Deux iexplorer.exe dans mon processus
Forum Sécurité - Virus : Deux iexplorer.exe dans mon processus
Bonjour,
Depuis quelques jour j'ai remarqué dans mes processus deux iexplore.exe, alors que je n'utilise pas internet explorer
Des que j'essaye d'enlever ces processus, ils reviennent aussitôt, et prennent énormément de mémoire vive
Merci d'avance
Message édité par darthjen le 16-01-2010 à 23:29:30
Bonjour,
- Télécharge Random's System Information Tool (RSIT) (par random/random) sur ton Bureau.
- Double-clique sur RSIT.exe afin de lancer le programme.
(Sous Vista, il faut cliquer droit sur RSIT.exe et choisir Exécuter en tant qu'administrateur)
- Clique sur Continue à l'écran Disclaimer.
- Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
- Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (c'est celui qui apparaît à l'écran) ainsi que de info.txt (que tu verras dans la barre des tâches).
Note : les rapports sont sauvegardés dans le dossier C:\Rsit.
Bonjour,
Tout d'abord, merci pour ta réponse,
Voici le log.txt :
Logfile of random's system information tool 1.06 (written by random/random)
Run by Pc at 2010-01-17 13:20:29
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 59 GB (26%) free of 228 GB
Total RAM: 3071 MB (51% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:20:39, on 17/01/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18349)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Pc\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Pc.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/splitcam [...] 080892710}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/splitcam [...] 080892710}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\SplitCam Toolbar\tbhelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\SplitCam Toolbar\tbcore3.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: SplitCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files\SplitCam Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [sectdoes] "C:\ProgramData\phone style style.4q1ahm"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [Pando] C:\Program Files\Pando Networks\Pando\Pando.exe /Minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: CCC.lnk = ?
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/Mess [...] E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service Google Update (gupdate1ca74ce4163e6b5) (gupdate1ca74ce4163e6b5) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 5998 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{43A33E82-E8B9-46AE-9219-5D45FDD7D405}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2010-01-03 329312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class - C:\Program Files\SplitCam Toolbar\tbcore3.dll [2009-10-28 2801664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}
{338B4DFE-2E2C-4338-9E41-E176D497299E} - SplitCam Toolbar - C:\Program Files\SplitCam Toolbar\tbcore3.dll [2009-10-28 2801664]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-01-07 4853760]
"Skytel"=C:\Windows\Skytel.exe [2007-11-20 1826816]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2009-10-26 15872]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-21 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"sectdoes"=C:\ProgramData\phone style style.4q1ahm [2010-01-13 28688]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2009-11-03 289584]
"Pando"=C:\Program Files\Pando Networks\Pando\Pando.exe [2010-01-15 4058808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cerutne]
C:\Users\Pc\AppData\Roaming\aqazqazn.dll [2009-02-13 168509]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CheckMedi8or]
C:\Program Files\Mediator 7 Pro\CheckNewUser.exe [2002-10-29 36864]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\comp view eggs idol]
C:\ProgramData\tons mode name.8azakih [2009-12-16 118800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
C:\Program Files\Microsoft LifeCam\LifeExp.exe [2007-01-12 275800]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sectdoes]
C:\ProgramData\phone style style.j0az2ez [2009-12-16 307216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2009-10-09 25623336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\Steam.exe [2009-11-17 1217808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-11-04 149280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-01-03 198160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2009-11-03 289584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\Windows\vVX3000.exe [2006-12-05 707360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Pc^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-08-18 384000]
C:\Users\Pc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CCC.lnk - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{18abc42f-c8ee-11de-8406-002354135efd}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
======List of files/folders created in the last 1 months======
2010-01-17 13:20:29 ----D---- C:\rsit
2010-01-17 13:20:29 ----D---- C:\Program Files\trend micro
2010-01-16 23:21:11 ----D---- C:\Users\Pc\AppData\Roaming\Desktopicon
2010-01-16 23:21:10 ----D---- C:\Program Files\Unlocker
2010-01-16 23:14:41 ----D---- C:\Program Files\RegCleaner
2010-01-15 22:17:57 ----D---- C:\Program Files\Pando Networks
2010-01-14 20:38:01 ----D---- C:\Program Files\WBFS
2010-01-13 23:33:29 ----D---- C:\Windows\pss
2010-01-13 04:41:25 ----A---- C:\Windows\system32\t2embed.dll
2010-01-13 04:41:25 ----A---- C:\Windows\system32\fontsub.dll
2010-01-12 22:16:02 ----D---- C:\Users\Pc\AppData\Roaming\AVS4YOU
2010-01-12 22:16:01 ----D---- C:\ProgramData\AVS4YOU
2010-01-12 22:15:07 ----D---- C:\Program Files\Common Files\AVSMedia
2010-01-12 22:14:33 ----A---- C:\Windows\system32\msvcr70.dll
2010-01-12 22:14:33 ----A---- C:\Windows\system32\msvcp70.dll
2010-01-12 22:14:33 ----A---- C:\Windows\system32\mfc70.dll
2010-01-12 22:14:32 ----D---- C:\Program Files\AVS4YOU
2010-01-12 22:14:32 ----A---- C:\Windows\system32\msxml3a.dll
2010-01-12 22:14:32 ----A---- C:\Windows\system32\GdiPlus.dll
2010-01-09 23:24:03 ----D---- C:\Program Files\SplitCam Toolbar
2010-01-09 23:23:56 ----D---- C:\Program Files\SplitCam
2010-01-03 01:55:04 ----D---- C:\Program Files\DVDVideoSoft
2010-01-03 01:55:04 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-01-03 01:36:31 ----D---- C:\Program Files\Domino Converter
2010-01-03 01:28:35 ----D---- C:\Program Files\2Convert.net
2010-01-03 01:25:53 ----A---- C:\Windows\system32\rmoc3260.dll
2010-01-03 01:25:48 ----A---- C:\Windows\system32\pndx5032.dll
2010-01-03 01:25:48 ----A---- C:\Windows\system32\pndx5016.dll
2010-01-03 01:25:47 ----D---- C:\Program Files\Common Files\xing shared
2010-01-03 01:25:39 ----A---- C:\Windows\system32\pncrt.dll
2010-01-03 01:25:39 ----A---- C:\Windows\system32\msvcr71.dll
