S'abonner :  Newsletters    Magazines
Avis sur les produits Avis sur les logiciels Avis sur les jeux Actualités A propos de 01net
582 utilisateurs connectés
Forum de 01net / Sécurité / Windows Antivirus pro (RESOLU)

Windows Antivirus pro (RESOLU)

Duskin le 26 aout 2009 à 03h09
Bonjour

Je suis aux prises avec un Virus Antivirus PRO. Votre aide serait tres grandment appreciee pour m'aider a Nettoyer mon Ordi.

MErci a l'avance de votre aide

:hello:
-->Message édité par Duskin le 31/08/2009 02:54:25<--
répondre
dédétraqué le 26 aout 2009 à 04h22
Salut Duskin


On va vérifier cela, télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe

- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse

Les rapports sont dans le dossier ici C:\rsit


@++ :)
répondre
Duskin le 26 aout 2009 à 04h29
Salut Dede

Merci du coup de pouce. Voici les rapports demandés
info.txt logfile of random's system information tool 1.06 2009-08-25 22:26:50

======Uninstall list======

-->C:\PROGRA~1\NETASS~1\Uninstall.exe BellCanada
-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x40c UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adibou Découvre la Musique-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8D032CD4-6437-4741-BFAD-409E7EE94614}\setup.exe" -l0x40c -removeonly
Adobe Download Manager 1.2 (Remove Only)-->"C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe -q
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 7.0.9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70900000002}
Apple Software Update-->MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
Assistant Internet-->C:\WINDOWS\Motive\BellCanada\MCCUninst.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
Barbie(TM) Lac des Cygnes-->C:\Program Files\Common Files\Vivendi Universal Games\Uninstall\SwanLakeUnFR.exe
Citrix ICA Web Client-->C:\WINDOWS\System32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.inf
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Disney's Cinderella's Castle Designer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{680E5008-CA49-11D6-8940-0002A5E32BEF}\setup.exe" Disney's Cinderella's Castle Designer
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter-->C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
ESET Online Scanner v3-->C:\Program Files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
Future Photo Print Wizard (Standalone)-->MsiExec.exe /I{18A26B47-5777-4D43-8FC5-0CE1EE7BEC0F}
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iISystem Wiper 2.4.1-->"C:\Program Files\iISystem Wiper\unins000.exe"
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Kaspersky Online Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Kaspersky On-line Scanner-->C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Lapin Malin Cours Préparatoire-->C:\Program Files\Mindscape\Lapin Malin Cours Préparatoire\uninstall.exe
Lapin Malin Maternelle 1-->C:\WINDOWS\unin040c.exe -fC:\TLCWIN\RRT\uninstal\DeIsL1.isu
Lapin Malin Maternelle 2 + Atelier de dessin & de musique-->C:\Program Files\Mindscape\Lapin Malin Maternelle 2 + Atelier de dessin & de musique\uninstall.exe
Macromedia Flash Player-->MsiExec.exe /X{4ecaf021-478c-40c1-b777-3368a15f9966}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 CD-ROM 2-->MsiExec.exe /I{0004040C-78E1-11D2-B60F-006097C998E7}
Microsoft Office 2000 Premium-->MsiExec.exe /I{0000040C-78E1-11D2-B60F-006097C998E7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
OpenMG Limited Patch 4.2-05-07-27-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.2-05-07-27-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.2.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{849ABF1A-6AE3-45E1-B260-D5447B2F29F5} UNINSTALL
Panda ActiveScan-->C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
PartyPoker-->"C:\Program Files\PartyGaming\PartyPoker\Uninstall.exe" "C:\Program Files\PartyGaming\PartyPoker\install.log"
PCFriendly-->C:\Program Files\PCFriendly\inuninst.exe
Picture Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x40c UNINSTALL
Quicken 2002 de luxe-->C:\WINDOWS\IsUn0c0c.exe -f"C:\Program Files\QUICKENW\Uninst.isu" -c"C:\Program Files\QUICKENW\uninst.dll"
QuickTime-->MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
SonicStage 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\Setup.exe" UNINSTALL
Studio de création numérique de Lapin Malin-->C:\Program Files\Mindscape\Studio de création numérique de Lapin Malin\uninstall.exe
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Visual IP InSight(Sympatico Consumer)-->C:\Program Files\InstallShield Installation Information\{097346E0-6A51-11D1-AD16-00A0C95E0503}Sympatico Consumer\setup.exe Sympatico Consumer
Windows Antivirus Pro-->C:\Program Files\Windows Antivirus Pro\AntiSpyware_Uninstall.exe
Windows Defender Signatures-->MsiExec.exe /I{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}
Windows Defender-->MsiExec.exe /I{B2D7CE29-614A-4ACC-8BFE-009EB3A244C9}
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
xp-AntiSpy 3.95-->C:\Program Files\xp-AntiSpy\Uninstall.exe

======Security center information======

AV: AntiVir Desktop

======System event log======

Computer Name: OWNER-K0N3ZT9M2
Event Code: 7001
Message: The DHCP Client service depends on the NetBT service which failed to start because of the following error:
A device attached to the system is not functioning.


