
Event Code: 7036
Message: Le service Service COM de gravage de CD IMAPI est entré dans l'état : en cours d'exécution.
Record Number: 421
Source Name: Service Control Manager
Time Written: 20090829231744.000000+120
Event Type: Informations
User:
=====Application event log=====
Computer Name: PCTEK
Event Code: 1000
Message: Application défaillante explorer.exe, version 6.0.2800.1257, module défaillant , version 0.0.0.0, adresse de défaillance 0x00000000.
Record Number: 174
Source Name: Application Error
Time Written: 20090815220142.000000+120
Event Type: erreur
User:
Computer Name: PCTEK
Event Code: 1000
Message: Application défaillante msdriver32.exe, version 0.0.0.0, module défaillant msdriver32.exe, version 0.0.0.0, adresse de défaillance 0x0001442a.
Record Number: 173
Source Name: Application Error
Time Written: 20090815220136.000000+120
Event Type: erreur
User:
Computer Name: PCTEK
Event Code: 4097
Message: L'application, C:\WINDOWS\Explorer.EXE, a généré une erreur d'application
L'erreur s'est produite le 08/15/2009 à 11:18:41.125
L'exception générée était c0000005 à l'adresse 00000000 (<nosymbols>)
Record Number: 172
Source Name: DrWatson
Time Written: 20090815111841.000000+120
Event Type: Informations
User:
Computer Name: PCTEK
Event Code: 1000
Message: Application défaillante explorer.exe, version 6.0.2800.1257, module défaillant , version 0.0.0.0, adresse de défaillance 0x00000000.
Record Number: 171
Source Name: Application Error
Time Written: 20090815111840.000000+120
Event Type: erreur
User:
Computer Name: PCTEK
Event Code: 4097
Message: L'application, C:\WINDOWS\Explorer.EXE, a généré une erreur d'application
L'erreur s'est produite le 08/15/2009 à 10:59:48.203
L'exception générée était c0000005 à l'adresse 00000000 (<nosymbols>)
Record Number: 170
Source Name: DrWatson
Time Written: 20090815105948.000000+120
Event Type: Informations
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0801
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SAFEBOOT_OPTION"=MINIMAL
-----------------EOF-----------------
et enfin rooter:
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 1
[32_bits] - x86 Family 6 Model 8 Stepping 1, AuthenticAMD
.
Error OpenService (wscsvc) : 1060
[SharedAccess] STOPPED (state:1) : Windows Firewall -> Disabled !
.
Internet Explorer 6.0.2800.1106
.
C:\ [Fixed-NTFS] .. ( Total:58 Go - Free:49 Go )
D:\ [CD_Rom]
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Removable]
.
Scan : 00:24.53
Path : J:\Rooter.exe
User : Administrateur ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (128)
______ \??\C:\WINDOWS\system32\csrss.exe (176)
______ \??\C:\WINDOWS\system32\winlogon.exe (200)
______ C:\WINDOWS\system32\services.exe (244)
______ C:\WINDOWS\system32\lsass.exe (256)
______ C:\WINDOWS\system32\svchost.exe (420)
______ C:\WINDOWS\system32\svchost.exe (444)
______ C:\WINDOWS\Explorer.EXE (680)
______ C:\WINDOWS\system32\NOTEPAD.EXE (1536)
______ J:\Rooter.exe (1588)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:63063189504)
\Device\Harddisk0\Partition2 (Start_Offset:63063221760 | Length:6999713280)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 00:24.53
.
C:\Rooter$\Rooter_2.txt - (30/08/2009 | 00:24.53)
Merci a tous et toutes
Autres pages sur : infecte
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge OTM (OldTimer) sur ton Bureau.
Double-clique sur OTM.exe afin de le lancer.
Copie (Ctrl+C) le texte suivant ci-dessous :
Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
Clique maintenant sur le bouton MoveIt! puis ferme OTM.