2010-01-03 01:25:38 ----D---- C:\Program Files\Common Files\Real
2010-01-03 01:25:37 ----D---- C:\ProgramData\Real
2010-01-03 01:25:37 ----D---- C:\Program Files\Real
2010-01-03 01:25:19 ----D---- C:\Users\Pc\AppData\Roaming\Real
2010-01-03 00:37:44 ----D---- C:\Program Files\WinSCP
2010-01-01 22:03:39 ----D---- C:\Program Files\iPod
2010-01-01 22:01:26 ----D---- C:\Program Files\QuickTime
2010-01-01 19:00:25 ----D---- C:\Users\Pc\AppData\Roaming\CopyTransPhoto
2010-01-01 18:52:08 ----D---- C:\Program Files\WindSolutions
2010-01-01 18:52:04 ----D---- C:\Users\Pc\AppData\Roaming\WindSolutions
2010-01-01 18:52:04 ----D---- C:\ProgramData\WindSolutions
2010-01-01 18:42:59 ----D---- C:\Program Files\QuickMediaConverter
2010-01-01 18:28:01 ----D---- C:\Program Files\WinAVI MP4 Converter
2009-12-23 11:35:42 ----A---- C:\Windows\WPE PRO.INI
2009-12-22 11:14:06 ----D---- C:\World of Warcraft
2009-12-20 19:21:18 ----D---- C:\Program Files\TQ Defiler
2009-12-20 19:02:51 ----D---- C:\Program Files\bman654
2009-12-20 18:43:15 ----RA---- C:\Windows\system32\psfind.dll
2009-12-20 18:43:15 ----A---- C:\Windows\system32\MSVCP71.dll
2009-12-20 18:43:15 ----A---- C:\Windows\system32\mfc71.dll
2009-12-20 18:35:58 ----D---- C:\Program Files\THQ
2009-12-19 12:10:09 ----A---- C:\Windows\Medi8or.ini
2009-12-19 12:08:40 ----D---- C:\Program Files\Mediator 7 Pro
2009-12-19 12:08:40 ----A---- C:\Windows\system32\ROBOEX32.DLL
2009-12-19 12:08:40 ----A---- C:\Windows\system32\INETWH32.DLL
======List of files/folders modified in the last 1 months======
2010-01-17 13:20:39 ----D---- C:\Windows\Prefetch
2010-01-17 13:20:36 ----D---- C:\Windows\Temp
2010-01-17 13:20:29 ----RD---- C:\Program Files
2010-01-17 12:36:05 ----D---- C:\Users\Pc\AppData\Roaming\uTorrent
2010-01-17 02:09:56 ----SHD---- C:\System Volume Information
2010-01-16 23:21:26 ----D---- C:\Program Files\Internet Explorer
2010-01-16 20:53:02 ----D---- C:\Users\Pc\AppData\Roaming\Skype
2010-01-16 16:04:20 ----D---- C:\Users\Pc\AppData\Roaming\skypePM
2010-01-14 21:08:17 ----D---- C:\Users\Pc\AppData\Roaming\LimeWire
2010-01-14 20:38:02 ----D---- C:\Windows\System32
2010-01-14 20:30:28 ----D---- C:\Windows\inf
2010-01-14 20:30:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-01-13 23:52:40 ----HD---- C:\ProgramData
2010-01-13 23:33:29 ----D---- C:\Windows
2010-01-13 21:14:19 ----D---- C:\Windows\system32\NDF
2010-01-13 19:03:21 ----SD---- C:\ProgramData\Microsoft
2010-01-13 17:49:10 ----D---- C:\Users\Pc\AppData\Roaming\vlc
2010-01-13 12:24:49 ----D---- C:\Windows\winsxs
2010-01-13 12:12:50 ----D---- C:\Program Files\Steam
2010-01-13 12:06:45 ----D---- C:\Windows\system32\catroot
2010-01-13 12:06:40 ----D---- C:\Program Files\Windows Mail
2010-01-13 04:37:59 ----D---- C:\Windows\system32\catroot2
2010-01-13 00:40:23 ----D---- C:\Users\Pc\AppData\Roaming\dvdcss
2010-01-12 22:15:07 ----SHD---- C:\Windows\Installer
2010-01-12 22:15:07 ----D---- C:\Program Files\Common Files
2010-01-10 11:57:53 ----D---- C:\Users\Pc\AppData\Roaming\Azureus
2010-01-10 01:35:59 ----D---- C:\Program Files\LimeWire
2010-01-09 23:24:12 ----D---- C:\Program Files\Mozilla Firefox
2010-01-09 23:23:56 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-06 09:47:01 ----D---- C:\Windows\system32\drivers
2010-01-05 19:47:51 ----D---- C:\Program Files\Common Files\Steam
2010-01-02 02:06:38 ----D---- C:\Users\Pc\AppData\Roaming\VSO
2010-01-01 22:04:19 ----D---- C:\Program Files\iTunes
2010-01-01 22:03:38 ----D---- C:\Program Files\Common Files\Apple
2009-12-31 16:07:11 ----D---- C:\Users\Pc\AppData\Roaming\Apple Computer
2009-12-31 15:49:00 ----D---- C:\ProgramData\Apple
2009-12-25 19:01:03 ----D---- C:\Windows\system32\WDI
2009-12-22 11:19:41 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-12-20 23:25:48 ----D---- C:\Windows\system32\Tasks
2009-12-20 19:04:04 ----SD---- C:\Users\Pc\AppData\Roaming\Microsoft
2009-12-20 19:02:52 ----RSD---- C:\Windows\Fonts
2009-12-19 03:31:35 ----D---- C:\Program Files\Vuze
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-02-17 1093632]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-09 3533824]
R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-01-08 2044896]
R3 MODEMCSA;Périphérique de filtrage de flux Unimodem; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 SPLITCAM;Splitcam, WDM Camera Stream Splitter; C:\Windows\system32\DRIVERS\splitcam.sys [2009-12-10 13824]
R3 StillCam;Pilote d'appareil photo numérique série; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2009-08-28 40448]
R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2009-12-11 14336]
S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 TVICHW32;TVICHW32; \??\C:\Windows\system32\DRIVERS\TVICHW32.SYS [2009-12-05 23600]
S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-11-11 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-11-11 19968]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-11-11 24832]
S3 VX3000;VX-3000; C:\Windows\system32\DRIVERS\VX3000.sys [2006-12-05 1964064]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-03-09 655360]
R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-01-04 240408]
R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]
S2 gupdate1ca74ce4163e6b5;Service Google Update (gupdate1ca74ce4163e6b5); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-04 133104]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-12-11 238960]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-01-04 321320]
-----------------EOF-----------------
Et maintenant le info.txt :
info.txt logfile of random's system information tool 1.06 2010-01-17 13:20:41
======Uninstall list======
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
2Conv.com - Media Converter 1.35-->C:\Program Files\2Convert.net\uninst.exe
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001}
Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}
Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}
Atheros Client Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x040c -removeonly
ATK Media-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}\Setup.exe" -l0x9
ATKOSD2-->C:\Program Files\InstallShield Installation Information\{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}\setup.exe -runfromtemp -l0x0009 -removeonly
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe"
AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
ccc-Branding-->MsiExec.exe /I{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}
Cisco EAP-FAST Module-->MsiExec.exe /I{3F4BA3A2-7BE0-48EA-B4BC-CA4D842A409A}
Cisco LEAP Module-->MsiExec.exe /I{934B3B19-8193-467A-B356-E73F82647D38}
Cisco PEAP Module-->MsiExec.exe /I{BAD1449B-DF0C-4118-B76D-68C54009576C}
CopyTrans Suite désinstallation uniquement-->C:\Program Files\WindSolutions\CopyTrans Suite\CopyTransControlCenter.exe uninstall