Record Number: 31673
Source Name: Service Control Manager
Time Written: 20090523221000.000000-240
Event Type: error
User:

Computer Name: OWNER-K0N3ZT9M2
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Record Number: 31672
Source Name: DCOM
Time Written: 20090523220915.000000-240
Event Type: error
User: NT AUTHORITY\SYSTEM

Computer Name: OWNER-K0N3ZT9M2
Event Code: 10005
Message: DCOM got error "%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Record Number: 31671
Source Name: DCOM
Time Written: 20090523220913.000000-240
Event Type: error
User: OWNER-K0N3ZT9M2\Eric

Computer Name: OWNER-K0N3ZT9M2
Event Code: 10010
Message: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.

Record Number: 31668
Source Name: DCOM
Time Written: 20090523214425.000000-240
Event Type: error
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: OWNER-K0N3ZT9M2
Event Code: 10010
Message: The server {1F87137D-0E7C-44D5-8C73-4EFFB68962F2} did not register with DCOM within the required timeout.

Record Number: 31667
Source Name: DCOM
Time Written: 20090523214354.000000-240
Event Type: error
User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: OWNER-K0N3ZT9M2
Event Code: 1001
Message: Detection of product '{0000040C-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}'

Record Number: 42
Source Name: MsiInstaller
Time Written: 20090308232151.000000-300
Event Type: warning
User: OWNER-K0N3ZT9M2\Eric

Computer Name: OWNER-K0N3ZT9M2
Event Code: 1001
Message: Detection of product '{0000040C-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}'

Record Number: 32
Source Name: MsiInstaller
Time Written: 20090225233426.000000-300
Event Type: warning
User: OWNER-K0N3ZT9M2\Eric

Computer Name: OWNER-K0N3ZT9M2
Event Code: 1001
Message: Detection of product '{0000040C-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}'

Record Number: 30
Source Name: MsiInstaller
Time Written: 20090213234118.000000-300
Event Type: warning
User: OWNER-K0N3ZT9M2\Eric

Computer Name: OWNER-K0N3ZT9M2
Event Code: 1001
Message: Detection of product '{0000040C-78E1-11D2-B60F-006097C998E7}', feature 'HTMLSourceEditing' failed during request for component '{9E0B2BE1-DEDA-11D1-A17E-00A0C90AB50F}'

Record Number: 28
Source Name: MsiInstaller
Time Written: 20090213234115.000000-300
Event Type: warning
User: OWNER-K0N3ZT9M2\Eric

Computer Name: OWNER-K0N3ZT9M2
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16762, faulting module quicktime.qts, version 7.1.5.120, fault address 0x00069bc7.

Record Number: 19
Source Name: Application Error
Time Written: 20090207012326.000000-300
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_02\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Eric at 2009-08-25 22:26:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 27 GB (35%) free of 79 GB
Total RAM: 255 MB (28% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job
C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76DC0B63-1533-4ba9-8BE8-D59EB676FA02}]
ICQSys (IE PlugIn) - C:\WINDOWS\system32\dddesot.dll [2009-08-25 489984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-26 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-26 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QAGENT"=C:\Program Files\QUICKENW\QAGENT.EXE [2001-11-13 94208]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2005-06-03 81920]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-26 148888]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-02-16 282624]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-05-19 1957888]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2006-03-30 313472]
"iIWiper"=C:\Program Files\iISystem Wiper\SystemWiper.exe [2005-09-11 258048]
"Monopod"=C:\DOCUME~1\Eric\LOCALS~1\Temp\b.exe []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Assistant Internet.lnk - C:\Program Files\NetAssistant\bin\matcli.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-02-21 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
WRLogonNTF.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=C:\PROGRA~1\WINDOW~4\MpShHook.dll [2006-04-03 81616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoDriveAutoRun"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.exe - open - C:\WINDOWS\system32\desot.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-08-25 22:26:43 ----DC---- C:\rsit
2009-08-25 21:16:59 ----SHDC---- C:\RECYCLER
2009-08-25 20:10:07 ----D---- C:\WINDOWS\temp
2009-08-25 20:10:05 ----AC---- C:\ComboFix.txt
2009-08-25 20:04:29 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-25 19:50:13 ----A---- C:\WINDOWS\zip.exe
2009-08-25 19:50:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-25 19:50:13 ----A---- C:\WINDOWS\SWSC.exe
2009-08-25 19:50:13 ----A---- C:\WINDOWS\SWREG.exe
2009-08-25 19:50:13 ----A---- C:\WINDOWS\sed.exe
2009-08-25 19:50:13 ----A---- C:\WINDOWS\PEV.exe
2009-08-25 19:50:13 ----A---- C:\WINDOWS\grep.exe
2009-08-25 19:15:10 ----DC---- C:\Qoobox
2009-08-24 22:55:45 ----A---- C:\WINDOWS\system32\desot.exe
2009-08-24 20:37:39 ----AD---- C:\WINDOWS\system32\images
2009-08-24 20:36:12 ----A---- C:\WINDOWS\svchast.exe
2009-08-24 20:35:46 ----A---- C:\WINDOWS\system32\dddesot.dll
2009-08-24 20:33:22 ----D---- C:\Program Files\Windows Antivirus Pro
2009-08-24 19:18:12 ----A---- C:\WINDOWS\msb.exe
2009-08-18 21:01:40 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-13 22:03:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 22:03:18 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 22:02:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 22:02:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 22:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 22:01:50 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 22:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 22:00:47 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 21:57:42 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-07-26 23:00:38 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-26 23:00:38 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-26 23:00:38 ----A---- C:\WINDOWS\system32\java.exe
2009-07-26 23:00:38 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of files/folders modified in the last 1 months======

