Sebest
-
Compteur de contenus
121 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par Sebest
-
[Résolu] Infection Cryptowall DD externe
Sebest a répondu à un(e) sujet de Sebest dans Analyses et éradication malwares
Oui AntiCryptowall Bitdefender a éré installé. http://up.security-x.fr/file.php?h=Rc61d7d6261781c836e9dc08398ff0fe9 Rapport JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.6.4 (09.28.2015:1) OS: Windows 7 Ultimate x64 Ran by Seb on 11/11/2015 at 10:56:09.98 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully deleted: [service] bdsandbox [Reboot required] ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2} ~~~ Files Successfully deleted: [File] C:\ProgramData\1431189744.bdinstall.bin Successfully deleted: [File] C:\Users\Seb\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage Successfully deleted: [File] C:\Users\Seb\Appdata\Local\google\chrome\user data\default\local storage\hxxp_static.audienceinsights.net_0.localstorage-journal Successfully deleted: [File] C:\Windows\SysWOW64\REN3DAB.tmp ~~~ Folders Successfully deleted: [Folder] C:\Users\Seb\AppData\Roaming\torrentstream ~~~ FireFox Emptied folder: C:\Users\Seb\AppData\Roaming\mozilla\firefox\profiles\u177xzeh.default\minidumps [52 files] ~~~ Chrome Successfully deleted: [Folder] C:\Users\Seb\Appdata\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [C:\Users\Seb\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Seb\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Seb\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Seb\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [ ehgldbbpchgpcfagfpfjgoomddhccfgh ] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11/11/2015 at 11:03:47.81 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ http://www.cjoint.com/c/EKlkKDAFQpG http://www.cjoint.com/c/EKlkM7tSu8G A noter que des help_decrypt sont toujours dans des dossiers sur C notament Adwcleaner. ça n'entrave cependant pas le fonctionnement des logiciels. -
[Résolu] Infection Cryptowall DD externe
Sebest a répondu à un(e) sujet de Sebest dans Analyses et éradication malwares
http://www.cjoint.com/c/EKljFYB3PwG -
[Résolu] Infection Cryptowall DD externe
Sebest a répondu à un(e) sujet de Sebest dans Analyses et éradication malwares
C'est pour mettre à jour Real Player je suppose. Meme si je m'en sert plus.... Je vais l'enlever manuelement et désinstaller Real Player, je passe ZHP cleaner ensuite. -
[Résolu] Infection Cryptowall DD externe
Sebest a répondu à un(e) sujet de Sebest dans Analyses et éradication malwares
WINDOWS 7 SP1 http://up.security-x.fr/file.php?h=R5b16a711e5fc3df735f549a520a4abf1 http://www.cjoint.com/c/EKligXXZt1G -
[Résolu] Infection Cryptowall DD externe
Sebest a posté un sujet dans Analyses et éradication malwares
Bonjour, j'ai malheureusement constaté que j'ai été infecté par ce ransomware que je viens de découvrir. J'ai des fichiers inutilisables sur une partie d'un disque dur externe pensant qu'il était à l'abri de ce genre de mésaventure. Truc incompréhensible, il n'y a qu'une partie des dossiers touchés et le disque C Windows n'a rien non plus. Je sais pas trop le pourquoi du comment mais j'aimerais m'en débarrasser. En espérant récupérer mes fichiers... J'ai lu qu'il copiait le fichier, le cryptait et supprimait ensuite la version originale. Entre Ransomware Decryptor ,Rakhni decryptor, Rector Decryptor, R-Studio, Ontrack easy recovery, crashplan, shadow explorer j'espère que ça va marcher. En attendant, merci pour votre aide pour la désinfection. -
[Résolu] Pubs audio invasives
Sebest a répondu à un(e) sujet de Sebest dans Analyses et éradication malwares
Heuu, oui, j'ai désinstaller les programmes de désinfection manuelement de tout façon. Un grand merci pour cette aide. Cela fait du bien aux oreilles, c'etait du bourage de crâne à force. -
[Résolu] Pubs audio invasives
Sebest a répondu à un(e) sujet de Sebest dans Analyses et éradication malwares
Baaa ils n'y a plus de pubs, depuis l'analyse de Malwarebytes. Plus qu'a désinstaller tout ce petit monde -
[Résolu] Pubs audio invasives
Sebest a répondu à un(e) sujet de Sebest dans Analyses et éradication malwares
J'avais peur qu'il me dit que quieav.dll allait manquer mais finalement non. Rapport de ZHPFix 1.2.06 par Nicolas Coolman, Update du 17/05/2012 Fichier d'export Registre : Run by Seb at 12/06/2012 20:49:44 Windows 7 Ultimate Edition, 64-bit (Build 7600) Web site : ZHPFix Fix de rapport Web site : Blog de NicolasCoolman - ZebHelpProcess - Skyrock.com ========== Logiciel(s) ========== ABSENT Software Key: MessengerPlusLive_France_TB Toolbar ========== Processus mémoire ========== SUPPRIME Memory Process: C:\Users\Seb\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.11\rnupgagent.exe ========== Clé(s) du Registre ========== ABSENT Key: CLSID BHO: {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} ABSENT Key: CLSID BHO: {b9e20919-fa55-471f-989b-b107bf8de785} ABSENT Key: HKLM\Software\MessengerPlusLive_France_TB SUPPRIME Key: StartupReg: UUSeeMediaCenter ========== Valeur(s) du Registre ========== ABSENT URLSearchHook: {b9e20919-fa55-471f-989b-b107bf8de785} SUPPRIME RunValue: quieav ABSENT IFC: [FEATURE_BROWSER_EMULATION] svchost.exe ABSENT Valeur Standard Profile: FirewallRaz : ABSENT Valeur Domain Profile: FirewallRaz : Aucune valeur présente dans la clé d'exception du registre (FirewallRaz) ========== Préférences navigateur ========== SUPPRIME Mozilla Pref: user_pref("CT2719315.SearchFromAddressBarIsInit", true) SUPPRIME Mozilla Pref: user_pref("CT2719315.SettingsCheckIntervalMin", 120); SUPPRIME Mozilla Pref: user_pref("CT2719315.myStuffServiceIntervalMM", 1440); SUPPRIME Mozilla Pref: user_pref("CT2719315.uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); SUPPRIME Mozilla Pref: user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); ========== Dossier(s) ========== SUPPRIME Folder: C:\Program Files (x86)\Conduit SUPPRIME Folder: C:\Program Files (x86)\MessengerPlusLive_France_TB SUPPRIME Folder: C:\Program Files (x86)\uusee SUPPRIME Folder: C:\ProgramData\Babylon SUPPRIME Folder: C:\Users\Seb\AppData\Roaming\Babylon SUPPRIME Folder: C:\Users\Seb\AppData\Local\Babylon ABSENT C:\Program Files (x86)\Conduit SUPPRIME Folder: C:\Users\Seb\AppData\Local\{04F488BC-EAB2-4E48-AA6D-F4554126A467} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{05442108-95ED-4FE0-9959-D58CFC01DF6B} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{05BDF114-1470-4ABA-80FC-3CC5170E1560} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{0B4C0A24-8238-47ED-AFC7-664ACB1F3B9E} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{0B72F373-A8AD-4D2B-9145-69C417BCFE49} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{0FA41693-7385-42AC-AF95-7981EF13A993} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{133B893F-8A80-480B-9BAE-930FE9858B1B} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{13BE73FB-DFE6-4494-B5A1-85388E46436F} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{161DC1FF-9357-47B3-8CC8-9ABF20257F0B} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{1C15A7A0-1C8B-43DF-9D43-9749A0EF1DFE} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{1D7E98C5-9ABF-412D-B82B-F1BC7D6A0FBC} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{1F54B4E4-286F-4A73-9E33-19A69D89848E} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{2298A53B-56E1-49EA-9538-919AF40B15FF} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{267A9357-1FEE-40D3-8FDE-281B7D47610B} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{2B1F5E7F-76FC-40E4-952C-22088A1C2DB7} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{2B48EE0A-6AF4-4F3F-B696-BDE5F7B32785} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{2BCB4C48-BC4D-4A50-A1F6-C6A29777B38F} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{2C617076-2F49-49A8-8FCC-1EC157F2FA0B} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{2DA0462F-2684-4667-B83B-C383C0610DC9} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{31E53A48-A6C0-4179-8143-410671DD10E6} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{38E132E7-1A77-4060-96D3-B2762817FDAD} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{3A23BBEC-1E7A-43E8-8924-B26588498F3D} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{3BEBA51A-5B95-4DA1-B57E-B7403370DBA0} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{3CC02036-8C9D-4149-BB8E-0F8A4B7D615C} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{3CDC8967-7DF9-4738-A365-38A6849E0979} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{3F620F8E-23B7-41EF-9D84-DCE260433C80} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{4322770A-309E-402F-BBCE-5ABF8C963D5C} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{487E7372-05A9-4CEC-86B4-5AF55817B1E8} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{4ACFADB9-AC0A-4085-A14C-B8D70DCDC4C5} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{4C133A0B-CD8F-4C3D-8911-705DE9DA061A} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{4C293AC6-A4AE-4B91-9D9B-C503E828FE48} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{5011AEAA-7F06-4EF5-B2B0-307356381C30} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{520A6351-C69D-4C4B-ADA4-9D69A4E6FDDD} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{57C69770-0316-4854-B24F-211D5A7E1ECB} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{5966CC0F-3567-4DE5-A83C-7A58A4041569} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{5C104AAC-A482-4A76-A1E8-99B13E871E3B} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{5DF23F66-0269-4D4E-8A3C-D8C921DCF30A} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{5EAE2225-28DD-41EC-B431-31BC53F48F66} SUPPRIME Reboot Folder**: C:\Users\Seb\AppData\Local\{6161b390-aa8b-efa5-9570-8a3a2dbea6c2} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{61DEAC13-B52A-4175-8CFE-729B13E0400B} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{623E77A6-241B-4CD2-A9B4-31C0E77764E1} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{62CA0408-7A65-4E86-AD33-A85FA676A87B} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{639D478C-3748-4116-AABE-0FFA6264D819} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{63CD95FC-6F57-49DB-B49C-4D1A79C4C0C4} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{6608FCD0-4DCA-4979-8935-174E28BEE32B} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{6B7A614D-EDDA-4CC6-9EB7-9D93839FC66F} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{6E7185FB-1D03-4E23-934B-81450286A6A1} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{6F56D8CD-6EB5-44DE-BAB5-3C23F4F03C6C} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{7094200E-E747-4952-9858-BADE476C7BA5} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{75F5C69F-5BDA-4E68-BE4D-22DE735447B5} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{7725C166-7492-45B0-B84D-79424CB819D8} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{7816A976-7CAC-4F86-899C-7C03D1F663E0} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{7A043CB0-5D96-4374-887C-897133ECA533} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{7AB065CB-C522-413D-B65D-6B1215840379} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{7AD9CED5-418A-41F3-B956-EC796929B6A5} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{7DBE90A9-E9AD-4F83-B441-EAACD3AFC1BB} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{7ECE94AA-6F85-457E-B128-0392A1261EA0} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{81B3579C-821B-43E7-88B7-533B5A0A02E2} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{83DC6648-5E0F-4595-82AC-99CA4D142E21} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{879BC37A-F865-4992-AD6D-0EBB220B8C06} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{8C33F235-238B-4354-977C-F5FBA856F17A} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{8CCE9A89-4D02-4C88-B0DF-361A3561BEAF} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{8F1FE0C5-3A19-4F41-9C7F-EE6F8CBE13F6} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{8FDF38BA-C183-4383-918E-557D184FAF41} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{9361CC68-2190-49E6-BCEF-9E89F72256B6} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{97356C91-66D0-4FCA-8178-ADE4F48784D9} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{978EE843-F1F4-44F4-9636-A69172014F97} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{99C50072-AE37-411E-A5D3-03B455FF0EB2} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{9AC44262-C884-43FB-B948-EB10334E2FAA} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{9C522B73-1113-4123-9751-93F2098F7D98} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{9E8D10AD-D11F-4852-A128-DCD5160BB55B} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{9F63CDE4-CC17-48D0-BEA2-5A7044BF2011} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{9FE86BA8-89A3-42B0-8FBA-086C493F1D37} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{A027C25D-D02C-4F4F-B06B-