---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log
:processes
explorer.exe
:services
WinSpoolSvc
:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dllcache]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsass]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dllcache]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\lsass]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"netmon"=-
"mset"=-
"Microsoft System Manager"=-
"Windows Network Firewall"=-
:files
C:\WINDOWS\system32\csrsc.exe
C:\WINDOWS\msdriver32.exe
C:\WINDOWS\System32\x.exe
C:\WINDOWS\mslsrv32.exe
C:\WINDOWS\logfile32.txt
C:\WINDOWS\System32\msvcrt2.dll
C:\WINDOWS\System32\mset.exe
C:\WINDOWS\system\dllcache.exe
C:\WINDOWS\System32\firewall.exe
:commands
[purity]
[emptytemp]
[reboot]
explorer.exe
:services
WinSpoolSvc
:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dllcache]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsass]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dllcache]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\lsass]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"netmon"=-
"mset"=-
"Microsoft System Manager"=-
"Windows Network Firewall"=-
:files
C:\WINDOWS\system32\csrsc.exe
C:\WINDOWS\msdriver32.exe
C:\WINDOWS\System32\x.exe
C:\WINDOWS\mslsrv32.exe
C:\WINDOWS\logfile32.txt
C:\WINDOWS\System32\msvcrt2.dll
C:\WINDOWS\System32\mset.exe
C:\WINDOWS\system\dllcache.exe
C:\WINDOWS\System32\firewall.exe
:commands
[purity]
[emptytemp]
[reboot]
---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Le nom du rapport correspond au moment de sa création : date_heure.log
Salut ! Voici le log ,malheureusment ,je ne pense pas que cela soit réglé ,par moment il n'y a meme plus de barre de taches ni rien ,juste image de fond ,de plus les messages d'erreurs continuent ,je précise que je jongle sur le pc infecté et le meiux qui heureusement marche
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Service\Driver WinSpoolSvc deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dllcache\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsass\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dllcache\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\lsass\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\netmon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mset deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft System Manager not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Network Firewall deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\csrsc.exe moved successfully.
C:\WINDOWS\msdriver32.exe moved successfully.
C:\WINDOWS\System32\x.exe moved successfully.
C:\WINDOWS\mslsrv32.exe moved successfully.
C:\WINDOWS\logfile32.txt moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\msvcrt2.dll
C:\WINDOWS\System32\msvcrt2.dll NOT unregistered.
C:\WINDOWS\System32\msvcrt2.dll moved successfully.
C:\WINDOWS\System32\mset.exe moved successfully.
C:\WINDOWS\system\dllcache.exe moved successfully.
C:\WINDOWS\System32\firewall.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 35328147 bytes
->Temporary Internet Files folder emptied: 46030 bytes
User: All Users
User: BELLES Guy
->Temp folder emptied: 135782929 bytes
File delete failed. C:\Documents and Settings\BELLES Guy\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 17656285 bytes
User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\LastGood.Tmp\System32\Macromed\Flash folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\System32\Macromed folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\System32 folder deleted successfully.
C:\WINDOWS\LastGood.Tmp folder deleted successfully.
%systemroot% .tmp files removed: 7902856 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 627507337 bytes
Total Files Cleaned = 786,12 mb
OTM by OldTimer - Version 3.0.0.6 log created on 08302009_011033
Files moved on Reboot...
Registry entries deleted on Reboot...
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Service\Driver WinSpoolSvc deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dllcache\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lsass\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dllcache\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\lsass\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\netmon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mset deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft System Manager not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Windows Network Firewall deleted successfully.
========== FILES ==========
C:\WINDOWS\system32\csrsc.exe moved successfully.
C:\WINDOWS\msdriver32.exe moved successfully.
C:\WINDOWS\System32\x.exe moved successfully.
C:\WINDOWS\mslsrv32.exe moved successfully.
C:\WINDOWS\logfile32.txt moved successfully.
LoadLibrary failed for C:\WINDOWS\System32\msvcrt2.dll
C:\WINDOWS\System32\msvcrt2.dll NOT unregistered.
C:\WINDOWS\System32\msvcrt2.dll moved successfully.
C:\WINDOWS\System32\mset.exe moved successfully.
C:\WINDOWS\system\dllcache.exe moved successfully.
C:\WINDOWS\System32\firewall.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 35328147 bytes
->Temporary Internet Files folder emptied: 46030 bytes
User: All Users
User: BELLES Guy
->Temp folder emptied: 135782929 bytes
File delete failed. C:\Documents and Settings\BELLES Guy\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 17656285 bytes
User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\LastGood.Tmp\System32\Macromed\Flash folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\System32\Macromed folder deleted successfully.
C:\WINDOWS\LastGood.Tmp\System32 folder deleted successfully.
C:\WINDOWS\LastGood.Tmp folder deleted successfully.
%systemroot% .tmp files removed: 7902856 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 627507337 bytes
Total Files Cleaned = 786,12 mb
OTM by OldTimer - Version 3.0.0.6 log created on 08302009_011033
Files moved on Reboot...
Registry entries deleted on Reboot...
Citation :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Il va te demander d'installer la console de récupération : accepte.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
.
Lassé par la pub ? Créez un compte
- Contenus similaires :
- Forumordinateur infecté ?
- Forummon pc est infecté:trojan RÉSOLU
- ForumMon PC est-il infecté? Résolu
- ForumPC infecté par virus gendarmerie [résolu]
- ForumAvira infecté, Firefox aussi, Windows security bloque tout
- Forumordi infecté dllhost.exe Mozcrt19.dll "résolu"
- Forum1 HEURE pour un ARRET - REDEMARRAGE PC Est-il infecté
- Forumpc infecté par le virus gendarmerie?
- Forummon ordi est infecté
- Voir plus