2009-08-25 22:26:45 ----D---- C:\Program Files\trend micro
2009-08-25 21:04:59 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-25 21:03:49 ----D---- C:\WINDOWS\system32
2009-08-25 21:03:16 ----SD---- C:\WINDOWS\Tasks
2009-08-25 20:56:46 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-25 20:38:26 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-25 20:10:08 ----D---- C:\WINDOWS\system32\drivers
2009-08-25 20:10:07 ----D---- C:\WINDOWS
2009-08-25 20:05:35 ----AC---- C:\WINDOWS\system.ini
2009-08-24 20:37:39 ----D---- C:\WINDOWS\Prefetch
2009-08-24 20:33:22 ----RD---- C:\Program Files
2009-08-24 04:11:21 ----SHD---- C:\WINDOWS\Installer
2009-08-18 21:01:55 ----HD---- C:\WINDOWS\inf
2009-08-18 21:01:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-18 21:00:40 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-14 17:43:07 ----D---- C:\Documents and Settings\Eric\Application Data\MSN6
2009-08-14 01:16:43 ----D---- C:\Program Files\Outlook Express
2009-08-13 22:03:45 ----A---- C:\WINDOWS\imsins.BAK
2009-08-05 05:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-03 00:16:27 ----D---- C:\Program Files\Internet Explorer
2009-07-29 20:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-26 22:59:38 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cdrbsvsd;cdrbsvsd; C:\WINDOWS\system32\drivers\cdrbsvsd.sys [2003-12-03 13566]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 rtl8139;Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2001-08-23 25434]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2004-04-14 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2004-04-14 44064]
S1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
S1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 SiSkp;SiSkp; C:\WINDOWS\System32\DRIVERS\srvkp.sys [2003-05-14 10624]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-07-13 28520]
S2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-08-18 55656]
S2 mrtRate;mrtRate; C:\WINDOWS\system32\drivers\mrtRate.sys [2001-02-28 34712]
S2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\drivers\symlcbrd.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-04-01 719052]
S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-02-21 1505792]
S3 hidgame;Microsoft Hid to Joystick Port Enabler; C:\WINDOWS\System32\DRIVERS\hidgame.sys [2001-08-17 8576]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 SiS315;SiS315; C:\WINDOWS\System32\DRIVERS\sisgrp.sys [2003-05-30 397824]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2004-04-14 21280]
S3 WmHidLo;Logitech WingMan USB Filter Driver; C:\WINDOWS\system32\drivers\WmHidLo.sys [2004-04-14 14432]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2004-04-14 5600]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AntipPro2009_100;AntipyProex; C:\WINDOWS\svchast.exe [2009-08-24 163840]
S2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-07-13 108289]
S2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-08-18 185089]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-02-21 405504]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2003-12-03 516096]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-26 152984]
S2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-06-07 53337]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-06-07 53337]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-06-07 69718]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-06-03 69632]
S4 WinDefend;Windows Defender Service; C:\Program Files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

-----------------EOF-----------------
répondre
dédétraqué le 26 aout 2009 à 04h40
Salut Duskin


Télécharge combofix.exe (de sUBs) sur le bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Important Désactive ton Antivirus et antispyware avant le scan avec Combofix :
http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm


==> Sauvegarde ton travail et ferme toutes les fenêtres actives, il peut y avoir un redémarrage du PC. Ne lance aucun programme tant que Combofix n’est pas fini. <==

Double clique sur combofix.exe, clique sur OUI et valide par Entrée

Il te sera demandé d’installer la console si elle n’est pas installer, clique sur NON

Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\ Combofix.txt

Combofix est détecté par certains antivirus comme une infection, ne pas en tenir compte, il s'agit d'un faux positif, continue la procédure


@++ :)
répondre
Duskin le 26 aout 2009 à 05h17
Salut Dede

Voici le rapport combofix. J'ai du le rouler 2 fois. je n,ai pas trouve le premier rapport. Voici

ComboFix 09-08-25.02 - Eric 2009-08-25 23:04.6.1 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.255.110 [GMT -4:00]
Running from: c:\documents and settings\Eric\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\All Users\Application Data\96609216.ini
c:\documents and settings\Eric\Start Menu\Programs\Windows Antivirus Pro
c:\documents and settings\Eric\Start Menu\Programs\Windows Antivirus Pro\Windows Antivirus Pro.lnk
c:\program files\Windows Antivirus Pro
c:\program files\Windows Antivirus Pro\msvcm80.dll
c:\program files\Windows Antivirus Pro\msvcp80.dll
c:\program files\Windows Antivirus Pro\msvcr80.dll
c:\program files\Windows Antivirus Pro\Windows Antivirus Pro.exe
c:\windows\Installer\32e6e.msi
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\svchast.exe
c:\windows\system32\3971510106.dat
c:\windows\system32\bennuar.old
c:\windows\system32\bincd32.dat
c:\windows\system32\dddesot.dll
c:\windows\system32\desot.exe
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\nerocheck.exe
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
c:\windows\system32\tapi.nfo
c:\windows\system32\wispex.html

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AntipPro2009_100
-------\Service_AntipPro2009_100


((((((((((((((((((((((((( Files Created from 2009-07-26 to 2009-08-26 )))))))))))))))))))))))))))))))
.

2009-08-26 02:26 . 2009-08-26 02:26 -------- dc----w- C:\rsit
2009-08-24 23:18 . 2009-08-24 17:35 145920 ----a-w- c:\windows\msb.exe
2009-08-24 22:34 . 2009-08-24 22:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-14 19:30 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-08-14 19:30 . 2009-06-25 08:25 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-08-14 19:30 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-08-14 19:30 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-08-13 10:08 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-26 02:26 . 2009-05-25 23:01 -------- d-----w- c:\program files\trend micro
2009-08-18 21:12 . 2009-05-31 17:02 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-14 21:43 . 2004-01-17 23:41 -------- d-----w- c:\documents and settings\Eric\Application Data\MSN6
2009-08-05 09:01 . 2004-02-01 20:58 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-27 03:00 . 2009-07-27 03:00 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-27 02:59 . 2005-06-06 00:59 -------- d-----w- c:\program files\Java
2009-07-27 02:59 . 2009-06-01 01:12 152576 ----a-w- c:\documents and settings\Eric\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-07-21 04:42 . 2006-01-01 15:28 -------- d-----w- c:\program files\LimeWire
2009-07-17 19:01 . 2003-05-27 15:41 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2003-05-27 15:51 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-02-06 23:05 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-30 00:48 . 2009-06-30 00:47 -------- d-----w- c:\program files\PartyGaming
2009-06-25 08:25 . 2003-05-27 15:42 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2003-05-27 15:42 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2003-05-27 15:42 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2003-05-27 15:42 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2003-05-27 15:42 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2003-05-27 15:42 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2003-05-27 15:42 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-22 23:50 . 2009-06-22 23:50 2967799 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-16 14:36 . 2003-05-27 15:42 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2003-05-27 15:42 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-13 14:19 . 2004-10-09 17:36 64920 ----a-w- c:\documents and settings\Eric\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-12 12:31 . 2003-05-27 15:42 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2003-05-27 15:41 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2003-05-27 15:52 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2003-05-27 15:42 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2003-05-30 16:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 17:49 . 2009-05-30 17:54 227 ----a-w- c:\windows\system.tmp
2004-07-13 02:59 . 2004-07-13 02:58 16706160 ----a-w- c:\program files\AdbeRdr60_enu_full.exe
.