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Plus Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Domino FLV Video Converter V1.20.712-->"C:\Program Files\Domino Converter\Domino FLV Video Converter\unins000.exe"
DriverAgent by eSupport.com-->RunDll32.exe advpack.dll,LaunchINFSection driveragent_exe.inf,TVICHW32Remove
eBay Icon-->C:\Users\Pc\AppData\Roaming\Desktopicon\uninst.exe
Free YouTube to iPod Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free YouTube to iPod Converter\unins000.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\3.0.195.38\Installer\setup.exe" --uninstall --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe
Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31}
iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}
Java(TM) 6 Update 16-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016F0}
Java(TM) 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216017FF}
Le Maître de l'Olympe - Zeus.-->C:\Windows\IsUn040c.exe -f"C:\Sierra\Le Maître de l' Olympe Zeus\Uninst.isu"
LG PC Suite III-->C:\Program Files\InstallShield Installation Information\{C0E18DC4-C74A-4889-AE3A-933471023787}\setup.exe -runfromtemp -l0x040c -removeonly
LG USB Modem Drivers-->MsiExec.exe /I{FA02ACAC-9E14-4878-A257-92A22A647C2C}
LimeWire 5.4.6-->"C:\Program Files\LimeWire\uninstall.exe"
Logiciel d'archivage WinRAR-->C:\Program Files\WinRAR\uninstall.exe
Ma-Config.com-->MsiExec.exe /X{15CBA4AC-2298-40F1-98EB-529809999E04}
MatchWare Mediator 7 Pro-->C:\PROGRA~1\MEDIAT~1\UNWISE.EXE C:\PROGRA~1\MEDIAT~1\INSTALL.LOG
Messenger Plus! Live & Sponsor (CiD)-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft .NET Framework 3.5 Language Pack SP1 - fra-->MsiExec.exe /I{3E31821C-7917-367E-938E-E65FC413EA31}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft LifeCam-->MsiExec.exe /X{718263DE-E612-4653-BB7D-7154BA9E31AB}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Module linguistique Microsoft .NET Framework 3.5 SP1- fra-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - fra\setup.exe
Motorola SM56 Speakerphone Modem-->rundll32.exe sm56co6a.dll,SM56UnInstaller
Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
OpenOffice.org 3.1-->MsiExec.exe /I{0FA44E79-CD7D-4E8D-A2EE-26FE05F509B6}
Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Pando-->C:\Program Files\Pando Networks\Pando\PandoUninst.exe
PhotoFiltre-->"C:\Program Files\PhotoFiltre\Uninst.exe"
QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
Skype web features-->MsiExec.exe /I{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Soldat 1.5.0-->"C:\Soldat\unins000.exe"
SplitCam Toolbar-->C:\Program Files\SplitCam Toolbar\UninstallToolbar.exe
SplitCam-->"C:\Program Files\InstallShield Installation Information\{00718491-55BF-46C6-83EF-4B3B95AC807A}\setup.exe" -runfromtemp -l0x0009 -removeonly
SplitCam-->"C:\Program Files\InstallShield Installation Information\{0C0670E5-2D51-42C6-ACFF-CBCB65B7DCDB}\setup.exe" -runfromtemp -l0x0009 -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Titan Quest Immortal Throne-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}\setup.exe" -l0x40c -removeonly
Titan Quest-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}\setup.exe" -l0x40c -removeonly
TQ Defiler-->MsiExec.exe /I{10209B87-55D6-493E-A30A-12A265AA324E}
TQVault-->MsiExec.exe /I{7C08EEEC-8288-4C0E-BD1C-B8B9BEE360BD}
Tunatic-->"C:\Windows\lsb_un20.exe" /C=UC /N=Tunatic
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Unlocker 1.8.8-->C:\Program Files\Unlocker\uninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VistaFeaturePack-->C:\Program Files\InstallShield Installation Information\{D7E04009-B191-4E9D-9D2D-1BBE57BD8A42}\setup.exe -runfromtemp -l0x040c
VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VSO Image Resizer 3.0.0.140-->"C:\Program Files\VSO\Image Resizer\unins000.exe"
Vuze-->C:\Program Files\Vuze\uninstall.exe
WBFS Manager 3.0-->C:\Program Files\WBFS\WBFS Manager 3.0\uninstall.exe
Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1}
Windows Live OneCare safety scanner-->"C:\Program Files\Windows Live Safety Center\UnInstall.exe"
Windows Live OneCare safety scanner-->MsiExec.exe /X{FE0646A7-19D0-41B4-A2BB-2C35D644270D}
WinSCP 4.2.5-->"C:\Program Files\WinSCP\unins000.exe"
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (3)\Uninstall.exe
======Security center information======
AS: Windows Defender
======System event log======
Computer Name: PC-de-Pc
Event Code: 3004
Message: L’agent de protection en temps réel Windows Defender a détecté des modifications. Microsoft vous recommande d’analyser les logiciels responsables de ces modifications, à la recherche de risques potentiels. Vous pouvez vous servir des informations relatives au fonctionnement de ces programmes pour autoriser ou non leur exécution, ou pour les supprimer de l’ordinateur. N’autorisez les modifications que si vous faites confiance au programme ou à l’éditeur de logiciel. Windows Defender ne peut pas annuler les modifications que vous autorisez.
Pour plus d’informations, consultez les données suivantes :
Non applicable
ID d’analyse : {4215673A-AF18-4E10-91F2-173AF36CD5F8}
Utilisateur : PC-de-Pc\Pc
Nom : Unknown
ID :
ID de gravité :
ID de catégorie :
Chemin d’accès trouvé : clsid:HKLM\SOFTWARE\CLASSES\CLSID\{9C150845-2A2D-44CC-90B3-AA03480AA3D2};regkey:HKLM\SOFTWARE\CLASSES\TYPELIB\{C32ACB0F-659B-45C3-A3DC-76A7BCCBD7E7}\1.0;regkey:HKLM\SOFTWARE\CLASSES\CLSID\{9C150845-2A2D-44CC-90B3-AA03480AA3D2};regkey:HKLM\Software\Classes\*\shellex\ContextMenuHandlers\PandoShellExt;contextmenu:HKLM\Software\Classes\*\shellex\ContextMenuHandlers\PandoShellExt;typelibversion:HKLM\SOFTWARE\CLASSES\TYPELIB\{C32ACB0F-659B-45C3-A3DC-76A7BCCBD7E7}\1.0;typelib:HKLM\SOFTWARE\CLASSES\TYPELIB\{C32ACB0F-659B-45C3-A3DC-76A7BCCBD7E7};file:C:\Program Files\Pando Networks\Pando\PandoShellExt.dll
Type d’alerte : Logiciel non classifié
Type de détection :
Record Number: 38357
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20100115211811.000000-000
Event Type: Avertissement
User:
Computer Name: PC-de-Pc
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 38374
Source Name: Tcpip
Time Written: 20100116111318.034411-000
Event Type: Avertissement
User:
Computer Name: PC-de-Pc
Event Code: 10001
Message: Le démarrage du serveur DCOM {300165D9-44B1-4C7A-AD58-4A9E7200E2E8} en tant que / n'est pas possible. L'erreur :
"2"
s'est produite lors de l'activation de la commande :
"C:\Program Files\Internet Explorer\IEUser.exe" -Embedding
Record Number: 38385
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100116222733.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Pc
Event Code: 10010
Message: Le serveur {0002DF01-0000-0000-C000-000000000046} ne s'est pas enregistré sur DCOM avant la fin du temps imparti.
