jezabel
-
Compteur de contenus
59 -
Inscription
-
Dernière visite
-
Jours gagnés
1
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par jezabel
-
écran bleu + cle WIFI clignote plus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
Rapport propre ? Merci bien ! Les problèmes ont disparu. Merci encore de votre aide ! Jezabel -
écran bleu + cle WIFI clignote plus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
Bonsoir, Pardonnez mes imprécisions. Pour le rapport Malaware, je vous l'aurais bien évidemment collé si la série ne continuait pas : je poste depuis une autre machine et je transférais jusqu'à hier les rapports via une clé USB qui vient de lâcher. Féroce la technique ! Alors bon, cette fois, la restauration du système après avoir booté depuis le DVD est allée à son terme et j'ai retrouvé ma connexion internet. Plus de plantage j'ai l'impression. J'ai fait un scan HiJackThis dont voici le rapport : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:47:15, on 10/03/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\NETGEAR\WG111v3\WG111v3.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\nègre\Desktop\HiJackThis.exe C:\Windows\system32\DllHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [spool] C:\Users\NGRE~1\AppData\Roaming\spoolsv.exe /waitservice (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [spool] C:\Users\NGRE~1\AppData\Roaming\spoolsv.exe /waitservice (User 'Default user') O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {E3E6FFEE-748F-43BA-87AE-B1F1B11ED193} (MegaMocapWeb Control) - http://www.charactermotion.com/products/po...egaMocapWeb.ocx O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7545 bytes Ça va mieux docteur ? Jezabel -
écran bleu + cle WIFI clignote plus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
Bonjour, Je n'ai pas fait ce test mais j'ai lancé une vérification de la mémoire avec je ne sais plus quelle appli. Résultat : tout est OK. Je tente actuellement de réparer Vista en ayant booter sur le DVD. Le PC a tourné tout seul toute la journée sans planter. Il a planté ce soir dès que j'ai simplement voulu parcourir C:. C'est bizarre car si je parcours l'arborescence depuis le gestionnaire de tâches il ne plante pas. J'ai réussi ainsi à lancer un scan avec Malaware qui a détecté 13 objets. Tiens, la procédure de réparation me pose une question étrange : elle me parle de C: à restaurer qui comporte le système (ça je comprends) et elle me parle aussi d'un x: (boot). Je n'ai pourtant qu'une partition sur mon disque. En plus je ne peux cocher X: en plus de C: pour la réparation. C'est grave docteur ? Jezabel -
écran bleu + cle WIFI clignote plus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
J'ai rebooté depuis le dvd de vista. J'ai sélectionné réparer. Plantage au redémarrage avec écran bleu irq less or equal redémarrage ok. Tant que je laisse la machine seule à ne rien lui demander, tout va bien. Mais les applis ne se lancent toujours pas. Et toujours pas de web car toujours pas de cle wifi active. Jezabel -
écran bleu + cle WIFI clignote plus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
Bon je bataille pour tâcher de lancer combofix mais le souci et qu'il m'alerte sur le processus antivirus en cours (alors qu'il est arrêté. d'ailleurs j'ai pas la main dessus, comme je n'ai pas la main sur les autres appli dont j'ai parlé plus haut). Pour info, je viens d'avoir un nouvel écran bleu avec cette fois : BAD_POOL_CALLER Et pour info derechef, j'ai lancé un SFC /scannow et il refuse d'aller au delà de 95%. Ça sent le moisi ou bien mon affaire ? Jezabel -
écran bleu + cle WIFI clignote plus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
Hé bé : combofix.exe n'est pas une application win32 valide. Pas content Vista ! Jezabel -
écran bleu + cle WIFI clignote plus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
ci-dessous le log.txt : Logfile of random's system information tool 1.05 (written by random/random) Run by nègre at 2009-03-09 19:03:06 Microsoft® Windows Vista™ Professionnel Service Pack 1 System drive C: has 120 GB (50%) free of 238 GB Total RAM: 3199 MB (77% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:13:29, on 08/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\nègre\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [spool] C:\Users\NGRE~1\AppData\Roaming\spoolsv.exe /waitservice (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [spool] C:\Users\NGRE~1\AppData\Roaming\spoolsv.exe /waitservice (User 'Default user') O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {E3E6FFEE-748F-43BA-87AE-B1F1B11ED193} (MegaMocapWeb Control) - http://www.charactermotion.com/products/po...egaMocapWeb.ocx O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7294 bytes ======Scheduled tasks folder====== C:\Windows\tasks\User_Feed_Synchronization-{1559A6B9-87C7-4552-AD27-F2EAF32344CB}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] C:\PROGRA~1\SPYBOT~1\SDHelper.dll [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328] "avgnt"=C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe [2009-03-09 266497] "CloneCDElbyCDFL"=C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe [2002-11-02 45056] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-06 36864] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2008-07-21 169312] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2005-10-10 798720] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLUA"=0 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======List of files/folders created in the last 1 months====== 2009-03-09 19:02:39 ----D---- C:\rsit 2009-03-09 18:26:25 ----A---- C:\HiJackThis.exe 2009-03-09 18:16:10 ----D---- C:\Program Files\QUAD Utilities 2009-03-09 17:20:46 ----D---- C:\Program Files\Hitman Pro 2009-03-09 14:25:58 ----A---- C:\Windows\ntbtlog.txt 2009-03-09 14:12:15 ----D---- C:\Windows\Minidump 2009-03-09 12:06:08 ----HD---- C:\Users\nègre\AppData\Roaming\m 2009-03-09 11:58:30 ----HD---- C:\Users\nègre\AppData\Roaming\drivers 2009-03-01 21:29:23 ----D---- C:\Program Files\Greenworks 2009-02-22 21:34:01 ----A---- C:\UVMapper.exe 2009-02-11 17:53:12 ----A---- C:\Windows\system32\mshtml.dll 2009-02-11 17:53:11 ----A---- C:\Windows\system32\urlmon.dll 2009-02-11 17:53:11 ----A---- C:\Windows\system32\ieframe.dll 2009-02-11 17:53:10 ----A---- C:\Windows\system32\wininet.dll 2009-02-11 17:53:10 ----A---- C:\Windows\system32\mstime.dll 