149BFBC17406} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{A04DC620-75D2-45E9-91E4-97B281B6809A} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{A0DCC2E2-B857-4035-82A1-C5D31C8F686F} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{A0E06C51-26D9-4526-A7E1-2940736DF04E} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{A27EAE1C-3AC9-426D-8C25-14826EB1E62F} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{A662EFA4-EA9F-47D8-A719-F1370C4AF133} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{AA7A18C8-7585-4BAD-8AC3-CBCC4F8DA927} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{AADDD24D-A17F-4610-A568-99A547BC5651} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{AC10D68D-2D51-4AC1-9402-6A6D2D205E23} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{B0A75C34-1E06-4EF2-91F1-4B7A1166B39C} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{B0F220D4-F8A4-4DAA-839F-3EA8A3BE5EC9} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{B5B39A28-09F2-465F-AE35-E16714700BF0} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{B5DE4E7C-71B3-433F-A31E-9104838262DD} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{B6BD162A-5E8D-43F7-8967-F059F3207C64} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{B88D9688-8383-47C8-A55B-23352C9B4CD5} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{C22F2966-D324-4C3F-BB6C-D2034D9CE364} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{C3ADE20D-DDE5-4789-8155-28249CA7B7F4} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{C511690C-29AA-4AAA-AFB5-052E468EFA9E} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{C6C723DF-28E9-4666-9CCA-7A466FCEC545} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{C730A792-4E40-437B-B85B-44379DCB979F} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{CA0B93D6-EE02-44C3-A3B6-49D4074BF521} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{CB5F0F26-C653-45A1-8648-935CF58D3D25} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{CB84D447-497E-41DF-8B3E-57D41037E618} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{D090491F-3B29-4BD6-B348-8FE956AEA6F6} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{D1289209-EB4C-4F26-A0D9-7AD2B16EB6A2} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{D1FC9A35-6539-46A1-B6C9-E5BC708D5D04} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{D2283EC4-CC9E-4137-AFE9-3DB6F88C8FAF} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{D2778E81-1686-48F0-BC78-6CEF9EE8C15A} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{D2C398D7-9AC6-49AC-A40C-C5CA9D452CC2} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{D54F43FF-CB47-4B03-A234-990F26D14159} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{D58DFFEA-9F26-4BFA-97F8-674673B345B6} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{D7DF8692-7DFA-435E-A361-A7809C5BB364} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{D8D9B47D-B5E2-42C0-A8EB-D42198B1ADA2} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{DAA19CD8-1A72-4AA5-B1CB-B5D7B413A834} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{DD5BEE66-057E-48E9-8EC2-36AB53BCBE8E} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{DE581DCC-2106-429A-A991-399CD6EB646D} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{DE5D54F5-E468-4589-9AD1-CD2CE419B920} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{DFE13B42-3090-4BA4-AEA2-9EA9434434F0} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{E2F88DB5-D026-4648-B267-5A4DBEA3B340} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{E451BEE9-7B25-4B6A-841E-CFA855779096} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{EAA8DC2F-864D-4710-8259-7C2C20F1FD20} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{EAED4DC0-4935-42B0-AF61-F46EEBE1B966} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{EC689335-35E6-4F49-93B1-33877D66B4D6} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{ED246465-F621-4DC7-8B47-8A25E1DFB2A7} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{EDF5C55F-7E66-4441-82B9-8A3195F7D2B8} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{EE4A2F1D-C40E-4457-B83D-57CA54FBD76B} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{F12A69A7-B984-49D8-85CD-E2CCF57AB87C} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{F24EDE81-4EAA-417A-93C0-19A6AB3A8C24} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{F29D73F0-8930-4F26-9657-7DCF51600C42} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{F320F0E7-8782-4F75-B9B2-26BAE21F79CC} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{F3E627D4-4C9A-40EF-9598-24E4661463D2} SUPPRIME Folder: C:\Users\Seb\AppData\Local\{F77ACA3D-3673-43E0-9A68-B48EF8E0A83D} ABSENT C:\Program Files (x86)\MessengerPlusLive_France_TB SUPPRIME Folder: C:\Program Files (x86)\Searchgo ABSENT C:\Program Files (x86)\uusee SUPPRIME Flash Cookies: SUPPRIME Temporaires Windows: ========== Fichier(s) ========== ABSENT Folder/File: c:\users\seb\appdata\roaming\mozilla\firefox\profiles\4l78ymqr.default\prefs.js (.not file.) SUPPRIME File: c:\program files (x86)\messengerpluslive_france_tb\tbmess.dll ABSENT File: c:\program files (x86)\messengerpluslive_france_tb\tbmess.dll SUPPRIME Reboot c:\users\seb\appdata\local\temp\quieav.dll SUPPRIME File: c:\windows\tasks\autokms.job SUPPRIME File: c:\users\seb\appdata\roaming\real\update\upgradehelper\realplayer\9.11\rnupgagent.exe SUPPRIME Flash Cookies: SUPPRIME Temporaires Windows: ========== Tache planifiée ========== SUPPRIME Task: RNUpgradeHelperResumePrompt_Seb SUPPRIME Task: {44ED0FC5-A3D7-4C3A-9606-197C43269466} SUPPRIME Task: {A0D40758-BF8D-4CFB-BFFD-0F9A68358ABB} SUPPRIME Task: {ABD56AAC-4D67-4CAA-8B47-2D6C53CE8C92} SUPPRIME Task: {F87E3AC7-AD13-4B69-9066-A1C7925011A2} ========== Récapitulatif ========== 1 : Processus mémoire 4 : Clé(s) du Registre 6 : Valeur(s) du Registre 137 : Dossier(s) 8 : Fichier(s) 1 : Logiciel(s) 5 : Préférences navigateur 5 : Tache planifiée End of clean in 00mn 37s ========== Chemin de fichier rapport ========== C:\ZHP\ZHPFix[R1].txt - 12/06/2012 20:49:44 [13972] Rapport de Kapersky TDSSKiller -
[Résolu] Pubs audio invasives
Sebest a répondu à un(e) sujet de Sebest dans Analyses et éradication malwares
Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Version de la base de données: v2012.06.10.08 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Seb :: SEB-PC [administrateur] 10/06/2012 20:52:33 mbam-log-2012-06-10 (23-23-47).txt Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 426951 Temps écoulé: 1 heure(s), 55 minute(s), 28 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 15 HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Aucune action effectuée. HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Aucune action effectuée. HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Aucune action effectuée. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Aucune action effectuée. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Aucune action effectuée. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Aucune action effectuée. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Aucune action effectuée. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Aucune action effectuée. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Aucune action effectuée. HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Aucune action effectuée. HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Aucune action effectuée. HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Aucune action effectuée. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Aucune action effectuée. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Aucune action effectuée. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Aucune action effectuée. Valeur(s) du Registre détectée(s): 4 HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Données: ;áÃzÊ;XA³0öm»Áµ -> Aucune action effectuée. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Données: VShareTB -> Aucune action effectuée. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Données: -> Aucune action effectuée. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Données: -> Aucune action effectuée. Elément(s) de données du Registre détecté(s): 3 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Aucune action effectuée. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Aucune action effectuée. HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Aucune action effectuée. Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 4 C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Aucune action effectuée. C:\Users\Seb\AppData\Local\{6161b390-aa8b-efa5-9570-8a3a2dbea6c2}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Aucune action effectuée. C:\Users\Seb\Documents\Azureus Downloads\ALL KEYGEN EMBRACE AND CORE\CORE - MASTER COLLECTION + OTHER APPS (SEE README)\KEYGEN.EXE (Trojan.Agent.CK) -> Aucune action effectuée. C:\Users\Seb\Documents\Azureus Downloads\ALL KEYGEN EMBRACE AND CORE\EMBRACE - PREMIER PROFESSIONAL CS5\KEYGEN.EXE (Malware.Packer.Gen) -> Aucune action effectuée. (fin) ---------------------------------------------------------------------------- Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Version de la base de données: v2012.06.10.08 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Seb :: SEB-PC [administrateur] 10/06/2012 20:52:33 mbam-log-2012-06-10 (20-52-33).txt Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 426951 Temps écoulé: 1 heure(s), 55 minute(s), 28 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 15 HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Aucune action effectuée. HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Aucune action effectuée. HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Aucune action effectuée. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Aucune action effectuée. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Aucune action effectuée. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Aucune action effectuée. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Aucune action effectuée. HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Aucune action effectuée. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Aucune action effectuée. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Aucune action effectuée. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Aucune action effectuée. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Mis en quarantaine et supprimé avec succès. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Mis en quarantaine et supprimé avec succès. HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Mis en quarantaine et supprimé avec succès. HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Mis en quarantaine et supprimé avec succès. Valeur(s) du Registre détectée(s): 4 HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Données: ;áÃzÊ;XA³0öm»Áµ -> Mis en quarantaine et supprimé avec succès. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Données: VShareTB -> Mis en quarantaine et supprimé avec succès. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Données: -> Mis en quarantaine et supprimé avec succès. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Données: -> Mis en quarantaine et supprimé avec succès. Elément(s) de données du Registre détecté(s): 3 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès Dossier(s) détecté(s): 0 (Aucun élément nuisible détecté) Fichier(s) détecté(s): 4 C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Aucune action effectuée. C:\Users\Seb\Documents\Azureus Downloads\ALL KEYGEN EMBRACE AND CORE\CORE - MASTER COLLECTION + OTHER APPS (SEE README)\KEYGEN.EXE (Trojan.Agent.CK) -> Aucune action effectuée. C:\Users\Seb\Documents\Azureus Downloads\ALL KEYGEN EMBRACE AND CORE\EMBRACE - PREMIER PROFESSIONAL CS5\KEYGEN.EXE (Malware.Packer.Gen) -> Aucune action effectuée. C:\Users\Seb\AppData\Local\{6161b390-aa8b-efa5-9570-8a3a2dbea6c2}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Mis en quarantaine et supprimé avec succès. (fin) ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Lien CJoint.com 3FlkXsZBM4D -
Bonjour, Depuis avant hier, j'ai des pubs qui s'ouvrent seul, ce sont des pubs audio, j'ai uniquement le son. Cela commence uniquement quand j'ouvre IE ou Firefox, mais cela ne s'arrete pas une fois les navigateurs fermés. J'ai regardé le melangeur du son quand j'entends ces pubs, il a un processus hôte service Windows qui s'ouvre à chaque fois, un pour chaque pub (quelle cacophonie).Le fait est aussi qu'il désactive la fonction muet 10 minutes apres que je l'ai enclenché. Je pense etre infecté, comment je sais pas, car la 1ere pub est arrivé sur le site de l'Equipe qui met souvent des pubs qui bouffe la page d'accueil sans jamais avoir la croix visible pour la fermer. Bref, je solicites de l'aide, merci d'avance pour votre contritubution à la résolution de ce probléme nuisible pour mes oreilles.