Record Number: 38386
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100116222813.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Pc
Event Code: 4226
Message: TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.
Record Number: 38410
Source Name: Tcpip
Time Written: 20100117113405.807407-000
Event Type: Avertissement
User:
=====Application event log=====
Computer Name: PC-de-Pc
Event Code: 1000
Message: Application défaillante IEXPLORE.EXE, version 7.0.6001.18349, horodatage 0x4ae6d1b5, module défaillant mshtml.dll, version 7.0.6001.18349, horodatage 0x4ae6f33f, code d’exception 0xc0000005, décalage d’erreur 0x0008bf53, ID du processus 0xd8, heure de début de l’application 0x01ca94735343bd6d.
Record Number: 6015
Source Name: Application Error
Time Written: 20100113171052.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Pc
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 6044
Source Name: Microsoft-Windows-WMI
Time Written: 20100113230558.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Pc
Event Code: 10
Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé.
Record Number: 6076
Source Name: Microsoft-Windows-WMI
Time Written: 20100114163900.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Pc
Event Code: 1002
Message: Le programme PandoSetupNCI.exe version 2.3.3.0 a cessé d’interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l’historique du problème dans l’application Rapports et solutions aux problèmes du Panneau de configuration. ID de processus : 5d8 Heure de début : 01ca96280bad1fb6 Heure de fin : 6
Record Number: 6094
Source Name: Application Hang
Time Written: 20100115211711.000000-000
Event Type: Erreur
User:
Computer Name: PC-de-Pc
Event Code: 1000
Message: Application défaillante msnmsgr.exe, version 14.0.8089.726, horodatage 0x4a6ce533, module défaillant msgswcam.dll, version 14.0.8089.726, horodatage 0x4a6ce52a, code d’exception 0xc0000005, décalage d’erreur 0x0000b498, ID du processus 0x1674, heure de début de l’application 0x01ca969cd4ddccc7.
Record Number: 6101
Source Name: Application Error
Time Written: 20100116212930.000000-000
Event Type: Erreur
User:
=====Security event log=====
Computer Name: PC-de-Pc
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.
Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 11244
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100117122038.078885-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Pc
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.
Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 11245
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100117122038.154076-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Pc
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.
Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 11246
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100117122038.230243-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Pc
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.
Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 11247
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100117122038.297621-000
Event Type: Échec de l'audit
User:
Computer Name: PC-de-Pc
Event Code: 5038
Message: L’intégrité du code a déterminé que le hachage de l’image d’un fichier n’est pas valide. Le fichier peut être endommagé en raison d’une modification non autorisée ou le hachage non valide peut indiquer une erreur d’unité de disque potentielle.
Nom du fichier : \Device\HarddiskVolume1\Windows\System32\drivers\tcpip.sys
Record Number: 11248
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100117122038.366953-000
Event Type: Échec de l'audit
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Infection Lop/Swizzor.
- Désactive l'UAC le temps de la désinfection.
- Télécharge Lop S&D (par Eric_71) sur ton Bureau.
- Puis double-clique sur Lop S&D présent sur ton Bureau.
(Sous Vista, il faut cliquer droit sur Lop S&D et choisir Exécuter en tant qu'administrateur)
- Sélectionne la langue souhaitée, puis choisis l'option 1 (Recherche).
- Patiente jusqu'à la fin du scan.
- Poste le rapport généré (C:\lopR.txt).
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz )
BIOS : Default System BIOS
USER : Pc ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:223 Go (Free:54 Go)
D:\ (CD or DVD)
E:\ (USB)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 17/01/2010|17:53 )
[ UAC => 0 ]
--------------------\\ Listing des dossiers dans Local
[07/11/2009|14:16] C:\Users\Pc\AppData\Local\Adobe
[03/11/2009|23:38] C:\Users\Pc\AppData\Local\Apple
[12/01/2010|21:38] C:\Users\Pc\AppData\Local\Apple Computer
[03/11/2009|14:24] C:\Users\Pc\AppData\Local\Application Data
[03/11/2009|20:51] C:\Users\Pc\AppData\Local\ATI
[21/12/2009|16:34] C:\Users\Pc\AppData\Local\d3d9caps.dat
[16/01/2010|15:05] C:\Users\Pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[05/12/2009|20:58] C:\Users\Pc\AppData\Local\eSupport.com
[20/12/2009|19:03] C:\Users\Pc\AppData\Local\GDIPFONTCACHEV1.DAT
[04/12/2009|11:47] C:\Users\Pc\AppData\Local\Google
[03/11/2009|14:24] C:\Users\Pc\AppData\Local\Historique
[17/01/2010|17:45] C:\Users\Pc\AppData\Local\IconCache.db
[13/01/2010|19:03] C:\Users\Pc\AppData\Local\Microsoft
[25/12/2009|19:43] C:\Users\Pc\AppData\Local\Microsoft Games
[03/11/2009|21:00] C:\Users\Pc\AppData\Local\Mozilla
[15/01/2010|22:18] C:\Users\Pc\AppData\Local\Pando
[17/01/2010|17:51] C:\Users\Pc\AppData\Local\Temp
[03/11/2009|14:24] C:\Users\Pc\AppData\Local\Temporary Internet Files
[10/01/2010|01:32] C:\Users\Pc\AppData\Local\VirtualStore
[02/01/2010|02:06] C:\Users\Pc\AppData\Local\VSO
[14/01/2010|20:38] C:\Users\Pc\AppData\Local\WBFSManager
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[17/01/2010 12:42][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{43A33E82-E8B9-46AE-9219-5D45FDD7D405}.job
[17/01/2010 17:00][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[17/01/2010 17:46][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[17/01/2010 17:46][--ah-----] C:\Windows\tasks\SA.DAT
[17/01/2010 17:45][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[03/11/2009|23:40] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[02/12/2009|19:07] C:\ProgramData\Adobe
[31/12/2009|15:49] C:\ProgramData\Apple
[03/11/2009|23:40] C:\ProgramData\Apple Computer
[02/11/2006|14:02] C:\ProgramData\Application Data
[03/11/2009|22:17] C:\ProgramData\Atheros
[03/11/2009|20:51] C:\ProgramData\ATI
[12/01/2010|22:16] C:\ProgramData\AVS4YOU
[04/11/2009|00:36] C:\ProgramData\Azureus
[05/11/2009|22:16] C:\ProgramData\Blizzard
[03/11/2009|14:22] C:\ProgramData\Bureau
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[03/11/2009|14:22] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[03/11/2009|21:33] C:\ProgramData\Google
[16/12/2009|19:52] C:\ProgramData\HtmDupeEggs
[16/12/2009|19:52] C:\ProgramData\loud bike comp view
[14/12/2009|19:14] C:\ProgramData\ma-config.com
[03/11/2009|14:22] C:\ProgramData\Menu D‚marrer
[13/12/2009|17:23] C:\ProgramData\Messenger Plus!