2009-02-11 17:53:10 ----A---- C:\Windows\system32\msfeeds.dll 2009-02-11 17:53:10 ----A---- C:\Windows\system32\jsproxy.dll 2009-02-11 17:53:10 ----A---- C:\Windows\system32\iertutil.dll ======List of files/folders modified in the last 1 months====== 2009-03-09 19:02:39 ----D---- C:\Windows\system32\inetsrv 2009-03-09 19:00:47 ----A---- C:\Windows\Ulead32.ini 2009-03-09 19:00:29 ----D---- C:\Windows 2009-03-09 18:58:27 ----D---- C:\Windows\system32\LogFiles 2009-03-09 18:22:57 ----D---- C:\Program Files\Spybot - Search & Destroy 2009-03-09 18:18:08 ----RD---- C:\Program Files 2009-03-09 18:18:03 ----D---- C:\ProgramData\Spybot - Search & Destroy 2009-03-09 18:17:42 ----D---- C:\Users\nègre\AppData\Roaming\Lavasoft 2009-03-09 18:17:26 ----D---- C:\Windows\System32 2009-03-09 18:17:26 ----D---- C:\Windows\inf 2009-03-09 18:17:26 ----A---- C:\Windows\system32\PerfStringBackup.INI 2009-03-09 18:16:18 ----D---- C:\Windows\Prefetch 2009-03-09 18:16:18 ----D---- C:\Program Files\Mozilla Firefox 2009-03-09 18:16:17 ----D---- C:\Windows\system32\Tasks 2009-03-09 18:12:29 ----D---- C:\Windows\temp 2009-03-09 17:57:57 ----SHD---- C:\System Volume Information 2009-03-09 17:45:14 ----SHD---- C:\Windows\Installer 2009-03-09 17:44:42 ----HD---- C:\ProgramData 2009-03-09 17:44:42 ----D---- C:\Users\nègre\AppData\Roaming\Corel 2009-03-09 15:10:33 ----D---- C:\Program Files\RegCleaner 2009-03-09 14:44:38 ----D---- C:\Program Files\AntiVir PersonalEdition Classic 2009-03-09 14:15:24 ----D---- C:\Windows\system32\catroot2 2009-03-09 14:12:19 ----HD---- C:\Windows\system32\drivers 2009-03-09 11:18:38 ----D---- C:\Users\nègre\AppData\Roaming\gtk-2.0 2009-03-09 10:44:36 ----D---- C:\ProgramData\AntiVir PersonalEdition Classic 2009-03-08 19:12:10 ----A---- C:\PzrSdkDebugLog.txt 2009-03-08 14:49:41 ----D---- C:\Users\nègre\AppData\Roaming\OpenOffice.org2 2009-03-02 22:08:36 ----A---- C:\Windows\NeroDigital.ini 2009-03-02 18:07:52 ----D---- C:\Users\nègre\AppData\Roaming\Poser 7 2009-03-02 10:12:21 ----D---- C:\Users\nègre\AppData\Roaming\Adobe 2009-03-01 21:46:24 ----SD---- C:\ProgramData\Microsoft 2009-02-25 20:35:05 ----D---- C:\Program Files\Common Files\DAZ 2009-02-13 09:45:33 ----D---- C:\Windows\winsxs 2009-02-11 22:46:21 ----D---- C:\Windows\system32\WDI 2009-02-11 18:00:27 ----D---- C:\Windows\system32\catroot 2009-02-11 18:00:12 ----D---- C:\Program Files\Windows Mail 2009-02-11 18:00:04 ----RSD---- C:\Windows\assembly ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-28 75072] R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-19 350720] R1 sK9Ou0s;sK9Ou0s; \??\C:\Users\nègre\AppData\Roaming\drivers\srosa2.sys [2009-03-09 7168] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2002-11-29 16320] R2 ROB_A;Pinnacle WDM PCTV Audio Capture; C:\Windows\system32\DRIVERS\rob_a.sys [2003-02-10 17664] R2 ROB_V;Pinnacle WDM PCTV Video Capture; C:\Windows\system32\drivers\rob_v.sys [2003-04-11 125568] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-21 3478528] R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2002-11-28 15360] R3 HabuFltr;Habu Mouse; C:\Windows\system32\drivers\habu.sys [2006-10-23 27776] R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 61883;Pilote d'unité 61883; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696] S3 Avc;Périphérique AVC; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448] S3 avgntflt;avgntflt; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-31 52032] S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5.SYS [2007-05-23 49904] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-11-02 15360] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [] S3 hitmanpro2;Hitman Pro 2 Driver; \??\C:\Program Files\Hitman Pro\hitmanpro2.sys [2006-11-03 10336] S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [2008-12-03 38496] S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\Windows\system32\DRIVERS\mxopswd.sys [2007-05-03 22152] S3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2006-11-07 24064] S3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-01-25 106496] S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver; C:\Windows\system32\DRIVERS\wg111v3.sys [2007-04-23 227328] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-12-21 643072] R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-02-06 79360] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936] R2 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe [2008-01-19 13824] R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888] R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656] R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2006-11-02 9728] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152] R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 21504] S2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2009-03-09 366712] S2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [2009-03-09 68865] S2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [2009-03-09 151297] S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [] S2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-07-19 72704] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 aspnet_state;@%windir%\system32\inetsrv\iisres.dll,-30009; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312] S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-06 654848] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-11-02 195752] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504] S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-19 917504] S3 WMSvc;@%windir%\system32\inetsrv\iisres.dll,-20001; C:\Windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264] -----------------EOF----------------- Le info.txt est un fichier vide ! NB : les fichiers ne sont pas affichés et j'ai dû aller les ouvrir sur C: Jezabel -
écran bleu + cle WIFI clignote plus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
Les écrans bleus reviennent. La liste des événements est très importante ! Que dois-je y chercher ? NB : en mode sans échec HijackThis refuse de se lancer (appli non valide win32). Jezabel -
écran bleu + cle WIFI clignote plus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
J'ignore ce qu'est un Bsod et j'ignore comment regarder l'observateur d'événements. J'ai tenté une nouvelle restauration : résultat, elle n'a pu se terminer et le point de restauration a été endommagé ou supprimé. Jezabel -