-
Comme je l'ai dit, j'ai qu'un seul point de restauration et le probleme etait antérieur. Finalement en trifoullant un peu sur le net et sur Windows, j'ai reussi à le remetre:crazy: Dans services.msc Centre de sécurité > propriétés > Connexion Je suis passé de Systeme local au compte service local (j'ai mis du temps à comprendre que s'etait sans mot de passe) Dans gpedit.msc Configuration utilisateur > Modeles d'administration > Menu demarrer et barres des taches ( Tous les parametres sont non configuré ) J'ai désactiver le parametre " Supprimer l'icone du centre de maintenance" J'ai redemarré 3 fois pour vérifier Il met une plombe pour apparaitre comme l'icone de Windows Update mais il est là, il est en bout de ligne alors qu'avant il etait à coté de l'icone de la baterie. Dans l'onglet icone de notification du Panneau de configuration, ce n'est plis grisé, je peux activer ou desactiver l'icone comme je le veux. Au moins le probleme est résolu, merci quant meme de m'avoir aider à trouver la solution .
-
Je suis sur Windows integral, l'icone m'est pratique pour suivre si ma sauvegarde hebdomadaire demarre et se deroule bien. J'ai regardé pour la restauration mais le seul point que j'ai c'est la sauvegarde faite le 12. Bizarreent aucun point de restauration s'est créé pour l'installation de mon nouvel antivirus.
-
Il dit qu'il n'a trouvé aucune violation de l'intégrité des ressources.
-
Non ça donne rien ça.Merci quant même
-
Bonjour, hier, mon abonnement Mcaffee etait en expiration, j'ai décider de changer. J'ai donc désinstaller Mcafee via le désinstallateur Windows classique puis j'ai utilisé leur logiciel de désinstallation pour eviter toutes traces. Au redemarrage, j'ai vu que ça avait desactiver le centre de sécurité. - Je suis aller dans " services.msc" pour le réactiver et le remettre en automatique, ça a marcher. Le probleme,c'est que l'icone systeme de la barre d'outil du centre de maintenance n'est pas réapparu, j'ai éssayé de le réactiver dans le menu des icones et notifications mais cela m'est impossible car il est grisé, que doit-je faire pour regler le probleme ? Merci d'avance pour ceux qui s'y pencheront
-
[Résolu] Infection « Action illicite Police française »...
Sebest a répondu à un(e) sujet de Sebest dans Analyses et éradication malwares
Alors pour DELFix # DelFix v8.8 - Rapport créé le 06/04/2012 à 19:08:45 # Mis à jour le 12/02/12 par Xplode # Système d'exploitation : Windows 7 Ultimate (64 bits) # Nom d'utilisateur : Seb - SEB-PC (Administrateur) # Exécuté depuis : C:\Users\Seb\Desktop\delfix.exe # Option [suppression] ~~~~~~ Dossiers(s) ~~~~~~ Supprimé : C:\32788R22FWJFW Supprimé : C:\ZHP Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP Supprimé : C:\Users\Seb\Desktop\RK_Quarantine Supprimé : C:\Program Files (x86)\ZHPDiag ~~~~~~ Fichier(s) ~~~~~~ Supprimé : C:\Ad-Report-SCAN[1].txt Supprimé : C:\JavaRa.log Supprimé : C:\PhysicalDisk0_MBR.bin Supprimé : C:\rkill.log Supprimé : C:\RootRepeal report 04-14-10 (11-24-22).txt Supprimé : C:\TCleaner.txt Supprimé : C:\UsbFix_Upload_Me_SEB.zip Supprimé : C:\Users\Seb\Desktop\HiJackThis.exe Supprimé : C:\Users\Seb\Desktop\HiJackThis.msi Supprimé : C:\Users\Seb\Desktop\RKreport[01].txt Supprimé : C:\Users\Seb\Desktop\RKreport[2].txt Supprimé : C:\Users\Seb\Desktop\RKreport[3].txt Supprimé : C:\Users\Seb\Desktop\RKreport[4].txt Supprimé : C:\Users\Seb\Desktop\RogueKiller.exe Supprimé : C:\Users\Seb\Desktop\ZHPDiag.txt Supprimé : C:\Users\Seb\Desktop\ZHPDiag2.exe Supprimé : C:\Users\Seb\Desktop\ZHPDiagSebest.Txt Supprimé : C:\Users\Seb\Desktop\ZHPFixReport.txt Supprimé : C:\Users\Public\Desktop\ZHPDiag.lnk Supprimé : C:\Users\Public\Desktop\ZHPFix.lnk Supprimé : C:\Users\Public\Desktop\MBRCheck.lnk ~~~~~~ Registre ~~~~~~ Clé Supprimée : HKLM\SOFTWARE\TrendMicro\Hijackthis Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hijackthis Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1 Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\HijackThis.exe ~~~~~~ Autres ~~~~~~ -> Prefetch Vidé ************************* DelFix[s1].txt - [1893 octets] - [06/04/2012 19:08:45] ########## EOF - C:\DelFix[s1].txt - [2017 octets] ##########--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Si je comprends bien si j'ai de nouveau de genre de probleme je pourrais faire une restauration systeme via le point PC-clean. En tout cas un grand merci pour toi Bernard pour ton aide.Toujours très pro. Comme on dit, c'est du propre !!! See you ! -
[Résolu] Infection « Action illicite Police française »...
Sebest a répondu à un(e) sujet de Sebest dans Analyses et éradication malwares
RogueKiller V7.3.2 [20/03/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/49) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: Seb [Droits d'admin] Mode: Recherche -- Date: 05/04/2012 18:41:31 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 8 ¤¤¤ [sUSP PATH] KMS Activation for Office.job @ : C:\Windows\KMSAct.exe -> FOUND [sUSP PATH] {234A8CA7-733D-4AD0-8233-1C48DFBD697B}.job @ : C:\Users\Seb\Desktop\Adobe Master Collection CS5\Adobe CS5 -Keygen- by HackGames & LanUp.exe -> FOUND [sUSP PATH] {44ED0FC5-A3D7-4C3A-9606-197C43269466}.job @ : C:\Users\Seb\Desktop\TelephInEng3rdCDROM\SETUP.EXE -> FOUND [sUSP PATH] {A0D40758-BF8D-4CFB-BFFD-0F9A68358ABB}.job @ : C:\Users\Seb\Desktop\TelephInEng3rdCDROM\SETUP.EXE -> FOUND [sUSP PATH] {ABD56AAC-4D67-4CAA-8B47-2D6C53CE8C92}.job @ : C:\Users\Seb\Desktop\Adobe Master Collection CS5\Adobe CS5 -Keygen- by HackGames & LanUp.exe -> FOUND [sUSP PATH] {F87E3AC7-AD13-4B69-9066-A1C7925011A2}.job @ : C:\Users\Seb\Desktop\RSITx64.exe -> FOUND [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 255.255.255.255 broadcasthost 127.0.0.1 3dns.adobe.com 127.0.0.1 3dns-1.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-4.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sea.adobe.com.* 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com 127.0.0.1 activate.wip2.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 activate.wip4.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-1.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 adobe-dns-4.adobe.com [...] ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: ST9320421AS ATA Device +++++ --- User --- [MBR] ded74b385f661721c41d5cb886fcb798 [bSP] 881802fc6cf3ee893bb3609fb4afda68 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Seagate Portable USB Device +++++ --- User --- [MBR] cdb43710de635ad3232b514e86d7cf9d [bSP] 114c9ef8869c307fa6c037c5fbb7a282 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: USB DISK 2.0 USB Device +++++ --- User --- [MBR] a79a906212c4c25bd2dd29640829c890 [bSP] c0cfa6407c0e2912219704860f899dce : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 15268 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[3].txt >> RKreport[01].txt ; RKreport[2].txt ; RKreport[3].txt --------------------- RogueKiller V7.3.2 [20/03/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/49) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode normal Utilisateur: Seb [Droits d'admin] Mode: HOSTS RAZ -- Date: 05/04/2012 18:41:43 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 255.255.255.255 broadcasthost 127.0.0.1 3dns.adobe.com 127.0.0.1 3dns-1.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-4.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sea.adobe.com.* 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com 127.0.0.1 activate.wip2.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 activate.wip4.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-1.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 adobe-dns-4.adobe.com [...] ¤¤¤ Nouveau fichier HOSTS: ¤¤¤ 127.0.0.1 localhost Termine : << RKreport[4].txt >> RKreport[01].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------- ZHPFixReport Lien CJoint.com 3Dfs24xaQcj ----------------------- Mon PC va bien, j'ai ouvert quelques programmes pour voir si ce qui a été supprimer ne les avaient pas affecter.Ils s'ouvrent normalement. Aucun redemarrage necessaire C'est OK -
[Résolu] Infection « Action illicite Police française »...