[13/01/2010|19:03] C:\ProgramData\Microsoft
[03/11/2009|14:22] C:\ProgramData\ModŠles
[13/01/2010|23:52] C:\ProgramData\phone style style.4q1ahm
[16/12/2009|19:51] C:\ProgramData\phone style style.j0az2ez
[03/11/2009|21:27] C:\ProgramData\phone style style.ladu1
[16/12/2009|19:51] C:\ProgramData\phone style style.wwo9g
[03/01/2010|01:27] C:\ProgramData\Real
[03/11/2009|21:33] C:\ProgramData\Skype
[02/11/2006|14:02] C:\ProgramData\Start Menu
[02/11/2006|14:02] C:\ProgramData\Templates
[16/12/2009|19:52] C:\ProgramData\tons mode name.8azakih
[01/01/2010|18:52] C:\ProgramData\WindSolutions
[05/12/2009|20:54] C:\ProgramData\Xerox
--------------------\\ Listing des dossiers dans C:\Program Files
[03/01/2010|01:28] C:\Program Files\2Convert.net
[07/11/2009|13:52] C:\Program Files\Adobe
[03/11/2009|23:38] C:\Program Files\Apple Software Update
[03/11/2009|20:16] C:\Program Files\ASUS
[03/11/2009|22:16] C:\Program Files\Atheros
[03/11/2009|20:18] C:\Program Files\ATI
[03/11/2009|20:22] C:\Program Files\ATI Technologies
[03/11/2009|20:33] C:\Program Files\ATKOSD2
[12/01/2010|22:15] C:\Program Files\AVS4YOU
[20/12/2009|19:02] C:\Program Files\bman654
[03/11/2009|23:39] C:\Program Files\Bonjour
[03/11/2009|21:27] C:\Program Files\Circl Developement
[03/11/2009|20:18] C:\Program Files\Cisco
[12/01/2010|22:15] C:\Program Files\Common Files
[03/11/2009|20:33] C:\Program Files\CSR
[04/12/2009|11:41] C:\Program Files\DivX
[03/01/2010|01:36] C:\Program Files\Domino Converter
[03/01/2010|01:55] C:\Program Files\DVDVideoSoft
[03/11/2009|14:22] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[04/12/2009|11:44] C:\Program Files\Google
[09/01/2010|23:23] C:\Program Files\InstallShield Installation Information
[01/01/2010|22:03] C:\Program Files\iPod
[01/01/2010|22:04] C:\Program Files\iTunes
[27/11/2009|19:14] C:\Program Files\Java
[27/11/2009|19:16] C:\Program Files\JRE
[04/11/2009|20:40] C:\Program Files\LG Electronics
[10/01/2010|01:35] C:\Program Files\LimeWire
[14/12/2009|19:14] C:\Program Files\ma-config.com
[19/12/2009|14:32] C:\Program Files\Mediator 7 Pro
[03/11/2009|21:27] C:\Program Files\Messenger Plus! Live
[03/11/2009|21:18] C:\Program Files\Microsoft
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[14/12/2009|19:23] C:\Program Files\Microsoft LifeCam
[03/11/2009|20:20] C:\Program Files\Motorola
[21/01/2008|03:35] C:\Program Files\Movie Maker
[17/01/2010|17:50] C:\Program Files\Mozilla Firefox
[02/11/2006|13:37] C:\Program Files\MSBuild
[06/11/2009|03:00] C:\Program Files\MSXML 4.0
[27/11/2009|19:16] C:\Program Files\OpenOffice.org 3
[15/01/2010|22:17] C:\Program Files\Pando Networks
[06/12/2009|17:06] C:\Program Files\PhotoFiltre
[01/01/2010|18:43] C:\Program Files\QuickMediaConverter
[01/01/2010|22:01] C:\Program Files\QuickTime
[03/01/2010|01:25] C:\Program Files\Real
[03/11/2009|20:48] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[16/01/2010|23:19] C:\Program Files\RegCleaner
[03/11/2009|21:34] C:\Program Files\Skype
[09/01/2010|23:23] C:\Program Files\SplitCam
[09/01/2010|23:24] C:\Program Files\SplitCam Toolbar
[13/01/2010|12:12] C:\Program Files\Steam
[21/12/2009|16:18] C:\Program Files\THQ
[21/12/2009|15:58] C:\Program Files\TQ Defiler
[17/01/2010|13:20] C:\Program Files\trend micro
[14/12/2009|18:16] C:\Program Files\Tunatic
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[16/01/2010|23:21] C:\Program Files\Unlocker
[03/11/2009|23:52] C:\Program Files\uTorrent
[03/11/2009|23:12] C:\Program Files\VideoLAN
[03/11/2009|23:01] C:\Program Files\VirtualDJ
[06/12/2009|16:41] C:\Program Files\VSO
[19/12/2009|03:31] C:\Program Files\Vuze
[14/01/2010|20:38] C:\Program Files\WBFS
[01/01/2010|18:28] C:\Program Files\WinAVI MP4 Converter
[21/01/2008|03:35] C:\Program Files\Windows Calendar
[21/01/2008|03:35] C:\Program Files\Windows Collaboration
[21/01/2008|03:35] C:\Program Files\Windows Defender
[21/01/2008|03:35] C:\Program Files\Windows Journal
[03/11/2009|21:18] C:\Program Files\Windows Live
[11/11/2009|14:44] C:\Program Files\Windows Live Safety Center
[03/11/2009|21:17] C:\Program Files\Windows Live SkyDrive
[13/01/2010|12:06] C:\Program Files\Windows Mail
[04/11/2009|03:01] C:\Program Files\Windows Media Player
[03/11/2009|14:22] C:\Program Files\Windows NT
[21/01/2008|03:35] C:\Program Files\Windows Photo Gallery
[21/01/2008|03:35] C:\Program Files\Windows Sidebar
[01/01/2010|18:52] C:\Program Files\WindSolutions
[04/11/2009|01:24] C:\Program Files\WinRAR
[03/01/2010|00:37] C:\Program Files\WinSCP
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[07/11/2009|13:52] C:\Program Files\Common Files\Adobe
[02/12/2009|19:07] C:\Program Files\Common Files\Adobe AIR
[01/01/2010|22:03] C:\Program Files\Common Files\Apple
[12/01/2010|22:15] C:\Program Files\Common Files\AVSMedia
[22/12/2009|11:19] C:\Program Files\Common Files\Blizzard Entertainment
[04/12/2009|11:40] C:\Program Files\Common Files\DivX Shared
[03/01/2010|01:55] C:\Program Files\Common Files\DVDVideoSoft
[03/11/2009|20:21] C:\Program Files\Common Files\InstallShield
[04/11/2009|00:39] C:\Program Files\Common Files\microsoft shared
[04/12/2009|11:41] C:\Program Files\Common Files\PX Storage Engine
[03/01/2010|01:25] C:\Program Files\Common Files\Real
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[03/11/2009|21:33] C:\Program Files\Common Files\Skype
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[05/01/2010|19:47] C:\Program Files\Common Files\Steam
[25/11/2009|14:23] C:\Program Files\Common Files\SWF Studio
[21/01/2008|03:35] C:\Program Files\Common Files\System
[03/11/2009|21:01] C:\Program Files\Common Files\Windows Live
[03/01/2010|01:25] C:\Program Files\Common Files\xing shared
--------------------\\ Process
( 55 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
C:\ProgramData\phone style style.ladu1
C:\ProgramData\phone style style.wwo9g
C:\ProgramData\phone style style.4q1ahm
C:\ProgramData\phone style style.j0az2ez
C:\ProgramData\tons mode name.8azakih
C:\Users\Pc\AppData\Local\Temp\bis9876.exe
--------------------\\ Recherche de Fichiers / Dossiers Lop
C:\Users\Pc\AppData\Local\Temp\nslD12D.tmp
C:\Users\Pc\AppData\Local\Temp\staAE45.exe
--------------------\\ Verification du Registre
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"sectdoes"="\"C:\\ProgramData\\phone style style.4q1ahm\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 17:53:23
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:1387][D:97]-> C:\Users\Pc\AppData\Local\Temp
[F:401][D:1]-> C:\Users\Pc\AppData\Roaming\MICROS~1\Windows\Cookies
[F:639][D:11]-> C:\Users\Pc\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:155][D:8]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 17/01/2010|17:55 - Option : [1]
--------------------\\ Fin du rapport a 17:55:43
[ UAC => 1 ]
- Relance Lop S&D.