------- Sigcheck -------

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2008-04-13 19:20 361344 ACCF5A9A1FFAA490F33DBA1C632B95E1 c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 9425B72F40257B45D45D24773273DAD0 c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-08-26_00.05.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-05-27 15:41 . 2002-08-29 12:00 67584 c:\windows\I386\WINNT32.MSI
+ 2003-05-27 18:05 . 2002-08-29 12:00 793088 c:\windows\VALUEADD\MSFT\NTBACKUP\NTBACKUP.MSI
+ 2003-05-27 18:05 . 2002-08-29 12:00 185856 c:\windows\VALUEADD\MSFT\MGMT\WBEMODBC\WBEMODBC.MSI
+ 2008-09-12 22:22 . 2007-04-02 18:34 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2008-09-12 22:22 . 2007-04-02 18:34 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2007-09-03 03:22 . 2007-09-03 03:22 282624 c:\windows\Installer\fa7952e.msi
+ 2005-06-06 00:59 . 2005-06-06 00:59 621056 c:\windows\Installer\b90f72.msi
+ 2004-12-27 04:33 . 2004-12-27 04:33 195584 c:\windows\Installer\65a4c7f.msi
+ 2009-06-01 02:05 . 2009-06-01 02:05 355328 c:\windows\Installer\5a0a4.msi
+ 2009-05-31 17:01 . 2009-05-31 17:01 228352 c:\windows\Installer\28136.msi
+ 2006-07-19 15:35 . 2006-07-19 15:35 115712 c:\windows\Installer\11a95c1b.msi
+ 2009-07-27 02:59 . 2009-07-27 02:59 598016 c:\windows\Installer\114d99.msi
+ 2003-05-27 16:07 . 2003-05-27 16:07 666624 c:\windows\Installer\1092b.msi
+ 2003-05-27 16:00 . 2003-05-27 16:00 264704 c:\windows\Installer\10927.msi
+ 2003-05-27 15:42 . 2004-07-17 18:35 1326080 c:\windows\system32\webfldrs.msi
+ 2004-07-17 18:35 . 2004-07-17 18:35 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-09-12 22:23 . 2007-04-02 18:42 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2009-06-20 03:35 . 2009-06-20 03:35 1021952 c:\windows\Installer\fa3861.msi
+ 2008-02-11 19:11 . 2008-02-11 19:11 7423488 c:\windows\Installer\388e44c.msi
+ 2008-02-11 19:10 . 2008-02-11 19:10 1527808 c:\windows\Installer\388e419.msi
+ 2007-09-10 00:33 . 2007-09-10 00:33 3200000 c:\windows\Installer\331896d8.msi
+ 2004-01-06 06:32 . 2004-01-06 06:32 2255360 c:\windows\Installer\2dc74.msi
+ 2004-01-06 06:28 . 2004-01-06 06:28 2369024 c:\windows\Installer\2dba7.msi
+ 2005-12-27 13:13 . 2005-12-27 13:13 1239552 c:\windows\Installer\18c9834.msi
+ 2006-07-19 15:34 . 2006-07-19 15:34 1002496 c:\windows\Installer\11a95c12.msi
+ 2004-05-06 12:07 . 2004-05-06 12:06 6369280 c:\windows\Downloaded Installations\{FB590DCB-74FE-4352-A2C5-1BEAAC216F7E}\Adobe Photoshop Album 2 ED.msi
+ 2005-07-04 00:53 . 2005-07-04 00:53 6076928 c:\windows\Downloaded Installations\{DF2E8A41-7E98-427D-9582-7D2EAF44F827}\Microsoft AntiSpyware.msi
+ 2005-12-20 02:43 . 2005-12-20 02:42 6170112 c:\windows\Downloaded Installations\{C0FA7138-477B-4FEC-8F23-640C21C2287B}\Microsoft AntiSpyware.msi
+ 2005-02-06 00:50 . 2005-02-06 00:50 5791744 c:\windows\Downloaded Installations\{80198C48-0633-46B5-A2A4-EB62DAA02D78}\Microsoft AntiSpyware.msi
+ 2005-07-25 01:42 . 2005-07-25 01:42 6120448 c:\windows\Downloaded Installations\{78CB0701-6520-4FAE-99CE-20DE50BEF25C}\Microsoft AntiSpyware.msi
+ 2004-07-13 02:59 . 2003-11-03 23:06 2250100 c:\windows\Cache\Adobe Reader 6.0.1\ENUBIG\Adobe Reader 6.0.1.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-05-19 1957888]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"iIWiper"="c:\program files\iISystem Wiper\SystemWiper.exe" [2005-09-11 258048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QAGENT"="c:\program files\QUICKENW\QAGENT.EXE" [2001-11-14 94208]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-06-03 81920]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-27 148888]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [BU]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Assistant Internet.lnk - c:\program files\NetAssistant\bin\matcli.exe [2005-6-5 217088]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\windows\system32\onhelp.htm
FriendlyName= tets