Sebest a répondu à un(e) sujet de Sebest dans Analyses et éradication malwares
Bonjour, merci de ta réponse dans la journée. Alors les rapports: RogueKiller V7.3.2 [20/03/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/49) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode sans echec avec prise en charge reseau Utilisateur: Seb [Droits d'admin] Mode: Recherche -- Date: 04/04/2012 21:50:58 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 8 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : strUSEmd (C:\Users\Seb\AppData\Local\Temp\SSp6i.exe) -> FOUND [sUSP PATH] HKUS\S-1-5-21-438700012-334028598-3849664603-1000[...]\Run : strUSEmd (C:\Users\Seb\AppData\Local\Temp\SSp6i.exe) -> FOUND [sUSP PATH] ch8l0.exe.lnk @Seb : C:\Windows\System32\rundll32.exe|C:\Users\Seb\AppData\Local\Temp\ch8l0.exe -> FOUND [HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 255.255.255.255 broadcasthost 127.0.0.1 3dns.adobe.com 127.0.0.1 3dns-1.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-4.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sea.adobe.com.* 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com 127.0.0.1 activate.wip2.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 activate.wip4.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-1.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 adobe-dns-4.adobe.com [...] ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: ST9320421AS ATA Device +++++ --- User --- [MBR] ded74b385f661721c41d5cb886fcb798 [bSP] 881802fc6cf3ee893bb3609fb4afda68 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Seagate Portable USB Device +++++ --- User --- [MBR] cdb43710de635ad3232b514e86d7cf9d [bSP] 114c9ef8869c307fa6c037c5fbb7a282 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: USB DISK 2.0 USB Device +++++ --- User --- [MBR] a79a906212c4c25bd2dd29640829c890 [bSP] c0cfa6407c0e2912219704860f899dce : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 15268 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[1].txt >> RKreport[1].txt --------------------------------------------------------------------------------- RogueKiller V7.3.2 [20/03/2012] par Tigzy mail: tigzyRK<at>gmail<dot>com Remontees: [RogueKiller] Remontées (1/49) Blog: tigzy-RK Systeme d'exploitation: Windows 7 (6.1.7600 ) 64 bits version Demarrage : Mode sans echec avec prise en charge reseau Utilisateur: Seb [Droits d'admin] Mode: Suppression -- Date: 04/04/2012 21:51:56 ¤¤¤ Processus malicieux: 0 ¤¤¤ ¤¤¤ Entrees de registre: 7 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : strUSEmd (C:\Users\Seb\AppData\Local\Temp\SSp6i.exe) -> DELETED [sUSP PATH] ch8l0.exe.lnk @Seb : C:\Windows\System32\rundll32.exe|C:\Users\Seb\AppData\Local\Temp\ch8l0.exe -> DELETED [HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> DELETED [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2) [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤ ¤¤¤ Driver: [NON CHARGE] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ Fichier HOSTS: ¤¤¤ 255.255.255.255 broadcasthost 127.0.0.1 3dns.adobe.com 127.0.0.1 3dns-1.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-4.adobe.com 127.0.0.1 activate.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sea.adobe.com.* 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 activate.wip.adobe.com 127.0.0.1 activate.wip1.adobe.com 127.0.0.1 activate.wip2.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 activate.wip4.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-1.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 adobe-dns-4.adobe.com [...] ¤¤¤ MBR Verif: ¤¤¤ +++++ PhysicalDrive0: ST9320421AS ATA Device +++++ --- User --- [MBR] ded74b385f661721c41d5cb886fcb798 [bSP] 881802fc6cf3ee893bb3609fb4afda68 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 305234 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: Seagate Portable USB Device +++++ --- User --- [MBR] cdb43710de635ad3232b514e86d7cf9d [bSP] 114c9ef8869c307fa6c037c5fbb7a282 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: USB DISK 2.0 USB Device +++++ --- User --- [MBR] a79a906212c4c25bd2dd29640829c890 [bSP] c0cfa6407c0e2912219704860f899dce : MBR Code unknown Partition table: 0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 8064 | Size: 15268 Mo User = LL1 ... OK! Error reading LL2 MBR! Termine : << RKreport[2].txt >> RKreport[01].txt ; RKreport[2].txt --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes Anti-Malware (Essai) 1.60.1.1000 www.malwarebytes.org Version de la base de données: v2012.04.04.08 Windows 7 x64 NTFS (Mode sans échec/Réseau) Internet Explorer 9.0.8112.16421 Seb :: SEB-PC [administrateur] Protection: Désactivé 04/04/2012 21:58:44 mbam-log-2012-04-04 (21-58-44).txt Type d'examen: Examen complet Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM Options d'examen désactivées: P2P Elément(s) analysé(s): 837353 Temps écoulé: 2 heure(s), 30 minute(s), 31 seconde(s) Processus mémoire détecté(s): 0 (Aucun élément nuisible détecté) Module(s) mémoire détecté(s): 0 (Aucun élément nuisible détecté) Clé(s) du Registre détectée(s): 38 HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Aucune action effectuée. HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Aucune action effectuée. HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Aucune action effectuée. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Aucune action effectuée. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Aucune action effectuée. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Aucune action effectuée. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Aucune action effectuée. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Aucune action effectuée. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Aucune action effectuée. HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Aucune action effectuée. HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Aucune action effectuée. HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Aucune action effectuée. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Aucune action effectuée. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Aucune action effectuée. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Aucune action effectuée. HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Mis en quarantaine et supprimé avec succès. HKCR\CLSID\{1602F07D-8BF3-4c08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKCR\TypeLib\{C55CA95C-324B-451c-B2D2-6E895AA75FEC} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKCR\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKCR\ClickPotatoLiteAX.info.1 (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKCR\ClickPotatoLiteAX.info (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1602F07D-8BF3-4C08-BDD6-DDDB1C48AEDC} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKCR\CLSID\{7A3D6D17-9DD5-4C60-8076-D1784DABAF8C} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKCR\TypeLib\{814BAA91-DC22-4350-87D6-0C86E93F7F08} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKCR\Interface\{419EDA30-6DFF-432C-B534-E15D899ABEE4} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKCR\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKCR\CLSID\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AC6D819E-AA8F-4418-A3BB-D165C1B18BB5} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. Valeur(s) du Registre détectée(s): 6 HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Données: ;áÃzÊ;XA³0öm»Áµ -> Aucune action effectuée. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Données: VShareTB -> Aucune action effectuée. HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Données: -> Aucune action effectuée. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Données: -> Aucune action effectuée. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|ClickPotatoLiteSA (Adware.ClickPotato) -> Données: "C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\ClickPotatoLiteSA.exe" -> Mis en quarantaine et supprimé avec succès. HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Données: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.666.0\firefox\extensions -> Mis en quarantaine et supprimé avec succès. Elément(s) de données du Registre détecté(s): 0 (Aucun élément nuisible détecté) Dossier(s) détecté(s): 2 C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Mis en quarantaine et supprimé avec succès. C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. Fichier(s) détecté(s): 11 C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Aucune action effectuée. C:\Users\Seb\Documents\0FFICE 2010\mini-KMS_Activator_v1.052\mini-KMS_Activator_v1.052.exe (Riskware.Keygen) -> Aucune action effectuée. C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. C:\Temp\xvid-win32.exe (Adware.Hotbar) -> Mis en quarantaine et supprimé avec succès. C:\Users\Seb\AppData\Local\Temp\ch8l0.exe (Spyware.Zbot.D2) -> Mis en quarantaine et supprimé avec succès. C:\Users\Seb\Desktop\RK_Quarantine\ch8l0.exe.vir (Spyware.Zbot.D2) -> Mis en quarantaine et supprimé avec succès. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Mis en quarantaine et supprimé avec succès. (fin) ----------------------------------------------------------------------------- ZHPDiag Lien CJoint.com 3DfjpoiDiFm ------------- Pour l'instant tout est revenu à la normale.C'est de bonne augure... -
[Résolu] Infection « Action illicite Police française »...
Sebest a posté un sujet dans Analyses et éradication malwares
Bonjour, Cela faisait un moment que je n'étais pas venu ici, que les malwares ou virus me laissaient tranquille... Donc je suis là car il me semble bien être infecté... Hier est apparue une fenêtre plein écran avec " Action illicite Police Nationale" etc, j'ai cru à un fake évidement. Je fais Ctrl Alt Suppr, pas de gestionnaire des taches, OK. Je clique pour fermer la session, puis j'annule au dernier moment "Êtes-vous sûr de fermer la session, un programme est en cours d'exécution", ça a fait sauter cette fenêtre, je me croyais débarrassé... Mais non, aujourd'hui j'allume mon PC, et puis allez, 20 secondes après le lancement du bureau, plus rien, plus de bureau, une page Web plein écran qui veut s'ouvrir et une fenêtre Explorer qui s'ouvre, ce putain de virus ! Je suis sur Windows Seven, j'ai tenté une restauration système qui n'a rien donné, j'ai accès au mode sans échec avec réseau (j'y suis), mais avant de prendre les grands moyens et de réinstaller l'image système que j'ai sauvegardée samedi, j'aimerais passer par une solution plus douce, la désinfection. Merci pour votre aide par avance. EDIT: C'est assez urgent, je travaille sur ce PC Portable... -
[RESOLU] INFECTION Redirections intempestives
Sebest a répondu à un(e) sujet de Sebest dans Analyses et éradication malwares
OK,OK tout est nikel.Encore merci.Vous faites tous vraiment du bon boulot. -
[RESOLU] INFECTION Redirections intempestives
Sebest a répondu à un(e) sujet de Sebest dans Analyses et éradication malwares