(Sous Vista, il faut cliquer droit sur Lop S&D et choisir Exécuter en tant qu'administrateur)
- Choisis cette fois-ci l'option 2 (Suppression).
- Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré (C:\lopR.txt).
(Si le Bureau ne réapparaît pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)
--------------------\\ Lop S&D 4.2.5-0 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz )
BIOS : Default System BIOS
USER : Pc ( Administrator )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:223 Go (Free:49 Go)
D:\ (CD or DVD)
E:\ (USB)
"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 17/01/2010|21:14 )
[ UAC => 1 ]
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\Users\Pc\AppData\Local\Temp\nslD12D.tmp
Supprime! - C:\Users\Pc\AppData\Local\Temp\staAE45.exe
Supprime! - C:\ProgramData\phone style style.ladu1
Supprime! - C:\ProgramData\phone style style.wwo9g
Supprime! - C:\ProgramData\phone style style.4q1ahm
Supprime! - C:\ProgramData\phone style style.j0az2ez
Supprime! - C:\ProgramData\tons mode name.8azakih
Supprime! - C:\Users\Pc\AppData\Local\Temp\bis9876.exe
-
[ Fichier Hosts ] .. Restaure!
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans Local
[07/11/2009|14:16] C:\Users\Pc\AppData\Local\Adobe
[03/11/2009|23:38] C:\Users\Pc\AppData\Local\Apple
[12/01/2010|21:38] C:\Users\Pc\AppData\Local\Apple Computer
[03/11/2009|14:24] C:\Users\Pc\AppData\Local\Application Data
[03/11/2009|20:51] C:\Users\Pc\AppData\Local\ATI
[21/12/2009|16:34] C:\Users\Pc\AppData\Local\d3d9caps.dat
[16/01/2010|15:05] C:\Users\Pc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[05/12/2009|20:58] C:\Users\Pc\AppData\Local\eSupport.com
[20/12/2009|19:03] C:\Users\Pc\AppData\Local\GDIPFONTCACHEV1.DAT
[04/12/2009|11:47] C:\Users\Pc\AppData\Local\Google
[03/11/2009|14:24] C:\Users\Pc\AppData\Local\Historique
[17/01/2010|17:45] C:\Users\Pc\AppData\Local\IconCache.db
[13/01/2010|19:03] C:\Users\Pc\AppData\Local\Microsoft
[25/12/2009|19:43] C:\Users\Pc\AppData\Local\Microsoft Games
[03/11/2009|21:00] C:\Users\Pc\AppData\Local\Mozilla
[15/01/2010|22:18] C:\Users\Pc\AppData\Local\Pando
[17/01/2010|21:14] C:\Users\Pc\AppData\Local\Temp
[03/11/2009|14:24] C:\Users\Pc\AppData\Local\Temporary Internet Files
[10/01/2010|01:32] C:\Users\Pc\AppData\Local\VirtualStore
[02/01/2010|02:06] C:\Users\Pc\AppData\Local\VSO
[14/01/2010|20:38] C:\Users\Pc\AppData\Local\WBFSManager
--------------------\\ Tâches planifiées dans C:\Windows\tasks
[17/01/2010 12:42][--ah-----] C:\Windows\tasks\User_Feed_Synchronization-{43A33E82-E8B9-46AE-9219-5D45FDD7D405}.job
[17/01/2010 21:00][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[17/01/2010 17:46][--a------] C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[17/01/2010 17:46][--ah-----] C:\Windows\tasks\SA.DAT
[17/01/2010 17:45][--a------] C:\Windows\tasks\SCHEDLGU.TXT
--------------------\\ Listing des dossiers dans C:\ProgramData
[03/11/2009|23:40] C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[02/12/2009|19:07] C:\ProgramData\Adobe
[31/12/2009|15:49] C:\ProgramData\Apple
[03/11/2009|23:40] C:\ProgramData\Apple Computer
[02/11/2006|14:02] C:\ProgramData\Application Data
[03/11/2009|22:17] C:\ProgramData\Atheros
[03/11/2009|20:51] C:\ProgramData\ATI
[12/01/2010|22:16] C:\ProgramData\AVS4YOU
[04/11/2009|00:36] C:\ProgramData\Azureus
[05/11/2009|22:16] C:\ProgramData\Blizzard
[03/11/2009|14:22] C:\ProgramData\Bureau
[02/11/2006|14:02] C:\ProgramData\Desktop
[02/11/2006|14:02] C:\ProgramData\Documents
[03/11/2009|14:22] C:\ProgramData\Favoris
[02/11/2006|14:02] C:\ProgramData\Favorites
[03/11/2009|21:33] C:\ProgramData\Google
[16/12/2009|19:52] C:\ProgramData\HtmDupeEggs
[16/12/2009|19:52] C:\ProgramData\loud bike comp view
[14/12/2009|19:14] C:\ProgramData\ma-config.com
[03/11/2009|14:22] C:\ProgramData\Menu D‚marrer
[13/12/2009|17:23] C:\ProgramData\Messenger Plus!