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"IncrediMail"=c:\program files\IncrediMail\bin\IncMail.exe /c
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroCheck"=c:\windows\system32\NeroCheck.exe
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"IPInSightMonitor 01"="c:\program files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPMon32.exe"
"IPInSightLAN 01"="c:\program files\Visual Networks\Visual IP InSight\Sympatico Consumer\IPClient.exe" -l
"SoundMan"=SOUNDMAN.EXE
"Symantec NetDriver Monitor"=c:\progra~1\SYMNET~1\SNDMon.exe /Consumer
"Motive SmartBridge"=c:\progra~1\NETASS~1\SMARTB~1\MotiveSB.exe
"SsAAD.exe"=c:\progra~1\Sony\SONICS~1\SsAAD.exe
"QAGENT"=c:\program files\QUICKENW\QAGENT.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

S2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-31 108289]
S2 mrtRate;mrtRate;c:\windows\system32\drivers\MrtRate.sys [2004-01-04 34712]
S4 WinDefend;Windows Defender Service;c:\program files\Windows Defender\MsMpEng.exe [2006-04-03 14032]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 20:42]

2009-08-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-04-03 22:12]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {18CD2FD8-81CE-44C3-99E1-0822E1C7116C} - hxxp://files.ea.com/downloads/rtpatch/v4/EARTP8X.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-25 23:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3277439761-2136417557-3852222622-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(436)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(988)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-08-26 23:15
ComboFix-quarantined-files.txt 2009-08-26 03:15
ComboFix2.txt 2009-08-26 00:10
ComboFix3.txt 2009-08-25 23:57

Pre-Run: 28 634 664 960 bytes free
Post-Run: 28 616 310 784 bytes free

267 --- E O F --- 2009-08-19 01:01
répondre
dédétraqué le 26 aout 2009 à 23h04
Salut Duskin


Télécharge OTM (de Old_Timer) sur le bureau :

http://oldtimer.geekstogo.com/OTM.exe


Double-clique sur OTM.exe sur le bureau

- Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

- Copie le texte qui se trouve en citation et colle le dans le cadre de gauche de OTM nommé Paste Instructions for Items to be Moved

:processes
explorer.exe

:files
c:\windows\msb.exe

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]


- Clique sur MoveIt! pour lancer la suppression.
- Ferme OTM

Ton PC va redémarrer pour finir la suppression, si il ne le fais pas lui-même, redémarre le.

Poste le rapport de OTMoveIt qui se trouve dans C:\_OTM\MovedFiles.


@++ :)


-->Message édité par totoftotof le 27/08/2009 10:37:09<--
répondre
Duskin le 27 aout 2009 à 05h07
SAlut Dede

Avec un peu de retard, voici le rapport. Merci encore !

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
c:\windows\msb.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 168872 bytes
->Temporary Internet Files folder emptied: 34184 bytes

User: Eric
->Temp folder emptied: 365 bytes
->Temporary Internet Files folder emptied: 3835228 bytes
->Java cache emptied: 25497401 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 40078 bytes
%systemroot%\System32 .tmp files removed: 7251473 bytes
Windows Temp folder emptied: 664 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 35,15 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08262009_230253
répondre
dédétraqué le 27 aout 2009 à 07h43
Salut Duskin


-Télécharge et installe MalwareByte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

- Mets le à jour

---

- Redémarre en mode sans échec :

Au redémarrage de ton PC tapote sur la touche F8 ou F5, sur l'écran suivant déplace toi avec les flèches de direction et choisis Mode sans échec. Choisis ta session habituelle et non la session Administrateur

---

- Double clique sur le raccourci de MalwareByte's Anti-Malware qui est sur le bureau.
- Sélectionne Exécuter un examen complet si ce n'est pas déjà fait
- clique sur Rechercher

- Une fois le scan terminé, une fenêtre s'ouvre, clique sur sur Ok

- Si MalwareByte's n'a rien détecté, clique sur Ok Un rapport va apparaître ferme-le.

- Si MalwareByte's a détecté des infections, clique sur Afficher les résultats ensuite sur Supprimer la sélection

- Enregistre le rapport sur ton Bureau comme cela il sera plus facile à retrouver, poste ensuite ce rapport.