ça y est tout est propre ! ça venait bien du modem,j'ai remis les parametres par defaut,mise à jour le firmware,changer ma clé et mon mot de passe d'administration.Seul les identifiants de conexion sont restés les memes,bien entendu vu qu'ils me sont donnés par mon FAI. En tout cas plus de redirections,des sites innaccessibles sont redevenus accesibles, tout est bon ! Un grand merci Apollo pour la désinfection et de m'avoir guider sur cet infection du modem,je m'en serais jamais douté ! ----------------------- Logfile of random's system information tool 1.08 (written by random/random) Run by Seb at 2010-10-08 18:47:50 Microsoft Windows 7 Édition Intégrale Service Pack 2 System drive C: has 183 GB (60%) free of 305 GB Total RAM: 4091 MB (72% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:47:53, on 08/10/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\BisonCam\BisonHK.exe C:\Program Files (x86)\BisonCam\DeLay.exe C:\Program Files (x86)\Hotkey\Hotkey.exe C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe C:\Program Files (x86)\MaxTV\MaxTV4\task_scheduler.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files\trend micro\Seb.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100917195024.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [uUSeeMediaCenter] "C:\Program Files (x86)\Common Files\uusee\UUSeeMediaCenter.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [strUSEmd] C:\Users\Seb\AppData\Local\Temp\SSp6i.exe O4 - HKCU\..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe /systray O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe /systray (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe /systray (User 'Système') O4 - HKUS\.DEFAULT\..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe /systray (User 'Default user') O4 - Startup: kill.bat O4 - Startup: MaxTV Recorder Manager.lnk = C:\Program Files (x86)\MaxTV\MaxTV4\task_scheduler.exe O4 - Global Startup: Hotkey.lnk = C:\Program Files (x86)\Hotkey\Hotkey.exe O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cab O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_9418.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - AppInit_DLLs: acaptuser32.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max Design 2011 32-bit 32-bit (mi-raysat_3dsmax2011_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max Design 2011 64-bit 64-bit (mi-raysat_3dsmax2011_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing) O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 26653 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f0a6205e-be62-4c05-9a38-1b0dc715ef85 -SystemEventPortName:HostProcess-b9540929-034e-43a0-9d2f-fbf940dfc2da -IoCancelEventPortName:HostProcess-54ed1cda-1a61-46a6-8569-d29c49fb01e5 -NonStateChangingEventPortName:HostProcess-41c9a9c0-4460-458f-92bf-20457996b37c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:dc3a7d7a-c552-4b23-a767-73f7a91b8631 C:\Windows\system32\svchost.exe -k NetworkService winlogon.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\nvvsvc.exe -session -first C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork /QuitInfo:00000000000007B8;00000000000007BC; /AddRef; "C:\Program Files\Protector Suite\upeksvr.exe" "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" "C:\Program Files (x86)\Bonjour\mDNSResponder.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" "C:\Program Files (x86)\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe" "C:\Program Files\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe" "C:\Program Files (x86)\Hotkey\PowerBiosServer.exe" C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\Wacom_Tablet.exe "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-af443ba4-745e-4dc5-8eef-22ad52851020 -SystemEventPortName:HostProcess-a0f65c1c-80b5-4736-86a4-4300e8775158 -IoCancelEventPortName:HostProcess-03242716-bcdb-4795-9516-757edd742e96 -NonStateChangingEventPortName:HostProcess-94a49e3e-16a8-4374-b54b-dbafc7586612 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:9e28c67d-c50c-4be8-960f-9d5216cbc87e C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "taskhost.exe" C:\Windows\Explorer.EXE /QuitInfo:00000000000009B8;00000000000009BC; /AddRef; "C:\Windows\system32\Dwm.exe" /QuitInfo:00000000000009C4;00000000000009A4; /loadhooks /Parent:0000000000000C7C WTablet\Wacom_TabletUser.exe Wacom_Tablet.exe au "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "C:\Program Files (x86)\BisonCam\BisonHK.exe" "C:\Program Files (x86)\BisonCam\DeLay.exe" "C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" "C:\Program Files\Protector Suite\psqltray.exe" "C:\Program Files (x86)\Hotkey\Hotkey.exe" "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" "C:\Program Files (x86)\MaxTV\MaxTV4\task_scheduler.exe" "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot "C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe" "C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe" "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe" "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" C:\Windows\system32\SearchIndexer.exe /Embedding C:\Windows\system32\wbem\wmiprvse.exe "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet "C:\Program Files (x86)\Nero\Update\NASvc.exe" "c:\PROGRA~1\mcafee.com\agent\McUpdate.exe" /schedule "c:\PROGRA~1\mcafee\msc\mcupdmgr.exe" -Embedding "C:\Program Files (x86)\Internet Explorer\iexplore.exe" "C:\Program Files (x86)\Internet Explorer\iexplore.exe" SCODEF:5976 CREDAT:79873 "C:\Users\Seb\Desktop\RSITx64.exe" ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100917195024.dll [2010-08-24 78968] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}] ContributeBHO Class - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100917195024.dll [2010-08-24 73288] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}] SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-27 16335392] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-07-21 7981088] "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-06 1702400] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-08-29 1825064] "BisonHK"=C:\Program Files (x86)\BisonCam\BisonHK.exe [2009-06-09 77824] "DeLay"=C:\Program Files (x86)\BisonCam\DeLay.exe [2008-12-05 53248] "PSQLLauncher"=C:\Program Files\Protector Suite\launcher.exe [2009-09-11 84744] "CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-11-02 2710856] "AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208] "CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2009-09-04 767312] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2010-08-24 247144] "strUSEmd"=C:\Users\Seb\AppData\Local\Temp\SSp6i.exe [] "OrangePlayer"=C:\Program Files (x86)\Orange\Media Player\Media Player.exe [2009-09-05 319488] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-06-24 1484856] "UnlockerAssistant"=C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe [2010-03-09 15872] "UUSeeMediaCenter"=C:\Program Files (x86)\Common Files\uusee\UUSeeMediaCenter.exe [] "TkBellExe"=C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [2010-06-06 202256] "Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232] ""= [] "Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376] "IJNetworkScanUtility"=C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [2009-05-19 136544] "DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-08-20 1164584] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-08-10 421888] "AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992] "SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup kill.bat MaxTV Recorder Manager.lnk - C:\Program Files (x86)\MaxTV\MaxTV4\task_scheduler.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="acaptuser64.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus] C:\Program Files\Protector Suite\psqlpwd.dll [2009-09-11 135944] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli C:\Program Files\Protector Suite\psqlpwd.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableCAD"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files (x86)\uusee\UUSeePlayer.exe"="C:\Program Files (x86)\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1" ======List of files/folders created in the last 1 months====== 2010-10-07 12:28:48 ----A---- C:\Windows\system32\drivers\28611142.sys 2010-10-07 12:28:48 ----A---- C:\Windows\system32\drivers\28611141.sys 2010-10-07 12:28:48 ----A---- C:\Windows\system32\drivers\2861114.sys 2010-10-07 11:36:37 ----D---- C:\ProgramData\Kaspersky Lab 2010-10-05 22:44:36 ----D---- C:\rsit 2010-10-05 22:44:36 ----D---- C:\Program Files\trend micro 2010-10-05 16:30:55 ----D---- C:\Users\Seb\AppData\Roaming\Malwarebytes 2010-10-05 16:30:48 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys 2010-10-05 16:30:47 ----D---- C:\ProgramData\Malwarebytes 2010-10-05 16:30:47 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2010-10-05 16:30:47 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-10-05 16:27:15 ----A---- C:\Windows\ntbtlog.txt 2010-10-05 15:31:06 ----RD---- C:\32788R22FWJFW 2010-10-05 11:01:09 ----D---- C:\ProgramData\NOS 2010-10-05 11:01:09 ----D---- C:\Program Files (x86)\NOS 2010-10-03 17:44:30 ----D---- C:\Program Files (x86)\vShare 2010-09-30 22:04:53 ----D---- C:\ProgramData\Messenger Plus! 2010-09-30 22:04:34 ----D---- C:\Program Files (x86)\Messenger Plus! Live 2010-09-22 18:30:22 ----D---- C:\ProgramData\ALM 2010-09-22 17:56:49 ----N---- C:\Windows\system32\drivers\PxHlpa64.sys 2010-09-22 17:56:49 ----N---- C:\Windows\system32\drivers\cdralw2k.sys 2010-09-22 17:56:49 ----N---- C:\Windows\system32\drivers\cdr4_xp.sys 2010-09-22 17:56:48 ----D---- C:\Program Files (x86)\My Company Name 2010-09-22 17:50:50 ----D---- C:\Program Files\Adobe 2010-09-19 11:25:29 ----DC---- C:\Windows\system32\DRVSTORE 2010-09-19 11:25:07 ----D---- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2010-09-19 11:23:56 ----D---- C:\Program Files (x86)\QuickTime 2010-09-19 11:22:58 ----D---- C:\Program Files (x86)\Apple Software Update 2010-09-19 11:22:38 ----D---- C:\Program Files\Common Files\Apple 2010-09-19 11:22:25 ----D---- C:\Program Files\Bonjour 2010-09-19 11:22:25 ----D---- C:\Program Files (x86)\Bonjour ======List of files/folders modified in the last 1 months====== 2010-10-08 18:47:50 ----D---- C:\Windows\Temp 2010-10-08 18:47:34 ----D---- C:\Windows\Prefetch 2010-10-08 16:03:22 ----D---- C:\Users\Seb\AppData\Roaming\WTablet 2010-10-08 16:01:09 ----SHD---- C:\Windows\Installer 2010-10-08 16:01:05 ----D---- C:\Config.Msi 2010-10-08 16:00:58 ----SHD---- C:\System Volume Information 2010-10-07 20:44:01 ----D---- C:\Windows\system32\drivers 2010-10-07 17:30:58 ----D---- C:\Windows\system32\drivers\etc 2010-10-07 15:52:54 ----D---- C:\Program Files (x86)\SpeedFan 2010-10-07 15:38:30 ----D---- C:\Program Files (x86)\McAfee 2010-10-07 11:36:37 ----HD---- C:\ProgramData 2010-10-07 11:34:20 ----RD---- C:\Program Files (x86) 2010-10-05 22:44:36 ----RD---- C:\Program Files 2010-10-05 22:42:07 ----D---- C:\Windows\system32\Tasks 2010-10-05 16:30:48 ----D---- C:\Windows\SYSWOW64\drivers 2010-10-05 16:27:15 ----D---- C:\Windows 2010-10-05 16:14:49 ----D---- C:\Windows\system32\NDF 2010-10-05 16:09:21 ----D---- C:\Windows\system32\wfp 2010-10-05 16:09:18 ----D---- C:\Windows\system32\wbem 2010-10-05 16:07:48 ----D---- C:\Windows\system32\config 2010-10-05 16:07:36 ----D---- C:\Windows\Tasks 2010-10-05 16:07:36 ----D---- C:\Windows\system32\DriverStore 2010-10-05 16:07:36 ----D---- C:\Windows\system32\CodeIntegrity 2010-10-05 16:07:36 ----D---- C:\Windows\system32\catroot2 2010-10-05 16:07:36 ----D---- C:\Windows\System32 2010-10-05 16:07:36 ----D---- C:\Windows\inf 2010-10-05 16:07:36 ----D---- C:\Windows\AppCompat 2010-10-05 16:07:36 ----D---- C:\Users\Seb\AppData\Roaming\vlc 2010-10-05 16:07:35 ----D---- C:\Users\Seb\AppData\Roaming\Media Player 2010-10-05 16:07:35 ----D---- C:\Users\Seb\AppData\Roaming\Azureus 2010-10-05 16:07:34 ----D---- C:\Program Files (x86)\SopCast 2010-10-05 16:07:34 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-10-05 16:07:29 ----D---- C:\Windows\registration 2010-10-05 16:07:26 ----D---- C:\Windows\SysWOW64 2010-10-05 16:06:55 ----SHD---- C:\$Recycle.Bin 2010-10-03 11:01:26 ----D---- C:\Windows\Logs 2010-09-24 08:56:12 ----D---- C:\ProgramData\Adobe 2010-09-23 09:12:34 ----RSD---- C:\Windows\Fonts 2010-09-22 18:52:11 ----D---- C:\ProgramData\regid.1986-12.com.adobe 2010-09-22 18:37:13 ----D---- C:\Users\Seb\AppData\Roaming\Adobe 2010-09-22 18:37:12 ----D---- C:\Program Files\Common Files\Adobe 2010-09-22 18:30:20 ----D---- C:\Program Files (x86)\Adobe 2010-09-22 17:56:54 ----SD---- C:\Users\Seb\AppData\Roaming\Microsoft 2010-09-22 17:56:54 ----D---- C:\Windows\system32\catroot 2010-09-22 17:56:48 ----D---- C:\Program Files (x86)\Common Files 2010-09-22 12:34:17 ----D---- C:\Windows\winsxs 2010-09-20 22:22:33 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-09-20 15:28:16 ----SD---- C:\ProgramData\Microsoft 2010-09-19 11:36:11 ----D---- C:\ProgramData\Apple Computer 2010-09-19 11:34:54 ----D---- C:\Windows\system32\appmgmt 2010-09-19 11:27:11 ----D---- C:\Users\Seb\AppData\Roaming\Apple Computer 2010-09-19 11:22:38 ----D---- C:\Program Files\Common Files 2010-09-16 17:43:07 ----D---- C:\Windows\Downloaded Program Files 2010-09-15 21:09:41 ----D---- C:\Program Files (x86)\TVUPlayer 2010-09-10 16:56:24 ----D---- C:\Program Files (x86)\Vuze ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 28611142;28611142 Boot Guard Driver; C:\Windows\system32\DRIVERS\28611142.sys [2009-10-22 40464] R0 amdxata;amdxata; C:\Windows\system32\DRIVERS\amdxata.sys [2009-07-14 28752] R0 CNG;CNG; C:\Windows\System32\Drivers\cng.sys [2009-07-14 460504] R0 