[13/01/2010|19:03] C:\ProgramData\Microsoft
[03/11/2009|14:22] C:\ProgramData\ModŠles
[03/01/2010|01:27] C:\ProgramData\Real
[03/11/2009|21:33] C:\ProgramData\Skype
[02/11/2006|14:02] C:\ProgramData\Start Menu
[02/11/2006|14:02] C:\ProgramData\Templates
[01/01/2010|18:52] C:\ProgramData\WindSolutions
[05/12/2009|20:54] C:\ProgramData\Xerox
--------------------\\ Listing des dossiers dans C:\Program Files
[03/01/2010|01:28] C:\Program Files\2Convert.net
[07/11/2009|13:52] C:\Program Files\Adobe
[03/11/2009|23:38] C:\Program Files\Apple Software Update
[03/11/2009|20:16] C:\Program Files\ASUS
[03/11/2009|22:16] C:\Program Files\Atheros
[03/11/2009|20:18] C:\Program Files\ATI
[03/11/2009|20:22] C:\Program Files\ATI Technologies
[03/11/2009|20:33] C:\Program Files\ATKOSD2
[12/01/2010|22:15] C:\Program Files\AVS4YOU
[20/12/2009|19:02] C:\Program Files\bman654
[03/11/2009|23:39] C:\Program Files\Bonjour
[03/11/2009|21:27] C:\Program Files\Circl Developement
[03/11/2009|20:18] C:\Program Files\Cisco
[12/01/2010|22:15] C:\Program Files\Common Files
[03/11/2009|20:33] C:\Program Files\CSR
[04/12/2009|11:41] C:\Program Files\DivX
[03/01/2010|01:36] C:\Program Files\Domino Converter
[03/01/2010|01:55] C:\Program Files\DVDVideoSoft
[03/11/2009|14:22] C:\Program Files\Fichiers communs [C:\Program Files\Common Files]
[04/12/2009|11:44] C:\Program Files\Google
[17/01/2010|18:52] C:\Program Files\InstallShield Installation Information
[01/01/2010|22:03] C:\Program Files\iPod
[01/01/2010|22:04] C:\Program Files\iTunes
[27/11/2009|19:14] C:\Program Files\Java
[27/11/2009|19:16] C:\Program Files\JRE
[04/11/2009|20:40] C:\Program Files\LG Electronics
[10/01/2010|01:35] C:\Program Files\LimeWire
[14/12/2009|19:14] C:\Program Files\ma-config.com
[19/12/2009|14:32] C:\Program Files\Mediator 7 Pro
[17/01/2010|18:52] C:\Program Files\Megaupload
[03/11/2009|21:27] C:\Program Files\Messenger Plus! Live
[03/11/2009|21:18] C:\Program Files\Microsoft
[02/11/2006|13:37] C:\Program Files\Microsoft Games
[14/12/2009|19:23] C:\Program Files\Microsoft LifeCam
[03/11/2009|20:20] C:\Program Files\Motorola
[21/01/2008|03:35] C:\Program Files\Movie Maker
[17/01/2010|21:06] C:\Program Files\Mozilla Firefox
[02/11/2006|13:37] C:\Program Files\MSBuild
[06/11/2009|03:00] C:\Program Files\MSXML 4.0
[27/11/2009|19:16] C:\Program Files\OpenOffice.org 3
[15/01/2010|22:17] C:\Program Files\Pando Networks
[06/12/2009|17:06] C:\Program Files\PhotoFiltre
[01/01/2010|18:43] C:\Program Files\QuickMediaConverter
[01/01/2010|22:01] C:\Program Files\QuickTime
[03/01/2010|01:25] C:\Program Files\Real
[03/11/2009|20:48] C:\Program Files\Realtek
[02/11/2006|13:37] C:\Program Files\Reference Assemblies
[16/01/2010|23:19] C:\Program Files\RegCleaner
[03/11/2009|21:34] C:\Program Files\Skype
[09/01/2010|23:23] C:\Program Files\SplitCam
[09/01/2010|23:24] C:\Program Files\SplitCam Toolbar
[13/01/2010|12:12] C:\Program Files\Steam
[21/12/2009|16:18] C:\Program Files\THQ
[21/12/2009|15:58] C:\Program Files\TQ Defiler
[17/01/2010|13:20] C:\Program Files\trend micro
[14/12/2009|18:16] C:\Program Files\Tunatic
[02/11/2006|14:01] C:\Program Files\Uninstall Information
[16/01/2010|23:21] C:\Program Files\Unlocker
[03/11/2009|23:52] C:\Program Files\uTorrent
[03/11/2009|23:12] C:\Program Files\VideoLAN
[03/11/2009|23:01] C:\Program Files\VirtualDJ
[06/12/2009|16:41] C:\Program Files\VSO
[19/12/2009|03:31] C:\Program Files\Vuze
[14/01/2010|20:38] C:\Program Files\WBFS
[01/01/2010|18:28] C:\Program Files\WinAVI MP4 Converter
[21/01/2008|03:35] C:\Program Files\Windows Calendar
[21/01/2008|03:35] C:\Program Files\Windows Collaboration
[21/01/2008|03:35] C:\Program Files\Windows Defender
[21/01/2008|03:35] C:\Program Files\Windows Journal
[03/11/2009|21:18] C:\Program Files\Windows Live
[11/11/2009|14:44] C:\Program Files\Windows Live Safety Center
[03/11/2009|21:17] C:\Program Files\Windows Live SkyDrive
[13/01/2010|12:06] C:\Program Files\Windows Mail
[04/11/2009|03:01] C:\Program Files\Windows Media Player
[03/11/2009|14:22] C:\Program Files\Windows NT
[21/01/2008|03:35] C:\Program Files\Windows Photo Gallery
[21/01/2008|03:35] C:\Program Files\Windows Sidebar
[01/01/2010|18:52] C:\Program Files\WindSolutions
[04/11/2009|01:24] C:\Program Files\WinRAR
[03/01/2010|00:37] C:\Program Files\WinSCP
--------------------\\ Listing des dossiers dans C:\Program Files\Common Files
[07/11/2009|13:52] C:\Program Files\Common Files\Adobe
[02/12/2009|19:07] C:\Program Files\Common Files\Adobe AIR
[01/01/2010|22:03] C:\Program Files\Common Files\Apple
[12/01/2010|22:15] C:\Program Files\Common Files\AVSMedia
[22/12/2009|11:19] C:\Program Files\Common Files\Blizzard Entertainment
[04/12/2009|11:40] C:\Program Files\Common Files\DivX Shared
[03/01/2010|01:55] C:\Program Files\Common Files\DVDVideoSoft
[03/11/2009|20:21] C:\Program Files\Common Files\InstallShield
[04/11/2009|00:39] C:\Program Files\Common Files\microsoft shared
[04/12/2009|11:41] C:\Program Files\Common Files\PX Storage Engine
[03/01/2010|01:25] C:\Program Files\Common Files\Real
[02/11/2006|12:18] C:\Program Files\Common Files\Services
[03/11/2009|21:33] C:\Program Files\Common Files\Skype
[02/11/2006|12:18] C:\Program Files\Common Files\SpeechEngines
[05/01/2010|19:47] C:\Program Files\Common Files\Steam
[25/11/2009|14:23] C:\Program Files\Common Files\SWF Studio
[21/01/2008|03:35] C:\Program Files\Common Files\System
[03/11/2009|21:01] C:\Program Files\Common Files\Windows Live
[03/01/2010|01:25] C:\Program Files\Common Files\xing shared
--------------------\\ Process
( 50 Processes )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 21:14:12
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:1390][D:100]-> C:\Users\Pc\AppData\Local\Temp
[F:403][D:1]-> C:\Users\Pc\AppData\Roaming\MICROS~1\Windows\Cookies
[F:724][D:11]-> C:\Users\Pc\AppData\Local\MICROS~1\Windows\TEMPOR~1\content.IE5
[F:155][D:8]-> C:\$Recycle.Bin
1 - "C:\Lop SD\LopR_1.txt" - 17/01/2010|17:55 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 17/01/2010|21:16 - Option : [2]
--------------------\\ Fin du rapport a 21:16:09
[ UAC => 1 ]
Je viens de regarder dans mon processus , ils n'y sont plus
Merci Destrio5 =)
J'ai des doutes sur certains dossiers.
- Télécharge SystemLook sur ton Bureau.