écran bleu + cle WIFI clignote plus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
J'ai décoché "redémarrer automatiquement". J'ai tenté deux restaurations à la date d'hier et d'avant hier. La première semble avoir fonctionné mais le problème a persisté, l'autre a planté en cours de route. Jezabel -
écran bleu + cle WIFI clignote plus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
Merci pour toutes ces pistes mais je n'en vois aucune qui explique pourquoi j'ai une petite fenêtre qui s'ouvre (que je n'ai pas le temps de lire) au démarrage de Windows. Fenêtre qui ne s'ouvrait pas ce matin avant que mon frangin n'utilise la bécane. Je suis convaincue qu'un programme se lance au démarrage de windows et bloque un certain nombre d'autres chargements (au rang desquels, l'antivirus et l'utilitaire de ma clé WIFI). Y-a-t-il une pertinence à lancer un scan de HijackThis ? Merci de vos lumières. PS : je précise que je poste depuis un autre PC connecté en WIFi au même modem et la connexion Internet est donc opérationnelle par ailleurs. Jezabel -
écran bleu + cle WIFI clignote plus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
alors voilà le données complémentaires de l'écran bleu : STOP : 0X0000000A (0X00000004, 0X0000001B, 0X00000001, 0X81c7d583) -
écran bleu + cle WIFI clignote plus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
Bonjour et merci de prendre la peine de me répondre. Je peux démarrer sans échec. Mais dans ce mode, l'erreur ne semble pas vouloir se reproduire, ni l'écran bleu apparaître. Je tente actuellement de restaurer le système depuis un point remontant à deux jours. Dois-je ensuite faire un scan complet avec l'antivirus ? Ah ! j'ajoute qu'une toute petite fenêtre apparait au lancement de windows mais ej n'ai aps el temps de voir ce qu'elle contient. C'est une chose nouvelle, ça (elle n'apparaît qu'en mode normal et pas en sans échec). La restauration a planté en cours de route. Et l'icone de l'antivirus n'apparaît plus dans al barre des tâches. Jezabel -
Salut à vous, Ne jamais laisser son frangin avec sa propre machine ! En effet depuis cet après, écran bleu à répétition au démarrage avec ce début de mention (pas le temps de lire le reste, ça va trop vite) : IRQL NOT LESS OR EQUAL. Ma clé wifi netgear ne clignote plus au démarrage et si j'essaie de la déconnecter pouis de la reconnecter : même écran bleu. Si je démarre sans la clé, le PC est stable mais il est impossible de lancer certaines applications comme l'utilitaire Netgear justement, ou SpyBotSD par exemple. Ça sent pas la grosse infection pourrie ça par hasard ? Jeazbel
-
Explorateur Windows a cessé de fonctionner en boucle
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
Merci je vais voir ça -
Explorateur Windows a cessé de fonctionner en boucle
jezabel a posté un sujet dans Analyses et éradication malwares
Salut, Petit problème : au démarrage de mon Vista s'ouvre une fenêtre "l'Explorateur Windows a cessé de fonctionner". Si je clique sur redémarrer le programme, ça recommence en boucle. Ci-dessous le détail du problème : Signature du problème : Nom d’événement de problème: APPCRASH Nom de l’application: Explorer.EXE Version de l’application: 6.0.6001.18164 Horodatage de l'application: 4907e242 Nom du module par défaut: MpegSplitter.ax Version du module par défaut: 1.0.0.4 Horodateur du module par défaut: 45edac44 Code de l’exception: c0000094 Décalage de l’exception: 0002456b Version du système: 6.0.6001.2.1.0.256.6 Identificateur de paramètres régionaux: 1036 Information supplémentaire n° 1: 40d4 Information supplémentaire n° 2: 4062ad41ec8067256aa4c5e2b56d3c79 Information supplémentaire n° 3: 40d4 Information supplémentaire n° 4: 4062ad41ec8067256aa4c5e2b56d3c79 Avec le gestionnaire de tâche je peux lancer une session de Firefox, qui me permet. de poster. \A noter, si je me log avec l'autre compte de la machine (compte utilisateur simple) le problème ne se produit pas... Bizarre non ? A l'aide ! Jezabel -
Alerte récurrente de l'antivirus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
rapport Antivir : Avira AntiVir Personal Report file date: mardi 9 décembre 2008 18:22 Scanning for 1080260 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (Service Pack 1) [6.0.6001] Boot mode: Normally booted Username: SYSTEM Computer name: NEGRE Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 28/11/2008 08:37:21 AVSCAN.DLL : 8.1.4.0 40705 Bytes 17/07/2008 20:55:16 LUKE.DLL : 8.1.4.5 164097 Bytes 17/07/2008 20:55:16 LUKERES.DLL : 8.1.4.0 12033 Bytes 17/07/2008 20:55:16 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 20:21:54 ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 07/12/2008 17:56:15 ANTIVIR2.VDF : 7.1.0.198 2048 Bytes 07/12/2008 17:56:15 ANTIVIR3.VDF : 7.1.0.213 63488 Bytes 09/12/2008 17:21:24 Engineversion : 8.2.0.43 AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 16:23:38 AESCRIPT.DLL : 8.1.1.18 336251 Bytes 08/12/2008 17:56:17 AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 19:40:26 AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 19:40:40 AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 19:40:59 AEOFFICE.DLL : 8.1.0.32 196987 Bytes 05/12/2008 17:08:48 AEHEUR.DLL : 8.1.0.74 1519990 Bytes 05/12/2008 17:08:47 AEHELP.DLL : 8.1.2.0 119159 Bytes 20/11/2008 17:09:16 AEGEN.DLL : 8.1.1.6 323955 Bytes 29/11/2008 08:36:30 AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 16:23:28 AECORE.DLL : 8.1.5.2 172405 Bytes 29/11/2008 08:36:29 AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 16:23:26 AVWINLL.DLL : 1.0.0.12 15105 Bytes 17/07/2008 20:55:16 AVPREF.DLL : 8.0.2.0 38657 Bytes 17/07/2008 20:55:16 AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 06:00:37 AVREG.DLL : 8.0.0.1 33537 Bytes 17/07/2008 20:55:16 AVARKT.DLL : 1.0.0.23 307457 Bytes 15/04/2008 16:51:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 17/07/2008 20:55:16 SQLITE3.DLL : 3.3.17.1 339968 Bytes 15/04/2008 16:51:24 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 17/07/2008 20:55:17 NETNT.DLL : 8.0.0.1 7937 Bytes 15/04/2008 16:51:24 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 17/07/2008 20:55:14 RCTEXT.DLL : 8.0.52.0 86273 Bytes 17/07/2008 20:55:14 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: mardi 9 décembre 2008 18:22 Starting search for hidden objects. '83702' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned Scan process 'WMIADAP.exe' - '1' Module(s) have been scanned Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned Scan process 'MaxMenuMgr.