fvevol;@%SystemRoot%\system32\drivers\fvevol.sys,-100; C:\Windows\System32\DRIVERS\fvevol.sys [2009-07-14 223448] R0 hwpolicy;@%systemroot%\system32\drivers\hwpolicy.sys,-101; C:\Windows\System32\drivers\hwpolicy.sys [2009-07-14 14416] R0 johci;JMicron 1394 Filter Driver; C:\Windows\system32\DRIVERS\johci.sys [2009-07-28 20392] R0 KSecPkg;KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [2009-07-14 153152] R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2010-08-24 529000] R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2010-08-24 283232] R0 pcw;Performance Counters for Windows Driver; C:\Windows\System32\drivers\pcw.sys [2009-07-14 50768] R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096] R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2007-02-07 14104] R0 storflt;@%SystemRoot%\system32\vmstorfltres.dll,-1000; C:\Windows\system32\DRIVERS\vmstorfl.sys [2009-07-14 46672] R0 vdrvroot;Pilote d’énumérateur de lecteur virtuel Microsoft; C:\Windows\system32\DRIVERS\vdrvroot.sys [2009-07-14 36432] R1 28611141;28611141; C:\Windows\system32\DRIVERS\28611141.sys [2009-09-25 157712] R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys [2009-07-14 40448] R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 75032] R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys [2009-07-14 8192] R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys [2009-07-14 12800] R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632] R3 Cam5607;BisonCam, NB Pro ; C:\Windows\System32\Drivers\BisonC07.sys [2009-07-26 1181552] R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2010-08-24 62800] R3 CompositeBus;Pilote de l’énumérateur de bus composite; C:\Windows\system32\DRIVERS\CompositeBus.sys [2009-07-14 38912] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-07-21 1831968] R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-08-19 143472] R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2010-08-24 121248] R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2010-08-24 190136] R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2010-08-24 441072] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2009-06-27 83488] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-28 11563296] R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 60416] R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys [2009-07-14 24064] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-07-31 236544] R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-05-06 1202688] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-08-29 292400] R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12848] R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2009-09-21 16168] R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 40448] R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 112128] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 172544] S3 1394ohci;Contrôleur d’hôte compatible OHCI 1394; C:\Windows\system32\DRIVERS\1394ohci.sys [2009-07-14 227840] S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys [2009-07-14 12288] S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys [2009-07-14 60928] S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [2009-07-14 106576] S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [2009-07-14 194128] S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [2009-07-14 61440] S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbda.sys [2009-06-10 468480] S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys [2009-06-10 270848] S3 drmkaud;Pilotes audio approuvés par Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2009-07-14 5632] S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbda.sys [2009-06-10 3286016] S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys [2009-07-14 9728] S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [2009-07-14 55376] S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys [2009-06-10 31232] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-07-14 350208] S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys [2009-07-14 26624] S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 77888] S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 65600] S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [2009-07-14 284736] S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys [] S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2010-08-24 94736] S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [2009-07-14 8192] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2009-07-14 11136] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2009-07-14 7168] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2009-07-14 6784] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2009-07-14 8064] S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys [2009-07-14 15360] S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys [2009-07-14 35328] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656] S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [2009-07-14 29696] S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056] S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [2009-07-14 24656] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896] S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2009-07-14 9728] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984] S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2009-07-14 184576] S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [2009-07-14 217680] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760] S3 vwifibus;@%SystemRoot%\System32\drivers\vwifibus.sys,-257; C:\Windows\System32\drivers\vwifibus.sys [2009-07-14 24576] S3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 18216] S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 22096] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672] R2 Bonjour Service;Service Bonjour; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-07-27 345376] R2 McMPFSvc;Service McAfee Personal Firewall; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-08-24 200056] R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 245352] R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 149032] R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max Design 2011 32-bit 32-bit; C:\Program Files (x86)\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016] R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max Design 2011 64-bit 64-bit; C:\Program Files\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016] R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-27 382496] R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136] R2 PowerBiosServer;PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2009-08-31 37784] R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 27136] R2 TabletServiceWacom;TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [2010-02-01 6159656] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008] R2 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136] R3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136] R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136] R3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [2009-07-14 31232] S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [2009-07-14 3524608] S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [2009-07-14 31232] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-06-06 1436424] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-07 1045256] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-04-15 509416] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2009-07-14 20992] S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1255736] S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 27136] -----------------EOF----------------- -
[RESOLU] INFECTION Redirections intempestives
Sebest a répondu à un(e) sujet de Sebest dans Analyses et éradication malwares
Bonsoir, Worldslife,j'ai plu mais j'ai toujours des redirections sur des pubs quand je cliques sur la plupart des liens Autoscan: completed 42 minutes ago (events: 20, objects: 2850679, time: 04:16:11) 07/10/2010 15:42:16 Task started 07/10/2010 17:30:38 Detected: Trojan.Win32.Qhost.cn C:\Windows\System32\drivers\etc\hosts 07/10/2010 17:30:58 Deleted: Trojan.Win32.Qhost.cn C:\Windows\System32\drivers\etc\hosts 07/10/2010 17:41:19 Detected: Trojan.Win32.Swisyn.afxd C:\Windows.old\Documents and Settings\Seb\Application Data\SystemProc\LSASS.EXE 07/10/2010 17:41:19 Deleted: Trojan.Win32.Swisyn.afxd C:\Windows.old\Documents and Settings\Seb\Application Data\SystemProc\LSASS.EXE 07/10/2010 17:42:08 Detected: Trojan-Downloader.Java.Agent.ah C:\Windows.old\Documents and Settings\Seb\Local Settings\temp\jar_cache5193811056778461003.tmp/AppletPanel.class 07/10/2010 17:42:09 Deleted: Trojan-Downloader.Java.Agent.ah C:\Windows.old\Documents and Settings\Seb\Local Settings\temp\jar_cache5193811056778461003.tmp/AppletPanel.class 07/10/2010 17:42:09 Detected: Trojan-Downloader.Java.Agent.ah C:\Windows.old\Documents and Settings\Seb\Local Settings\temp\jar_cache5193811056778461003.tmp/Main.class 07/10/2010 17:42:09 Deleted: Trojan-Downloader.Java.Agent.ah C:\Windows.old\Documents and Settings\Seb\Local Settings\temp\jar_cache5193811056778461003.tmp/Main.class 07/10/2010 17:53:26 Detected: Trojan.Win32.C4DLMedia.c C:\Windows.old\Program Files\eMule\Incoming\CRACK [2009] BUNKSPEED\SETUP.EXE/BitRoll.exe 07/10/2010 17:53:34 Deleted: Trojan.Win32.C4DLMedia.c C:\Windows.old\Program Files\eMule\Incoming\CRACK [2009] BUNKSPEED\SETUP.EXE 07/10/2010 18:02:17 Detected: Trojan.Win32.BHO.ahcs C:\Windows.old\Windows\system32\DGRPSETU32(3).DLL 07/10/2010 18:02:17 Detected: Trojan.Win32.BHO.ahcs C:\Windows.old\Windows\system32\DGRPSETU32(2).DLL 07/10/2010 18:02:17 Deleted: Trojan.Win32.BHO.ahcs C:\Windows.old\Windows\system32\DGRPSETU32(3).DLL 07/10/2010 18:02:27 Deleted: Trojan.Win32.BHO.ahcs C:\Windows.old\Windows\system32\DGRPSETU32(2).DLL 07/10/2010 18:02:38 Detected: Trojan-Clicker.Win32.VBiframe.car C:\Windows.old\Windows\system32\NET.NET/PE_Patch.PECompact/PecBundle/PECompact 07/10/2010 18:02:41 Deleted: Trojan-Clicker.Win32.VBiframe.car C:\Windows.old\Windows\system32\NET.NET 07/10/2010 18:04:26 Detected: Trojan.Win32.Buzus.ehjr C:\Windows.old\Windows\Temp\jqtn.tmp\svchost.exe 07/10/2010 18:04:27 Deleted: Trojan.Win32.Buzus.ehjr C:\Windows.old\Windows\Temp\jqtn.tmp\svchost.exe 07/10/2010 19:58:27 Task completed -
[RESOLU] INFECTION Redirections intempestives
Sebest a répondu à un(e) sujet de Sebest dans Analyses et éradication malwares
C:\$Recycle.Bin\S-1-5-21-438700012-334028598-3849664603-1000\$RBB4Q3T\X -Fonter v6 4.rar probably a variant of Win32/IRCBot.XXCJUV trojan C:\Users\Seb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk Win32/Adware.ADON application C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk Win32/Adware.ADON application C:\Windows.old\Documents and Settings\Seb\Application Data\SystemProc\LSASS.EXE a variant of Win32/Kryptik.EHK trojan C:\Windows.old\Documents and Settings\Seb\Local Settings\temp\jar_cache5193811056778461003.tmp a variant of Java/TrojanDownloader.Agent.NAN trojan C:\Windows.old\Windows\system32\BTSWJPJ.DLL a variant of Win32/Boaxxe.A trojan C:\Windows.old\Windows\system32\DGRPSETU32(2).DLL a variant of Win32/Kryptik.EHK trojan C:\Windows.old\Windows\system32\DGRPSETU32(3).DLL a variant of Win32/Kryptik.EHK trojan C:\Windows.old\Windows\system32\NET.NET Win32/TrojanClicker.Punad.AA trojan C:\Windows.old\Windows\system32\NSFKYFX.DLL a variant of Win32/Boaxxe.A trojan C:\Windows.old\Windows\Temp\jqtn.tmp\svchost.exe a variant of Win32/Injector.CRM trojan -
[RESOLU] INFECTION Redirections intempestives
Sebest a répondu à un(e) sujet de Sebest dans Analyses et éradication malwares