Note : Si MalwareByte's a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok

Tutoriel pour MalwareByte's ici :
http://www.malekal.com/tutorial_MalwareBytes_AntiMalware.php


@++ :)
répondre
Duskin le 28 aout 2009 à 02h51
Salut Dede

Voici le rapport de Malware
Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3 (Safe Mode)

2009-08-27 20:47:41
mbam-log-2009-08-27 (20-47-41).txt

Scan type: Full Scan (C:\|)
Objects scanned: 164833
Time elapsed: 29 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 16

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Rogue.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\Program Files\Windows Antivirus Pro\Windows Antivirus Pro.exe.vir (Rogue.WindowsAntivirus) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\dddesot.dll.vir (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tapi.nfo.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP271\A0041930.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP271\A0041931.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP271\A0042932.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP271\A0043932.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP271\A0044018.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP271\A0046154.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP271\A0046160.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP271\A0047163.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP271\A0048191.exe (Rogue.WindowsAntivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP271\A0048195.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP271\A0048199.nfo (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Eric\Application Data\Microsoft\Internet Explorer\Quick Launch\Spyware Cease.lnk (Rogue.SpywareCease) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\onhelp.htm (Rogue.Trace) -> Quarantined and deleted successfully.
répondre
dédétraqué le 28 aout 2009 à 12h20
Salut Duskin


Important Désactive ton Antivirus avant le scan en ligne :
http://forum.pcastuces.com/desactiver_les_protections_residentes-f31s4.htm


Faire un scan avec Nod32 en ligne (il faut utiliser Internet Explorer) ici :
http://www.eset-nod32.fr/scanner.html

Dans le bas de la page clique sur Scanner en ligne >

< inclued picture >


Dans la nouvelle page, coche la case devant OUI, j'accepte les termes du contrat de licence et clique sur Start pour débuter.

< inclued picture >


Dans la nouvelle page(qui est assez longue a charger) tu auras une alerte pour la barre d'information, clique sur Fermé.

Maintenant faire un clique droit dans la barre d'information en jaune dans le haut de la page, et clique sur Installer le contrôle ActiveX.

< inclued picture >


Une boite d'information va s'ouvrir, clique sur Installer

< inclued picture >


Dans la nouvelle page clique en bas sur Démarrer, le téléchargement de la base des signatures de virus va débuter.
Après le scan du PC va débuter, patience le temps du scan, ne pas faire de navigation durant le scan, on a désactivé l'Antivirus.


Une fois le scan fini, cliqué sur Terminé et fermé la page.

Ouvrir l'explorateur Windows et retrouver le rapport qui est dans ce répertoire :

C:\Program Files\ESET\ESET Online Scanner\log.txt

Copie/colle le contenue de ce rapport log.txt


@++ :)
répondre
Duskin le 29 aout 2009 à 03h39
Salut dede

voici le rapport

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=ff085e3ff2f5f548aeaea11ffdda3af0
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-08-29 01:28:45
# local_time=2009-08-28 09:28:45 (-0500, Eastern Daylight Time)
# country="Canada"
# lang=1036
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 37 100 100 794788049088
# compatibility_mode=5889 61 66 100 1074061798487040
# scanned=72744
# found=2
# cleaned=2
# scan_time=2318
C:\Qoobox\Quarantine\C\WINDOWS\system32\wispex.html.vir Win32/Adware.WinAntiVirus application (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{6E44B633-715E-4720-8328-23F13F97683B}\RP273\A0049454.exe Win32/TrojanDownloader.FakeAlert.AFQ cheval de troie (nettoyé par suppression - mis en quarantaine) 00000000000000000000000000000000 C
répondre
dédétraqué le 29 aout 2009 à 06h52
Salut Duskin


Cela est bon, as-tu d'autre souci?


@++ :)
répondre
Duskin le 29 aout 2009 à 13h40
PAS DU TOUT :youpi:

Merci mille fois dede de ton coup de pouce !!

A bientot (ou pas, preferablement!!!) :lol:
répondre
dédétraqué le 29 aout 2009 à 15h30
Salut Duskin


On va faire un ménage des outils téléchargés pour la désinfection, télécharge Tools Cleaner sur le bureau :

http://pc-system.fr/TC/ToolsCleaner2.exe


- Double clique sur ToolsCleaner2.exe sur le bureau
- Clique sur Recherche et laisse le scan agir.
- Clique sur Suppression pour finaliser.
- Tu peux, si tu le souhaites, te servir des Options facultatives.
- Clique sur Quitter pour obtenir le rapport.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
- Si des outils restes après le passage de Tools Cleaner, tu pourras les supprimer manuellement ainsi que tous les rapports qui on été généré lors de la désinfection.


-----


Important de mettre à jour Windows et tes logiciels :
Mettre Windows(catégories critique, Services Pack et Services Release) à jour : http://www.windowsupdate.com/

Faire un scan de vulnérabilités afin de vérifier que tes logiciels soit à jour sans failles de sécurités et mettre à jour :
http://www.malekal.com/scan_vulnerabilite.php

Faire un ménage des fichiers inutiles et de la base de registre :
http://www.malekal.com/tutorial_CCleaner.html

Dis moi quand cela est fais où si tu as des soucis et on passe à la résolution du sujet par la suite.