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'acrotray.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'TCPSVCS.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SyncServices.exe' - '1' Module(s) have been scanned Scan process 'inetinfo.exe' - '1' Module(s) have been scanned Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned Scan process 'AdskScSrv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'a2service.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 54 processes with 54 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '40' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe [WARNING] The file could not be opened! C:\Qoobox\Quarantine\C\Windows\cisvc.exe.vir [DETECTION] Contains recognition pattern of the WORM/Taft.1 worm [NOTE] The file was moved to '49b1b18a.qua'! C:\Qoobox\Quarantine\C\Windows\logman.exe.vir [DETECTION] Contains recognition pattern of the WORM/Taft.1 worm [NOTE] The file was moved to '49a5b190.qua'! C:\Qoobox\Quarantine\C\Windows\system\mstsc.exe.vir [DETECTION] Contains recognition pattern of the WORM/Taft.1 worm [NOTE] The file was moved to '49b2b195.qua'! C:\Qoobox\Quarantine\C\Windows\System32\drivers\cmstp.exe.vir [DETECTION] Contains recognition pattern of the WORM/Taft.1 worm [NOTE] The file was moved to '49b1b18f.qua'! C:\Users\Cécile\AppData\Local\Microsoft\dllhst3g.exe [DETECTION] Contains recognition pattern of the WORM/Taft.1 worm [NOTE] The file was moved to '49aab1b1.qua'! C:\Users\nègre\AppData\Local\Microsoft\ieudinit.exe [DETECTION] Contains recognition pattern of the WORM/Taft.1 worm [NOTE] The file was moved to '49b3b1d4.qua'! C:\Users\nègre\AppData\Local\Microsoft\mstinit.exe [DETECTION] Contains recognition pattern of the WORM/Taft.1 worm [NOTE] The file was moved to '49b2b1e3.qua'! C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\Cache\C2152591d01 [0] Archive type: RAR SFX (self extracting) --> 32788R22FWJFW\hidec.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program --> 32788R22FWJFW\NirCmd.cfexe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application --> 32788R22FWJFW\nircmd.com [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application --> 32788R22FWJFW\NirCmdC.cfexe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application --> 32788R22FWJFW\psexec.cfexe [1] Archive type: RSRC --> Object [DETECTION] Contains recognition pattern of the APPL/PsExec.E application [NOTE] The file was moved to '496fb1b6.qua'! C:\Users\nègre\AppData\Roaming\mqtgsvc.exe [DETECTION] Contains recognition pattern of the WORM/Taft.1 worm [NOTE] The file was moved to '49b2b1fc.qua'! C:\Users\nègre\Desktop\ComboFix.exe [0] Archive type: RAR SFX (self extracting) --> 32788R22FWJFW\hidec.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Hide.A program --> 32788R22FWJFW\NirCmd.cfexe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application --> 32788R22FWJFW\nircmd.com [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application --> 32788R22FWJFW\NirCmdC.cfexe [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application --> 32788R22FWJFW\psexec.cfexe [1] Archive type: RSRC --> Object [DETECTION] Contains recognition pattern of the APPL/PsExec.E application [NOTE] The file was moved to '49abb220.qua'! C:\Users\nègre\Desktop\OTMoveIt3.exe [DETECTION] Contains a recognition pattern of the (harmful) BDS/Subseven.asu back-door program [NOTE] The file was moved to '498bb205.qua'! C:\_OTMoveIt\MovedFiles\12072008_192109\windows\System\cmstp.exe [DETECTION] Contains recognition pattern of the WORM/Taft.1 worm [NOTE] The file was moved to '49b1b7d7.qua'! C:\_OTMoveIt\MovedFiles\12072008_192109\windows\System\comrepl.exe [DETECTION] Contains recognition pattern of the WORM/Taft.1 worm [NOTE] The file was moved to '49abb7d9.qua'! C:\_OTMoveIt\MovedFiles\12072008_192109\windows\system32\drivers\clipsrv.exe [DETECTION] Contains recognition pattern of the WORM/Taft.1 worm [NOTE] The file was moved to '49a7b7d6.qua'! C:\_OTMoveIt\MovedFiles\12072008_192109\windows\system32\drivers\ieudinit.exe [DETECTION] Contains recognition pattern of the WORM/Taft.1 worm [NOTE] The file was moved to '49b3b7cf.qua'! End of the scan: mardi 9 décembre 2008 19:22 Used time: 1:00:33 Hour(s) The scan has been done completely. 26829 Scanning directories 641819 Files were scanned 23 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 15 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 641793 Files not concerned 8871 Archives were scanned 3 Warnings 15 Notes 83702 Objects were scanned with rootkit scan 0 Hidden objects were found -
Alerte récurrente de l'antivirus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
Je procède et j'envoie le rapport -
Alerte récurrente de l'antivirus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
Bon ben ça continue les alertes... -
Alerte récurrente de l'antivirus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
a demain et merci encore -
Alerte récurrente de l'antivirus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
sitôt dit : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:13:29, on 08/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\conime.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\Explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\nègre\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [spool] C:\Users\NGRE~1\AppData\Roaming\spoolsv.exe /waitservice (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [spool] C:\Users\NGRE~1\AppData\Roaming\spoolsv.exe /waitservice (User 'Default user') O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O13 - Gopher Prefix: O16 - DPF: {E3E6FFEE-748F-43BA-87AE-B1F1B11ED193} (MegaMocapWeb Control) - http://www.charactermotion.com/products/po...egaMocapWeb.ocx O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7294 bytes -
Alerte récurrente de l'antivirus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