Logfile of random's system information tool 1.08 (written by random/random) Run by Seb at 2010-10-05 22:44:36 Microsoft Windows 7 Édition Intégrale Service Pack 2 System drive C: has 184 GB (60%) free of 305 GB Total RAM: 4091 MB (69% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:44:56, on 05/10/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Program Files (x86)\BisonCam\BisonHK.exe C:\Program Files (x86)\BisonCam\DeLay.exe C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files (x86)\Orange\Media Player\Media Player.exe C:\Program Files (x86)\Hotkey\Hotkey.exe C:\Program Files (x86)\MaxTV\MaxTV4\task_scheduler.exe C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe C:\Program Files\trend micro\Seb.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = iGoogle R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100917195024.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [uUSeeMediaCenter] "C:\Program Files (x86)\Common Files\uusee\UUSeeMediaCenter.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [iJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" O4 - HKCU\..\Run: [strUSEmd] C:\Users\Seb\AppData\Local\Temp\SSp6i.exe O4 - HKCU\..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe /systray O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe /systray (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe /systray (User 'Système') O4 - HKUS\.DEFAULT\..\Run: [OrangePlayer] C:\Program Files (x86)\Orange\Media Player\Media Player.exe /systray (User 'Default user') O4 - Startup: kill.bat O4 - Startup: MaxTV Recorder Manager.lnk = C:\Program Files (x86)\MaxTV\MaxTV4\task_scheduler.exe O4 - Global Startup: Hotkey.lnk = C:\Program Files (x86)\Hotkey\Hotkey.exe O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} (SOE Web Installer) - http://launch.soe.com/plugin/web/SOEWebInstaller.cab O16 - DPF: {9DF1C00D-8426-4337-972C-DC042D19A916} (FTMediaPlayer Class) - http://webtv.guidetv.orange.fr/resources/OCS_9418.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O20 - AppInit_DLLs: acaptuser32.dll O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max Design 2011 32-bit 32-bit (mi-raysat_3dsmax2011_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max Design 2011 64-bit 64-bit (mi-raysat_3dsmax2011_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: TabletServiceWacom - Unknown owner - C:\Windows\system32\Wacom_Tablet.exe (file missing) O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 26663 bytes ======Listing Processes====== \SystemRoot\System32\smss.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 wininit.exe %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-87b3d7e4-a734-49d6-bcdc-2f6c799d6592 -SystemEventPortName:HostProcess-66306de1-788c-4177-b5db-7b2c5558e1b2 -IoCancelEventPortName:HostProcess-1982687a-a83a-42d8-bcb5-56d68c9f78cc -NonStateChangingEventPortName:HostProcess-695e4e24-f20c-4475-841b-896f671d5146 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:1d207663-b29a-46c9-aa92-bf09c0053c7a winlogon.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\nvvsvc.exe -session -first /QuitInfo:0000000000000798;000000000000079C; /AddRef; "C:\Program Files\Protector Suite\upeksvr.exe" "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" "C:\Program Files (x86)\Bonjour\mDNSResponder.exe" C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" "C:\Program Files (x86)\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe" "C:\Program Files\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe" "C:\Program Files (x86)\Hotkey\PowerBiosServer.exe" "taskhost.exe" /QuitInfo:0000000000000834;0000000000000840; /AddRef; "C:\Windows\system32\Dwm.exe" /QuitInfo:0000000000000824;0000000000000848; C:\Windows\Explorer.EXE /loadhooks /Parent:000000000000092C "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" "C:\Program Files (x86)\BisonCam\BisonHK.exe" "C:\Program Files (x86)\BisonCam\DeLay.exe" "C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE" /logon "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" "C:\Program Files\Protector Suite\psqltray.exe" C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\Wacom_Tablet.exe "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" "C:\Program Files (x86)\Orange\Media Player\Media Player.exe" /systray Wacom_Tablet.exe au "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted "C:\Program Files (x86)\Hotkey\Hotkey.exe" "C:\Program Files (x86)\MaxTV\MaxTV4\task_scheduler.exe" "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe" "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" C:\Windows\system32\SearchIndexer.exe /Embedding C:\Windows\system32\wbem\wmiprvse.exe "C:\Program Files\Windows Media Player\wmpnetwk.exe" C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet "C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe" "C:\Program Files (x86)\Nero\Update\NASvc.exe" "C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-4423e1c4-9d05-4ceb-9394-903103ec5eda -SystemEventPortName:HostProcess-dad91b78-7604-4945-808b-a0b695f4f9f6 -IoCancelEventPortName:HostProcess-278f4501-8770-414f-8adc-5ebb1c360063 -NonStateChangingEventPortName:HostProcess-09e0d937-6669-4a46-9d13-bed16bb81e89 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:a91b29b9-7b15-4f33-9a18-7a11aa51630e "C:\Program Files\McAfee.com\Agent\mcagent.exe" /shRequest taskeng.exe {C191F84A-267D-49CE-B4AB-1146F80AB291} "C:\Users\Seb\Desktop\RSITx64.exe" "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-438700012-334028598-3849664603-100032_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-438700012-334028598-3849664603-100032 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1" "C:\Windows\system32\SearchFilterHost.exe" 0 588 592 600 65536 596 ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100917195024.dll [2010-08-24 78968] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{074C1DC5-9320-4A9A-947D-C042949C6216}] ContributeBHO Class - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20100917195024.dll [2010-08-24 73288] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}] SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] [HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480] {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll [2010-03-27 164312] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-07-27 16335392] "RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-07-21 7981088] "SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2009-05-06 1702400] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-08-29 1825064] "BisonHK"=C:\Program Files (x86)\BisonCam\BisonHK.exe [2009-06-09 77824] "DeLay"=C:\Program Files (x86)\BisonCam\DeLay.exe [2008-12-05 53248] "PSQLLauncher"=C:\Program Files\Protector Suite\launcher.exe [2009-09-11 84744] "CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-11-02 2710856] "AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208] "CanonSolutionMenu"=C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [2009-09-04 767312] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"=C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [2010-08-24 247144] "strUSEmd"=C:\Users\Seb\AppData\Local\Temp\SSp6i.exe [] "OrangePlayer"=C:\Program Files (x86)\Orange\Media Player\Media Player.exe [2009-09-05 319488] [HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run] "mcui_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2010-06-24 1484856] "UnlockerAssistant"=C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe [2010-03-09 15872] "UUSeeMediaCenter"=C:\Program Files (x86)\Common Files\uusee\UUSeeMediaCenter.exe [] "TkBellExe"=C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe [2010-06-06 202256] "Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232] ""= [] "Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376] "IJNetworkScanUtility"=C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [2009-05-19 136544] "DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-08-20 1164584] "QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-08-10 421888] "AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992] "SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Hotkey.lnk - C:\Program Files (x86)\Hotkey\Hotkey.exe C:\Users\Seb\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup kill.bat MaxTV Recorder Manager.lnk - C:\Program Files (x86)\MaxTV\MaxTV4\task_scheduler.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="acaptuser64.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\psfus] C:\Program Files\Protector Suite\psqlpwd.dll [2009-09-11 135944] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa] "notification packages"=scecli C:\Program Files\Protector Suite\psqlpwd.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\McMPFSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefire] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfefirek.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "ConsentPromptBehaviorUser"=3 "EnableLUA"=0 "EnableUIADesktopToggle"=0 "PromptOnSecureDesktop"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableCAD"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoActiveDesktop"=1 "NoActiveDesktopChanges"=1 "ForceActiveDesktopOn"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files (x86)\uusee\UUSeePlayer.exe"="C:\Program Files (x86)\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - "C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\Dreamweaver.exe","%1" ======List of files/folders created in the last 3 months====== 2010-10-05 22:44:36 ----D---- C:\rsit 2010-10-05 22:44:36 ----D---- C:\Program Files\trend micro 2010-10-05 16:30:55 ----D---- C:\Users\Seb\AppData\Roaming\Malwarebytes 2010-10-05 16:30:48 ----A---- C:\Windows\SYSWOW64\drivers\mbamswissarmy.sys 2010-10-05 16:30:47 ----D---- C:\ProgramData\Malwarebytes 2010-10-05 16:30:47 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2010-10-05 16:30:47 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-10-05 16:27:15 ----A---- C:\Windows\ntbtlog.txt 2010-10-05 15:31:06 ----RD---- C:\32788R22FWJFW 2010-10-05 11:01:09 ----D---- C:\ProgramData\NOS 2010-10-05 11:01:09 ----D---- C:\Program Files (x86)\NOS 2010-10-03 17:44:30 ----D---- C:\Program Files (x86)\vShare 2010-09-30 22:04:53 ----D---- C:\ProgramData\Messenger Plus! 2010-09-30 22:04:34 ----D---- C:\Program Files (x86)\Messenger Plus! Live 2010-09-22 18:30:22 ----D---- C:\ProgramData\ALM 2010-09-22 17:56:49 ----N---- C:\Windows\system32\drivers\PxHlpa64.sys 2010-09-22 17:56:49 ----N---- C:\Windows\system32\drivers\cdralw2k.sys 2010-09-22 17:56:49 ----N---- C:\Windows\system32\drivers\cdr4_xp.sys 2010-09-22 17:56:48 ----D---- C:\Program Files (x86)\My Company Name 2010-09-22 17:50:50 ----D---- C:\Program Files\Adobe 2010-09-19 11:25:29 ----DC---- C:\Windows\system32\DRVSTORE 2010-09-19 11:25:07 ----D---- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2010-09-19 11:23:56 ----D---- C:\Program Files (x86)\QuickTime 2010-09-19 11:22:58 ----D---- C:\Program Files (x86)\Apple Software Update 2010-09-19 11:22:38 ----D---- C:\Program Files\Common Files\Apple 2010-09-19 11:22:25 ----D---- C:\Program Files\Bonjour 2010-09-19 11:22:25 ----D---- C:\Program Files (x86)\Bonjour 2010-09-04 17:18:48 ----D---- C:\Users\Seb\AppData\Roaming\vlc 2010-07-30 15:15:31 ----D---- C:\Users\Seb\AppData\Roaming\Nero 2010-07-27 18:55:50 ----A---- C:\Windows\system32\jdns_sd.dll 2010-07-27 18:55:50 ----A---- C:\Windows\system32\dnssdX.dll 2010-07-27 18:55:50 ----A---- C:\Windows\system32\dns-sd.exe 2010-07-27 18:55:50 ----A---- C:\Windows\system32\dnssd.dll 2010-07-27 18:44:10 ----A---- C:\Windows\SYSWOW64\jdns_sd.dll 2010-07-27 18:44:10 ----A---- C:\Windows\SYSWOW64\dnssdX.dll 2010-07-27 18:44:10 ----A---- C:\Windows\SYSWOW64\dns-sd.exe 2010-07-27 18:44:10 ----A---- C:\Windows\SYSWOW64\dnssd.dll 2010-07-24 18:39:14 ----A---- C:\Windows\SYSWOW64\d3dx9_36.dll 2010-07-18 19:17:02 ----D---- C:\Program Files (x86)\TVAnts 2010-07-17 20:32:11 ----D---- C:\Users\Seb\AppData\Roaming\Media Player 2010-07-17 20:31:57 ----D---- C:\Program Files (x86)\Orange 2010-07-07 14:08:42 ----D---- C:\Windows\Sun 2010-07-07 13:55:27 ----D---- C:\ProgramData\Sun 2010-07-07 13:55:08 ----D---- C:\Program Files (x86)\Java ======List of files/folders modified in the last 3 months====== 2010-10-05 22:44:56 ----D---- C:\Windows\Prefetch 2010-10-05 22:44:37 ----D---- C:\Windows\Temp 2010-10-05 22:44:36 ----RD---- C:\Program Files 2010-10-05 22:42:07 ----D---- C:\Windows\system32\Tasks 2010-10-05 17:23:46 ----D---- C:\Program Files (x86)\McAfee 2010-10-05 16:47:11 ----D---- C:\Users\Seb\AppData\Roaming\WTablet 2010-10-05 16:30:48 ----D---- C:\Windows\SYSWOW64\drivers 2010-10-05 16:30:47 ----RD---- C:\Program Files (x86) 2010-10-05 16:30:47 ----HD---- C:\ProgramData 2010-10-05 16:30:47 ----D---- C:\Windows\system32\drivers 2010-10-05 16:27:15 ----D---- C:\Windows 2010-10-05 16:14:49 ----D---- C:\Windows\system32\NDF 