- Clique droit sur SystemLook.exe et choisis Exécuter en tant qu'administrateur.
- Copie-colle le contenu du cadre ci-dessous dans la zone texte de SystemLook :
:dir
|
- Clique sur le bouton Look pour démarrer l'examen.
- A la fin, le Bloc-notes s'ouvre avec le résultat de l'analyse. Copie-colle le rapport dans ta prochaine réponse.
Note : Le rapport peut aussi être trouvé sur ton Bureau sous le nom SystemLook.txt
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 22:32 on 17/01/2010 by Pc (Administrator - Elevation successful)
========== dir ==========
C:\ProgramData\HtmDupeEggs - Parameters: "(none)"
---Files---
exhhsrok.exe --a--- 737280 bytes [20:27 03/11/2009] [20:27 03/11/2009]
gram wait each bits.exe --a--- 294912 bytes [20:27 03/11/2009] [18:53 16/12/2009]
Plus Dog.exe --a--- 471040 bytes [20:27 03/11/2009] [18:51 16/12/2009]
qrzzlaez.exe --a--- 697344 bytes [18:52 16/12/2009] [18:52 16/12/2009]
---Folders---
None found.
C:\ProgramData\loud bike comp view - Parameters: "(none)"
---Files---
face vc.dat --a--- 8570532 bytes [18:52 16/12/2009] [16:45 17/01/2010]
face vc.exe --a--- 698880 bytes [18:52 16/12/2009] [16:45 17/01/2010]
---Folders---
None found.
-=End Of File=-
Il y a encore un problème?
- Télécharge OTM (OldTimer) sur ton Bureau.
- Clique droit sur OTM.exe et choisis Exécuter en tant qu'administrateur.
- Copie (Ctrl+C) le texte suivant ci-dessous :
:processes
|
- Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
- Clique maintenant sur le bouton MoveIt! puis ferme OTM.
---> Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
- Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
---> Le nom du rapport correspond au moment de sa création : date_heure.log
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
C:\ProgramData\HtmDupeEggs folder moved successfully.
C:\ProgramData\loud bike comp view folder moved successfully.
C:\Program Files\Circl Developement folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Pc
->Temp folder emptied: 175417696 bytes
->Temporary Internet Files folder emptied: 177290719 bytes
->Java cache emptied: 25903074 bytes
->FireFox cache emptied: 98437566 bytes
->Google Chrome cache emptied: 6185685 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11041966 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 13925769434 bytes
Total Files Cleaned = 13 752,00 mb
OTM by OldTimer - Version 3.1.6.0 log created on 01172010_235000
Files moved on Reboot...
Registry entries deleted on Reboot...
Bien.
J'ai vu la trace de l'infection Conficker.
- Télécharge UsbFix (de Chiquitine29 & C_XX) sur ton Bureau.
- Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
- Double-clique sur UsbFix pour l'exécuter.
- Choisis l'option 1 (Recherche).
- Laisse travailler l'outil.
- Poste le rapport UsbFix.txt.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
"Process.exe", une composante de l'outil, est détectée par certains antivirus (AntiVir, Kaspersky, etc.) comme étant un RiskTool. Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
############################## | UsbFix V6.074 |
User : Pc (Administrateurs) # PC-DE-PC
Update on 15/01/2010 by El Desaparecido , C_XX & Chimay8
Start at: 00:13:07 | 18/01/2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com
Intel(R) Pentium(R) Dual CPU T2390 @ 1.86GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 7.0.6001.18000
Windows Firewall Status : Enabled
C:\ -> Disque fixe local # 223,12 Go (63,11 Go free) # NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible
G:\ -> Disque fixe local # 116,44 Go (109,61 Go free) [Darthjen] # NTFS
J:\ -> Disque fixe local
############################## | Processus actifs |
C:\Windows\System32\smss.exe 412
C:\Windows\system32\csrss.exe 496
C:\Windows\system32\csrss.exe 556
C:\Windows\system32\wininit.exe 564
C:\Windows\system32\services.exe 608
C:\Windows\system32\lsass.exe 636
C:\Windows\system32\lsm.exe 644
C:\Windows\system32\winlogon.exe 664
C:\Windows\system32\svchost.exe 812
C:\Windows\system32\svchost.exe 872
C:\Windows\System32\svchost.exe 904
C:\Windows\system32\Ati2evxx.exe 1000
C:\Windows\System32\svchost.exe 1060
C:\Windows\System32\svchost.exe 1088
C:\Windows\system32\svchost.exe 1100
C:\Windows\system32\SLsvc.exe 1208
C:\Windows\system32\Ati2evxx.exe 1260
C:\Windows\system32\svchost.exe 1324
C:\Windows\system32\svchost.exe 1532
C:\Windows\system32\Dwm.exe 1720
C:\Windows\Explorer.EXE 1756
C:\Windows\system32\WLANExt.exe 1796
C:\Windows\system32\taskeng.exe 1852
C:\Windows\System32\spoolsv.exe 1908
C:\Windows\system32\svchost.exe 1960
C:\Windows\system32\taskeng.exe 2016
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1164
C:\Program Files\Bonjour\mDNSResponder.exe 1332
C:\Program Files\Microsoft LifeCam\MSCamS32.exe 1768
C:\Windows\system32\svchost.exe 2156
C:\Windows\system32\svchost.exe 2172
C:\Windows\System32\svchost.exe 2212
C:\Windows\system32\SearchIndexer.exe 2232
C:\Windows\system32\WUDFHost.exe 2340
C:\Program Files\Windows Defender\MSASCui.exe 2872
C:\Windows\RtHDVCpl.exe 2880
C:\Program Files\uTorrent\uTorrent.exe 3084
C:\Windows\system32\wuauclt.exe 1616
C:\Windows\system32\SearchProtocolHost.exe 896
C:\Program Files\Mozilla Firefox\firefox.exe 2276
C:\Windows\system32\conime.exe 3604
C:\Windows\system32\wbem\wmiprvse.exe 196
C:\Windows\system32\SearchFilterHost.exe 3804
C:\Windows\system32\wbem\wmiprvse.exe 3748
################## | Elements infectieux |
################## | Registre |
################## | Mountpoints2 |
HKCU\..\..\Explorer\MountPoints2\F
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RUNdLl32.ExE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
HKCU\..\..\Explorer\MountPoints2\{18abc42f-c8ee-11de-8406-002354135efd}
shell\AutoRun\command =C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
################## | Cracks > Keygens > Serials |
"C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
22/11/2006 17:31 |Size 630784 |Crc32 53f23aff |Md5 3d575898e4c727c794a24c4196fc0be4
################## | ! Fin du rapport # UsbFix V6.074 ! |
- Branche tes sources de données externes à ton PC (clé USB, disque dur externe, carte SD, etc...) sans les ouvrir.
- Double-clique sur UsbFix présent sur ton Bureau pour le lancer.
- Choisis l'option 2 (Suppression).
- Ton Bureau disparaîtra et le PC redémarrera.
- Au redémarrage, UsbFix scannera ton PC, laisse travailler l'outil.
- Ensuite, poste le rapport UsbFix.txt qui apparaîtra avec le Bureau.
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque (C:\UsbFix.txt).
Il y a 302 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.