Fichier 412DB83299.sys reçu le 2008.12.08 00:07:21 (CET) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.12.6.0 2008.12.06 - AntiVir 7.9.0.42 2008.12.07 - Authentium 5.1.0.4 2008.12.07 - Avast 4.8.1281.0 2008.12.06 - AVG 8.0.0.199 2008.12.07 - BitDefender 7.2 2008.12.07 - CAT-QuickHeal 10.00 2008.12.06 - ClamAV 0.94.1 2008.12.07 - Comodo 698 2008.12.06 - DrWeb 4.44.0.09170 2008.12.07 - eSafe 7.0.17.0 2008.12.07 - eTrust-Vet 31.6.6246 2008.12.05 - Ewido 4.0 2008.12.07 - F-Prot 4.4.4.56 2008.12.04 - F-Secure 8.0.14332.0 2008.12.07 - Fortinet 3.117.0.0 2008.12.07 - GData 19 2008.12.07 - Ikarus T3.1.1.45.0 2008.12.07 - K7AntiVirus 7.10.547 2008.12.06 - Kaspersky 7.0.0.125 2008.12.07 - McAfee 5456 2008.12.06 - McAfee+Artemis 5456 2008.12.06 - Microsoft 1.4205 2008.12.07 - NOD32 3668 2008.12.06 - Norman 5.80.02 2008.12.05 - Panda 9.0.0.4 2008.12.07 - PCTools 4.4.2.0 2008.12.07 - Prevx1 V2 2008.12.08 - Rising 21.06.62.00 2008.12.07 - SecureWeb-Gateway 6.7.6 2008.12.07 - Sophos 4.36.0 2008.12.07 - Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.07 - TheHacker 6.3.1.2.179 2008.12.06 - TrendMicro 8.700.0.1004 2008.12.05 - VBA32 3.12.8.10 2008.12.07 - ViRobot 2008.12.6.1504 2008.12.06 - VirusBuster 4.5.11.0 2008.12.05 - Information additionnelle File size: 88 bytes MD5...: 7a8bb0d8c80defaa402005c98d23b35d SHA1..: c1915319d7d5e11e76ed1bea411bf5c70dce4c83 SHA256: 3b5fa76d7f3bb6a76fdb9c76142dbe842dbd5a1986a406f61aaa871bd8d33c96 SHA512: c56bd34d6905b5f52ae75984281c0e695995b90ed1b8a412b4d97016cd1212b9<br>d1cce7b38eb0aa86417e56010e98687bbcf012768a947073d236d3974a5fa346<br> ssdeep: 3:hl/tS+:I+<br> PEiD..: - TrID..: File type identification<br>MS Flight Simulator Aircraft Performance Info (100.0%) PEInfo: - Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.12.6.0 2008.12.06 - AntiVir 7.9.0.42 2008.12.07 - Authentium 5.1.0.4 2008.12.07 - Avast 4.8.1281.0 2008.12.06 - AVG 8.0.0.199 2008.12.07 - BitDefender 7.2 2008.12.07 - CAT-QuickHeal 10.00 2008.12.06 - ClamAV 0.94.1 2008.12.07 - Comodo 698 2008.12.06 - DrWeb 4.44.0.09170 2008.12.07 - eSafe 7.0.17.0 2008.12.07 - eTrust-Vet 31.6.6246 2008.12.05 - Ewido 4.0 2008.12.07 - F-Prot 4.4.4.56 2008.12.04 - F-Secure 8.0.14332.0 2008.12.07 - Fortinet 3.117.0.0 2008.12.07 - GData 19 2008.12.07 - Ikarus T3.1.1.45.0 2008.12.07 - K7AntiVirus 7.10.547 2008.12.06 - Kaspersky 7.0.0.125 2008.12.07 - McAfee 5456 2008.12.06 - McAfee+Artemis 5456 2008.12.06 - Microsoft 1.4205 2008.12.07 - NOD32 3668 2008.12.06 - Norman 5.80.02 2008.12.05 - Panda 9.0.0.4 2008.12.07 - PCTools 4.4.2.0 2008.12.07 - Prevx1 V2 2008.12.08 - Rising 21.06.62.00 2008.12.07 - SecureWeb-Gateway 6.7.6 2008.12.07 - Sophos 4.36.0 2008.12.07 - Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.07 - TheHacker 6.3.1.2.179 2008.12.06 - TrendMicro 8.700.0.1004 2008.12.05 - VBA32 3.12.8.10 2008.12.07 - ViRobot 2008.12.6.1504 2008.12.06 - VirusBuster 4.5.11.0 2008.12.05 - Information additionnelle File size: 88 bytes MD5...: 7a8bb0d8c80defaa402005c98d23b35d SHA1..: c1915319d7d5e11e76ed1bea411bf5c70dce4c83 SHA256: 3b5fa76d7f3bb6a76fdb9c76142dbe842dbd5a1986a406f61aaa871bd8d33c96 SHA512: c56bd34d6905b5f52ae75984281c0e695995b90ed1b8a412b4d97016cd1212b9<br>d1cce7b38eb0aa86417e56010e98687bbcf012768a947073d236d3974a5fa346<br> ssdeep: 3:hl/tS+:I+<br> PEiD..: - TrID..: File type identification<br>MS Flight Simulator Aircraft Performance Info (100.0%) PEInfo: - -
Alerte récurrente de l'antivirus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
voilà le rapport. Note : avant l'affichage du rapport il y a eu un redémarrage de windows et mon antivirus s'est manifesté comme quand j'ai essayé de lancer combofix sans le désactiver. Le souci c'est qu'il s'est réactivé au nouveau lancement de windows. ComboFix 08-12-06.06 - nègre 2008-12-07 23:51:31.2 - NTFSx86 Microsoft® Windows Vista™ Professionnel 6.0.6001.1.1252.1.1036.18.1810 [GMT 1:00] Lancé depuis: c:\users\nègre\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\nègre\Desktop\CFScript.txt * Un nouveau point de restauration a été créé FILE :: c:\windows\cisvc.exe c:\windows\logman.exe c:\windows\system\mstsc.exe c:\windows\System32\drivers\cmstp.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\cisvc.exe c:\windows\logman.exe c:\windows\system\mstsc.exe c:\windows\System32\drivers\cmstp.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-07 au 2008-12-07 )))))))))))))))))))))))))))))))))))) . 2008-12-07 23:11 . 2008-09-05 18:03 86,016 --a------ c:\users\nègre\AppData\Roaming\mqtgsvc.exe 2008-12-07 22:07 . 2008-12-07 22:07 <REP> d-------- C:\rsit 2008-12-07 20:28 . 2008-09-05 18:03 86,016 --a------ c:\users\nègre\AppData\Roaming\spoolsv.exe 2008-12-07 19:21 . 2008-12-07 19:21 <REP> d-------- C:\_OTMoveIt 2008-12-07 19:19 . 2008-09-05 18:03 86,016 --a------ c:\windows\System32\drivers\mstinit.exe 2008-12-07 17:44 . 2008-12-07 17:44 401,720 --a------ c:\users\nègre\HiJackThis.exe 2008-12-07 17:44 . 2008-12-07 17:44 401,720 --a------ c:\users\nègre\HiJackThis.exe 2008-11-30 14:13 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-30 14:13 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-30 14:13 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-30 14:13 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-30 14:13 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-30 14:13 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-30 14:13 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-30 14:13 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-30 14:13 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-28 12:12 . 2008-11-28 12:12 <REP> d-------- c:\users\nègre\AppData\Roaming\Malwarebytes 2008-11-28 12:12 . 2008-11-28 12:12 <REP> d-------- c:\users\All Users\Malwarebytes 2008-11-28 12:12 . 2008-11-28 12:12 <REP> d-------- c:\programdata\Malwarebytes 2008-11-28 12:12 . 2008-12-07 17:52 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-28 12:12 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-11-28 12:12 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-11-28 09:41 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-28 09:40 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-28 09:40 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-28 09:40 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-28 09:40 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-20 19:06 . 2008-08-17 11:33 678,408 --a------ c:\windows\System32\gpprefcl.dll 2008-11-14 23:43 . 2008-12-02 23:33 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-14 23:43 . 2008-11-14 23:43 1,409 --a------ c:\windows\QTFont.for 2008-11-14 00:11 . 