@++ :)
répondre
Duskin le 29 aout 2009 à 21h29
Salut Dede

Merci encore

[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OTM: trouvé !
C:\Rsit: trouvé !
C:\Backups\catchme.log: trouvé !
C:\Documents and Settings\Eric\Desktop\OTM.exe: trouvé !
C:\Documents and Settings\Eric\Desktop\ComboFix.exe: trouvé !
C:\Documents and Settings\Eric\My Documents\ComboFix.exe: trouvé !
C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Qoobox\Quarantine\catchme.log: trouvé !


Point de restauration crée !
Corbeille vidée!
Fichiers temporaires nettoyés !
répondre
dédétraqué le 29 aout 2009 à 22h00
Salut Duskin


Tiens moi au courant pour la suite :super:


@++ :)
répondre
Duskin le 29 aout 2009 à 23h10
Salut Dede

La suite ?
répondre
dédétraqué le 29 aout 2009 à 23h13
Salut Duskin


Important de mettre à jour Windows et tes logiciels :
Mettre Windows(catégories critique, Services Pack et Services Release) à jour : http://www.windowsupdate.com/

Faire un scan de vulnérabilités afin de vérifier que tes logiciels soit à jour sans failles de sécurités et mettre à jour :
http://www.malekal.com/scan_vulnerabilite.php

Faire un ménage des fichiers inutiles et de la base de registre :
http://www.malekal.com/tutorial_CCleaner.html

Dis moi quand cela est fais où si tu as des soucis et on passe à la résolution du sujet par la suite.


@++ :)
répondre
Duskin le 30 aout 2009 à 05h22
Salut dede

Tout est fait. Pas de nouveaux soucis

:mdr:
répondre
dédétraqué le 30 aout 2009 à 05h39
Salut Duskin


Tant mieux, je te donne quelques consignes de sécurité :

- Windows Update parfaitement à jour http://www.windowsupdate.com/ (catégories critique, Services Pack et Services Release)
- pare-feu bien paramétré
- antivirus bien paramétré et mis à jour régulièrement (quotidiennement s'il le faut) avec un scan complet régulier (journalier s'il le faut).
- une attitude prudente vis à vis de la navigation (pas de sites douteux : cracks, warez, sexe...) et vis à vis de la messagerie (fichiers joints aux messages doivent être scannés avant d'être ouverts)
- pas de téléchargement illégal, qui est le principal facteur d’infection (µTorrent, BitTorrent, eMule, Limewire, etc..) Le danger des cracks !
- une attitude vigilante (être à l'affût d'un fonctionnement inhabituel de son système)
- nettoyage hebdomadaire du système (suppression des fichiers inutiles, nettoyage de la base de registre, scandisk, defrag)
- scan hebdomadaire antispyware ( je conseil MalwareByte's Anti-Malware)
- un contrôle régulier de la console JAVA pour s'assurer qu'elle est à jour http://www.java.com/en/download/help/testvm.xml
- faire régulièrement un scan de vulnérabilités afin de vérifier que tes logiciels soit à jour sans failles de sécurités :
http://www.malekal.com/scan_vulnerabilite.php

De bonne lecture :
http://www.malekal.com/menu_windows_general.php
http://www.malekal.com/menu_windows_securite.php


Si tu considère ton problème comme résolu, édite < inclued picture > ton premier poste et ajoute [résolu] dans le titre.

Bonne journée/soirée et bon surf :super:


@++ :)
répondre
Duskin le 31 aout 2009 à 02h53
Salut Dede

Merci encore pour le coup de pouce. C'Est rassurant de savoir qu'on peut venir ici au lieu de faire un Format C: !!! :lol:

Salut :D
répondre


PRODUITS

TÉLÉCHARGER - LOGICIELS

JEUX VIDÉOS

LOISIRS

01NET PRO

AVIS ET COMMENTAIRES

A PROPOS DE 01NET

Forum de 01net / Sécurité / Windows Antivirus pro (RESOLU)
publicité
> 01netPro :
Rubrique Emplois
Consultez les actualités et les dernières offres.

Service 01net
Newsletters 01net
abonnez vous gratuitement !
Actus
Voir le dernier numéro
Entreprise
Voir le dernier numéro
  
01Informatique
01 INFORMATIQUE
L'hebdo de référence des décideurs informatiques.
Micro Hebdo
MICRO HEBDO
L'hebdo qui vous simplifie la micro
et Internet.
L'Ordinateur Individuel
L'ORDINATEUR INDIVIDUEL
Le mensuel informatique qui vous informe et vous conseille.
Nous contacter  |  Charte de confiance  |  Voir notice légale

01net.  -  01men  -  RMC  -  BFM Radio  -  BFM TV  -  TousLesPodcasts  -  01informatique.fr  -  Association RMC-BFM
Tous droits réservés © 1999 - 2009 Internext - 01net.