2010-10-05 16:09:21 ----D---- C:\Windows\system32\wfp 2010-10-05 16:09:18 ----D---- C:\Windows\system32\wbem 2010-10-05 16:07:48 ----D---- C:\Windows\system32\config 2010-10-05 16:07:36 ----SHD---- C:\Windows\Installer 2010-10-05 16:07:36 ----D---- C:\Windows\Tasks 2010-10-05 16:07:36 ----D---- C:\Windows\system32\DriverStore 2010-10-05 16:07:36 ----D---- C:\Windows\system32\CodeIntegrity 2010-10-05 16:07:36 ----D---- C:\Windows\system32\catroot2 2010-10-05 16:07:36 ----D---- C:\Windows\System32 2010-10-05 16:07:36 ----D---- C:\Windows\inf 2010-10-05 16:07:36 ----D---- C:\Windows\AppCompat 2010-10-05 16:07:35 ----D---- C:\Users\Seb\AppData\Roaming\Azureus 2010-10-05 16:07:34 ----D---- C:\Program Files (x86)\SopCast 2010-10-05 16:07:34 ----D---- C:\Program Files (x86)\Mozilla Firefox 2010-10-05 16:07:29 ----D---- C:\Windows\registration 2010-10-05 16:07:26 ----D---- C:\Windows\SysWOW64 2010-10-05 16:06:55 ----SHD---- C:\$Recycle.Bin 2010-10-05 16:03:27 ----SHD---- C:\System Volume Information 2010-10-03 11:01:26 ----D---- C:\Windows\Logs 2010-09-24 08:56:12 ----D---- C:\ProgramData\Adobe 2010-09-23 09:12:34 ----RSD---- C:\Windows\Fonts 2010-09-22 18:52:11 ----D---- C:\ProgramData\regid.1986-12.com.adobe 2010-09-22 18:50:37 ----D---- C:\Config.Msi 2010-09-22 18:37:13 ----D---- C:\Users\Seb\AppData\Roaming\Adobe 2010-09-22 18:37:12 ----D---- C:\Program Files\Common Files\Adobe 2010-09-22 18:30:20 ----D---- C:\Program Files (x86)\Adobe 2010-09-22 17:56:54 ----SD---- C:\Users\Seb\AppData\Roaming\Microsoft 2010-09-22 17:56:54 ----D---- C:\Windows\system32\catroot 2010-09-22 17:56:48 ----D---- C:\Program Files (x86)\Common Files 2010-09-22 17:29:12 ----D---- C:\Program Files (x86)\SpeedFan 2010-09-22 12:34:17 ----D---- C:\Windows\winsxs 2010-09-20 22:22:33 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-09-20 15:28:16 ----SD---- C:\ProgramData\Microsoft 2010-09-19 11:36:11 ----D---- C:\ProgramData\Apple Computer 2010-09-19 11:34:54 ----D---- C:\Windows\system32\appmgmt 2010-09-19 11:27:11 ----D---- C:\Users\Seb\AppData\Roaming\Apple Computer 2010-09-19 11:22:38 ----D---- C:\Program Files\Common Files 2010-09-16 17:43:07 ----D---- C:\Windows\Downloaded Program Files 2010-09-15 21:09:41 ----D---- C:\Program Files (x86)\TVUPlayer 2010-09-10 16:56:24 ----D---- C:\Program Files (x86)\Vuze 2010-08-29 10:42:11 ----D---- C:\ProgramData\DivX 2010-08-29 10:42:10 ----D---- C:\Program Files (x86)\DivX 2010-08-23 15:14:16 ----D---- C:\Users\Seb\AppData\Roaming\dvdcss 2010-07-17 20:39:28 ----D---- C:\Windows\Microsoft.NET 2010-07-17 20:39:22 ----RSD---- C:\Windows\assembly 2010-07-13 10:14:13 ----D---- C:\ProgramData\FLEXnet 2010-07-13 10:10:35 ----D---- C:\Windows\system32\LogFiles 2010-07-13 09:24:07 ----D---- C:\Users\Seb\AppData\Roaming\Canon ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 amdxata;amdxata; C:\Windows\system32\DRIVERS\amdxata.sys [2009-07-14 28752] R0 CNG;CNG; C:\Windows\System32\Drivers\cng.sys [2009-07-14 460504] R0 fvevol;@%SystemRoot%\system32\drivers\fvevol.sys,-100; C:\Windows\System32\DRIVERS\fvevol.sys [2009-07-14 223448] R0 hwpolicy;@%systemroot%\system32\drivers\hwpolicy.sys,-101; C:\Windows\System32\drivers\hwpolicy.sys [2009-07-14 14416] R0 johci;JMicron 1394 Filter Driver; C:\Windows\system32\DRIVERS\johci.sys [2009-07-28 20392] R0 KSecPkg;KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [2009-07-14 153152] R0 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys [2010-08-24 529000] R0 mfewfpk;McAfee Inc. mfewfpk; C:\Windows\system32\drivers\mfewfpk.sys [2010-08-24 283232] R0 pcw;Performance Counters for Windows Driver; C:\Windows\System32\drivers\pcw.sys [2009-07-14 50768] R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096] R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2007-02-07 14104] R0 storflt;@%SystemRoot%\system32\vmstorfltres.dll,-1000; C:\Windows\system32\DRIVERS\vmstorfl.sys [2009-07-14 46672] R0 vdrvroot;Pilote d’énumérateur de lecteur virtuel Microsoft; C:\Windows\system32\DRIVERS\vdrvroot.sys [2009-07-14 36432] R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys [2009-07-14 40448] R1 mfenlfk;McAfee NDIS Light Filter; C:\Windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 75032] R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys [2009-07-14 8192] R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys [2009-07-14 12800] R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632] R3 Cam5607;BisonCam, NB Pro ; C:\Windows\System32\Drivers\BisonC07.sys [2009-07-26 1181552] R3 cfwids;McAfee Inc. cfwids; C:\Windows\system32\drivers\cfwids.sys [2010-08-24 62800] R3 CompositeBus;Pilote de l’énumérateur de bus composite; C:\Windows\system32\DRIVERS\CompositeBus.sys [2009-07-14 38912] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-07-21 1831968] R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-08-19 143472] R3 mfeapfk;McAfee Inc. mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [2010-08-24 121248] R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys [2010-08-24 190136] R3 mfefirek;McAfee Inc. mfefirek; C:\Windows\system32\drivers\mfefirek.sys [2010-08-24 441072] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-05-14 5435904] R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2009-06-27 83488] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-07-28 11563296] R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 60416] R3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys [2009-07-14 24064] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-07-31 236544] R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-05-06 1202688] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2009-08-29 292400] R3 wacommousefilter;Wacom Mouse Filter Driver; C:\Windows\system32\DRIVERS\wacommousefilter.sys [2007-02-16 12848] R3 wacomvhid;Wacom Virtual Hid Driver; C:\Windows\system32\DRIVERS\wacomvhid.sys [2009-09-21 16168] R3 WinUsb;WinUSB Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 40448] R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 112128] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 172544] S3 1394ohci;Contrôleur d’hôte compatible OHCI 1394; C:\Windows\system32\DRIVERS\1394ohci.sys [2009-07-14 227840] S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys [2009-07-14 12288] S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys [2009-07-14 60928] S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [2009-07-14 106576] S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [2009-07-14 194128] S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [2009-07-14 61440] S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbda.sys [2009-06-10 468480] S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys [2009-06-10 270848] S3 drmkaud;Pilotes audio approuvés par Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2009-07-14 5632] S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbda.sys [2009-06-10 3286016] S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys [2009-07-14 9728] S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [2009-07-14 55376] S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys [2009-06-10 31232] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-07-14 350208] S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys [2009-07-14 26624] S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 77888] S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 65600] S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [2009-07-14 284736] S3 mfeavfk01;McAfee Inc.; C:\Windows\system32\drivers\mfeavfk01.sys [] S3 mferkdet;McAfee Inc. mferkdet; C:\Windows\system32\drivers\mferkdet.sys [2010-08-24 94736] S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [2009-07-14 8192] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2009-07-14 11136] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2009-07-14 7168] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2009-07-14 6784] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2009-07-14 8064] S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys [2009-07-14 15360] S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys [2009-07-14 35328] S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656] S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [2009-07-14 29696] S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056] S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [2009-07-14 24656] S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896] S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2009-07-14 9728] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984] S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2009-07-14 184576] S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [2009-07-14 217680] S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272] S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760] S3 vwifibus;@%SystemRoot%\System32\drivers\vwifibus.sys,-257; C:\Windows\System32\drivers\vwifibus.sys [2009-07-14 24576] S3 wacmoumonitor;Wacom Mode Helper; C:\Windows\system32\DRIVERS\wacmoumonitor.sys [2010-01-24 18216] S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 22096] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672] R2 Bonjour Service;Service Bonjour; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-07-27 345376] R2 McMPFSvc;Service McAfee Personal Firewall; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R2 mcmscsvc;McAfee Services; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R2 McNaiAnn;McAfee VirusScan Announcer; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R2 McNASvc;McAfee Network Agent; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R2 McProxy;McAfee Proxy Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 355440] R2 McShield;McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [2010-08-24 200056] R2 mfefire;McAfee Firewall Core Service; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-08-24 245352] R2 mfevtp;McAfee Validation Trust Protection Service; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 149032] R2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max Design 2011 32-bit 32-bit; C:\Program Files (x86)\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016] R2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max Design 2011 64-bit 64-bit; C:\Program Files\Autodesk\3ds Max Design 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016] R2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-07-27 382496] R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136] R2 PowerBiosServer;PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [2009-08-31 37784] R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 27136] R2 TabletServiceWacom;TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [2010-02-01 6159656] R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-08-24 92008] R2 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136] R3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136] R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136] R3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [2009-07-14 31232] S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [2009-07-14 3524608] S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [2009-07-14 31232] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-06-06 1436424] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-06-07 1045256] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 McODS;McAfee Scanner; C:\Program Files\McAfee\VirusScan\mcods.exe [2010-04-15 509416] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136] S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2009-07-14 20992] S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 27136] S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-03 1255736] S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 27136] -----------------EOF----------------- ------------------- -
[RESOLU] INFECTION Redirections intempestives
Sebest a répondu à un(e) sujet de Sebest dans Analyses et éradication malwares
Je suis chez Orange,mais j'ai pas de Livebox(j'en veux pas), j'ai modem-routeur ethernet wifi Belkin que je gere via le navigateur internet. Sinon,j'ai plus de redirection vers antivirus 2010, mais toujours Wordslife et celle que j'ai montré. Je postes les logs au prochain message.