2008-11-14 00:19 <REP> d-------- c:\program files\SupraASCIIArt 2008-11-12 19:32 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-12 19:32 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-12 19:32 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-07 22:54 6,553,600 --sha-w c:\users\nègre\NTUSER.DAT 2008-12-07 22:54 6,553,600 --sha-w c:\users\nègre\NTUSER.DAT 2008-12-07 21:52 4,980,736 --sha-w c:\users\Cécile\NTUSER.DAT 2008-12-07 21:52 4,980,736 --sha-w c:\users\Cécile\NTUSER.DAT 2008-12-07 16:44 401,720 ----a-w c:\users\nègre\HiJackThis.exe 2008-12-07 16:44 401,720 ----a-w c:\users\nègre\HiJackThis.exe 2008-12-07 12:50 --------- d-----w c:\programdata\AntiVir PersonalEdition Classic 2008-11-30 13:25 --------- d-----w c:\users\nègre\AppData\Roaming\OpenOffice.org2 2008-11-29 14:27 --------- d-----w c:\program files\Eraser 2008-11-29 14:27 --------- d-----w c:\program files\CCleaner 2008-11-29 14:27 --------- d-----w c:\program files\a-squared Free 2008-11-29 14:26 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-29 14:22 --------- d-----w c:\program files\SpywareBlaster 2008-11-28 11:12 --------- d-----w c:\users\nègre\AppData\Roaming\Malwarebytes 2008-11-21 08:51 --------- d-----w c:\programdata\Spybot - Search & Destroy 2008-11-03 18:20 --------- d-----w c:\programdata\ma-config.com 2008-11-03 18:20 --------- d-----w c:\program files\ma-config.com 2008-10-23 21:58 --------- d-s---w c:\users\Cécile\AppData\Roaming\Microsoft 2008-10-23 09:20 --------- d-----w c:\users\Cécile\AppData\Roaming\Mozilla 2008-10-20 20:35 --------- d-----w c:\program files\Codemasters 2008-10-20 12:39 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-20 12:39 --------- d-----w c:\programdata\Codemasters 2008-10-20 08:07 --------- d-----w c:\program files\OpenAL 2008-10-17 13:32 --------- d-----w c:\program files\Athens 2004 2008-10-15 18:00 --------- d-----w c:\program files\Windows Mail 2008-10-11 14:26 --------- d-----w c:\program files\Mozilla Thunderbird 2008-09-05 17:03 86,016 ----a-w c:\users\nègre\AppData\Roaming\spoolsv.exe 2008-09-05 17:03 86,016 ----a-w c:\users\nègre\AppData\Roaming\mqtgsvc.exe 2008-07-25 19:44 174 --sha-w c:\program files\desktop.ini 2008-07-19 20:18 446,230,875 ----a-w c:\users\NGRE~2\setup-2.bin 2007-07-29 15:27 705,496 ----a-w c:\users\Public\installer-39506-17-CCleaner-French.exe 2008-08-01 12:25 88 --sh--r c:\windows\System32\412DB83299.sys 2008-08-01 12:25 1,682 --sha-w c:\windows\System32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-12-07_22.55.48,15 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-07 18:22:59 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-12-07 22:54:02 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-12-07 18:24:28 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-12-07 22:54:54 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-12-07 22:54:54 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-12-07 18:24:23 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-12-07 22:54:54 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-12-07 22:54:54 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-11-02 17:31:53 1,642,808 ----a-w c:\windows\System32\FNTCACHE.DAT + 2008-12-07 22:54:30 1,642,808 ----a-w c:\windows\System32\FNTCACHE.DAT . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497] "CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312] [HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run] "Spool"="c:\users\NGRE~1\AppData\Roaming\spoolsv.exe" [2008-09-05 86016] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3989977098-1871649959-1308902764-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{1EFFDF73-D9E3-4C6C-B3D5-572BF799D683}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server "{EF66DF6C-DA40-45C1-87DB-8C8CD56C78EA}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server "{9EE07DAA-DE6A-4924-BB2E-E5C2DA965D7A}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager "{BDF8EE40-D180-4EEF-B4A3-FAB199706B47}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager "{D8772E15-1791-43BA-915A-33D7A8346CAB}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor "{22BDD7DB-4DF1-460B-81EF-4FA39FB0F374}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor "{CE680527-609F-4227-AB3F-967E5C0D980C}"= TCP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit "{02308735-8423-4751-9DE6-19B2CE867FB5}"= UDP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit "UDP Query User{68D8289C-AC6C-4BB1-88FF-0B375A2CCE79}c:\\program files\\e frontier\\poser 7\\poser.exe"= TCP:c:\program files\e frontier\poser 7\poser.exe:Poser executable file "TCP Query User{B3352131-6F2A-479E-8193-75EBEAB1057F}c:\\program files\\e frontier\\poser 7\\poser.exe"= UDP:c:\program files\e frontier\poser 7\poser.exe:Poser executable file "UDP Query User{F1AF1368-BD28-4034-8B5E-CFCB681ED088}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{12130006-A756-478F-8350-A625D7AD49D0}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{FD3D117B-435F-4A6F-840C-59F0AF7EBF3A}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "TCP Query User{7B0D2CD4-2934-4116-9DD5-BAAAC49137AD}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{63C68E0B-E628-46E7-AF02-FF6567452470}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "TCP Query User{3458B4F8-D98B-47FC-920C-8C6C18C46A0C}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{66DE1193-8C2A-42A0-89F9-778AD65F3D23}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent "TCP Query User{F770785C-5EE1-4BB8-B1B7-6F0AA7092B3A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent "UDP Query User{30697472-32B7-47CE-9948-5DF7A2902B6A}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{C7E05A58-C8CA-49DE-A792-22CE12C1DA02}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{042A9DB3-D99B-4295-BE20-6066B3262F80}c:\\movamp\\mnt\\usr\\local\\apache2\\bin\\apache.exe"= TCP:c:\movamp\mnt\usr\local\apache2\bin\apache.exe:Apache HTTP Server "TCP Query User{6584065A-BD88-4B61-A88A-31C4FF5499CC}c:\\movamp\\mnt\\usr\\local\\apache2\\bin\\apache.exe"= UDP:c:\movamp\mnt\usr\local\apache2\bin\apache.exe:Apache HTTP Server "UDP Query User{8BFB18A1-FDF2-4023-BDBF-11EDF87E0A8B}c:\\movamp\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"= TCP:c:\movamp\mnt\usr\local\mysql\bin\mysqld.exe:mysqld "TCP Query User{66FB58E2-F4C9-4AB3-88BE-BFE9841DF6BD}c:\\movamp\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"= UDP:c:\movamp\mnt\usr\local\mysql\bin\mysqld.exe:mysqld "UDP Query User{37CFCF5D-67EC-4852-BF46-12B5566FDC00}c:\\users\\nègre\\desktop\\movamp\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"= TCP:c:\users\nègre\desktop\movamp\mnt\usr\local\mysql\bin\mysqld.exe:mysqld.exe "TCP Query User{855681DF-0EA4-4E63-B32C-B0DD78A0AD0E}c:\\users\\nègre\\desktop\\movamp\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"= UDP:c:\users\nègre\desktop\movamp\mnt\usr\local\mysql\bin\mysqld.exe:mysqld.exe "{33A95756-696B-4836-9D08-430E0FE02039}"= TCP:4669:eMule "{C5B64F91-4D43-4799-820B-1F0F988247E4}"= TCP:4669:eMule "UDP Query User{A586B216-43B6-4DDE-A657-B20CBB8B37A3}c:\\program files\\e-on software\\vue 6 xstream\\application\\vue 6 xstream.eon"= Disabled:TCP:c:\program files\e-on software\vue 6 xstream\application\vue 6 xstream.eon:Vue 6 xStream.eon "TCP Query User{A3CC07CE-D840-48CE-B795-7DF4D5FDBC47}c:\\program files\\e-on software\\vue 6 xstream\\application\\vue 6 xstream.eon"= Disabled:UDP:c:\program files\e-on software\vue 6 xstream\application\vue 6 xstream.eon:Vue 6 xStream.eon "{BDD52BD1-B142-4688-A82D-1EEA08237D86}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{5C785D1E-6BB8-4695-9C23-332E52000DDB}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "UDP Query User{1F3A92C8-E523-4EBE-AFE7-0B630A6809D0}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{6378C20E-A87F-45B5-9903-F75DA0C14DD0}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{2AC4B52F-1005-4264-8947-B068E6B65FFC}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{D7922AA8-3FDB-483D-AD39-73F7E0636F77}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "TCP Query User{5D729616-852C-441D-BCB8-E72AFC0D7001}c:\\program\\green border\\sea battle\\seabattle.exe"= UDP:c:\program\green border\sea battle\seabattle.exe:Green Border Sea Battle "UDP Query User{788CBDBF-4169-4CAC-A55E-EA44E6D345A8}c:\\program\\green border\\sea battle\\seabattle.exe"= TCP:c:\program\green border\sea battle\seabattle.exe:Green Border Sea Battle "TCP Query User{67A4B2DC-9ABF-496C-93E9-BE85CE82F77E}c:\\users\\nègre\\desktop\\das_boot_1.0\\das boot.exe"= UDP:c:\users\nègre\desktop\das_boot_1.0\das boot.exe:das boot.exe "UDP Query User{6E3423CE-578B-4AD6-87D9-31773CB93A0E}c:\\users\\nègre\\desktop\\das_boot_1.0\\das boot.exe"= TCP:c:\users\nègre\desktop\das_boot_1.0\das boot.exe:das boot.exe "TCP Query User{C6BED574-ED13-44B6-9A5B-758924C6FF78}c:\\program files\\netintellgames\\net sea war 4\\seawar.exe"= UDP:c:\program files\netintellgames\net sea war 4\seawar.exe:Net Sea War "UDP Query User{1220AA84-28E6-4049-B4E8-17F68580271F}c:\\program files\\netintellgames\\net sea war 4\\seawar.exe"= TCP:c:\program files\netintellgames\net sea war 4\seawar.exe:Net Sea War "TCP Query User{10D2B4EA-A0DE-4B7E-85CF-2443A0593B9E}c:\\program files\\codemasters\\colin mcrae - dirt\\dirt.exe"= UDP:c:\program files\codemasters\colin mcrae - dirt\dirt.exe:DiRT Executable "UDP Query User{F7E527C9-B506-4D4C-AEFF-27358B6C7EF6}c:\\program files\\codemasters\\colin mcrae - dirt\\dirt.exe"= TCP:c:\program files\codemasters\colin mcrae - dirt\dirt.exe:DiRT Executable "{C7222D63-E7F1-49F2-ABCB-33BF3D89FD18}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp "{FBDD44DF-EF1B-46FC-86C8-A1B2F2B1C4FA}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp "{2D24A0FB-ABE2-477A-9497-8EB7095BB6B2}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice "{4076580F-88EC-4EC6-9E1E-383B02A41206}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R2 Maxtor Sync Service;Maxtor Service;"c:\program files\Maxtor\Sync\SyncServices.exe" [2008-07-21 193888] R3 HabuFltr;Habu Mouse;c:\windows\system32\drivers\habu.sys [2008-02-08 27776] S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-11-02 195752] S3 WMSvc;Service de gestion Web;c:\windows\system32\inetsrv\wmsvc.exe [2008-06-14 11264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10bfe7f9-7067-11dd-9454-00196610b979}] \shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe . Contenu du dossier 'Tâches planifiées' 2008-12-07 c:\windows\Tasks\User_Feed_Synchronization-{1559A6B9-87C7-4552-AD27-F2EAF32344CB}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Explorer_Run-Cisvc - c:\windows\cisvc.exe . ------- Examen supplémentaire ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html c:\windows\Downloaded Program Files\MegaMocapWeb.ocx - O16 -: {E3E6FFEE-748F-43BA-87AE-B1F1B11ED193} hxxp://www.charactermotion.com/products/powermoves/megamocap/MegaMocapWeb.ocx FireFox -: Profile - c:\users\nègre\AppData\Roaming\Mozilla\Firefox\Profiles\wa6gzygd.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll FF -: plugin - c:\users\nègre\AppData\Roaming\Mozilla\Firefox\Profiles\wa6gzygd.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll . ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\windows\System32\Ati2evxx.exe c:\program files\AntiVir PersonalEdition Classic\avguard.exe c:\program files\a-squared Free\a2service.exe c:\program files\AntiVir PersonalEdition Classic\sched.exe c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\windows\System32\inetsrv\inetinfo.exe c:\windows\System32\TCPSVCS.EXE c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\System32\conime.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\windows\System32\wbem\WMIADAP.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Heure de fin: 2008-12-07 23:59:27 - La machine a redémarré ComboFix-quarantined-files.txt 2008-12-07 22:59:09 ComboFix2.txt 2008-12-07 21:56:40 Avant-CF: 139 560 054 784 octets libres Après-CF: 139,649,896,448 octets libres 258 --- E O F --- 2008-12-04 17:11:19 -
Alerte récurrente de l'antivirus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
hop : ComboFix 08-12-06.06 - nègre 2008-12-07 22:52:56.1 - NTFSx86 Microsoft® Windows Vista™ Professionnel 6.0.6001.1.1252.1.1036.18.2137 [GMT 1:00] Lancé depuis: c:\users\nègre\Desktop\ComboFix.exe * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\nègre\nègre.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-07 au 2008-12-07 )))))))))))))))))))))))))))))))))))) . 2008-12-07 22:07 . 2008-12-07 22:07 <REP> d-------- C:\rsit 2008-12-07 20:28 . 2008-09-05 18:03 86,016 --a------ c:\users\nègre\AppData\Roaming\spoolsv.exe 2008-12-07 19:21 . 2008-12-07 19:21 <REP> d-------- C:\_OTMoveIt 2008-12-07 19:19 . 2008-09-05 18:03 86,016 --a------ c:\windows\System32\drivers\mstinit.exe 2008-12-07 19:19 . 2008-09-05 18:03 86,016 --a------ c:\windows\System32\drivers\cmstp.exe 2008-12-07 19:19 . 2008-09-05 18:03 86,016 --a------ c:\windows\system\mstsc.exe 2008-12-07 19:19 . 2008-09-05 18:03 86,016 --a------ c:\windows\cisvc.exe 2008-12-07 17:44 . 2008-12-07 17:44 401,720 --a------ c:\users\nègre\HiJackThis.exe 2008-12-07 17:44 . 2008-12-07 17:44 401,720 --a------ c:\users\nègre\HiJackThis.exe 2008-11-30 14:13 . 2008-10-16 22:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-30 14:13 . 2008-10-16 21:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-30 14:13 . 2008-10-16 22:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-30 14:13 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-30 14:13 . 2008-10-16 21:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-30 14:13 . 2008-10-16 22:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-30 14:13 . 2008-10-16 22:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-30 14:13 . 2008-10-16 22:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-30 14:13 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-28 12:16 . 2008-09-05 18:03 86,016 --a------ c:\windows\logman.exe 2008-11-28 12:12 . 2008-11-28 12:12 <REP> d-------- c:\users\nègre\AppData\Roaming\Malwarebytes 2008-11-28 12:12 . 2008-11-28 12:12 <REP> d-------- c:\users\All Users\Malwarebytes 2008-11-28 12:12 . 2008-11-28 12:12 <REP> d-------- c:\programdata\Malwarebytes 2008-11-28 12:12 . 2008-12-07 17:52 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-28 12:12 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-11-28 12:12 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-11-28 09:41 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-28 09:40 . 2008-08-28 04:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-28 09:40 . 2008-08-28 04:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-28 09:40 . 2008-08-28 04:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-28 09:40 . 2008-10-22 04:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-20 19:06 . 2008-08-17 11:33 678,408 --a------ c:\windows\System32\gpprefcl.dll 2008-11-14 23:43 . 2008-12-02 23:33 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-14 23:43 . 2008-11-14 23:43 1,409 --a------ c:\windows\QTFont.for 2008-11-14 00:11 . 2008-11-14 00:19 <REP> d-------- c:\program files\SupraASCIIArt 2008-11-12 19:32 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-12 19:32 . 2008-09-05 06:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-12 19:32 . 2008-08-27 02:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-07 21:53 6,553,600 --sha-w c:\users\nègre\NTUSER.DAT 2008-12-07 21:53 6,553,600 --sha-w c:\users\nègre\NTUSER.DAT 2008-12-07 21:52 4,980,736 --sha-w c:\users\Cécile\NTUSER.DAT 2008-12-07 21:52 4,980,736 --sha-w c:\users\Cécile\NTUSER.DAT 2008-12-07 16:44 401,720 ----a-w c:\users\nègre\HiJackThis.exe 2008-12-07 16:44 401,720 ----a-w c:\users\nègre\HiJackThis.exe 2008-12-07 12:50 --------- d-----w c:\programdata\AntiVir PersonalEdition Classic 2008-11-30 13:25 --------- d-----w c:\users\nègre\AppData\Roaming\OpenOffice.org2 2008-11-29 14:27 --------- d-----w c:\program files\Eraser 2008-11-29 14:27 --------- d-----w c:\program files\CCleaner 2008-11-29 14:27 --------- d-----w c:\program files\a-squared Free 2008-11-29 14:26 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-29 14:22 --------- d-----w c:\program files\SpywareBlaster 2008-11-28 11:12 --------- d-----w c:\users\nègre\AppData\Roaming\Malwarebytes 2008-11-21 08:51 --------- d-----w c:\programdata\Spybot - Search & Destroy 2008-11-03 18:20 --------- d-----w c:\programdata\ma-config.com 2008-11-03 18:20 --------- d-----w c:\program files\ma-config.com 2008-10-23 21:58 --------- d-s---w c:\users\Cécile\AppData\Roaming\Microsoft 2008-10-23 09:20 --------- d-----w c:\users\Cécile\AppData\Roaming\Mozilla 2008-10-20 20:35 --------- d-----w c:\program files\Codemasters 2008-10-20 12:39 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-20 12:39 --------- d-----w c:\programdata\Codemasters 2008-10-20 08:07 444,952 ----a-w c:\windows\System32\wrap_oal.dll 2008-10-20 08:07 109,080 ----a-w c:\windows\System32\OpenAL32.dll 2008-10-20 08:07 107,888 ----a-w c:\windows\System32\CmdLineExt.dll 2008-10-20 08:07 --------- d-----w c:\program files\OpenAL 2008-10-17 13:32 --------- d-----w c:\program files\Athens 2004 2008-10-15 18:00 --------- d-----w c:\program files\Windows Mail 2008-10-11 14:26 --------- d-----w c:\program files\Mozilla Thunderbird 2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll 2008-09-30 15:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe 2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll 2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-09-05 17:03 86,016 ----a-w c:\users\nègre\AppData\Roaming\spoolsv.exe 2008-07-25 19:44 174 --sha-w c:\program files\desktop.ini 2008-07-19 20:18 446,230,875 ----a-w c:\users\NGRE~2\setup-2.bin 2007-07-29 15:27 705,496 ----a-w c:\users\Public\installer-39506-17-CCleaner-French.exe 2008-08-01 12:25 88 --sh--r c:\windows\System32\412DB83299.sys 2008-08-01 12:25 1,682 --sha-w c:\windows\System32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "avgnt"="c:\program files\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-17 266497] "CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" [2002-11-02 45056] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-03 178712] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "UVS10 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-06 36864] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "Mstsc"="c:\windows\System\mstsc.exe" [2008-09-05 86016] [HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run] "Spool"="c:\users\NGRE~1\AppData\Roaming\spoolsv.exe" [2008-09-05 86016] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.ac3filter"= ac3filter.acm "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3989977098-1871649959-1308902764-1000] "EnableNotificationsRef"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{1EFFDF73-D9E3-4C6C-B3D5-572BF799D683}"= TCP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server "{EF66DF6C-DA40-45C1-87DB-8C8CD56C78EA}"= UDP:c:\program files\Autodesk\Backburner\server.exe:backburner 2.3 server "{9EE07DAA-DE6A-4924-BB2E-E5C2DA965D7A}"= TCP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager "{BDF8EE40-D180-4EEF-B4A3-FAB199706B47}"= UDP:c:\program files\Autodesk\Backburner\manager.exe:backburner 2.3 manager "{D8772E15-1791-43BA-915A-33D7A8346CAB}"= TCP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor "{22BDD7DB-4DF1-460B-81EF-4FA39FB0F374}"= UDP:c:\program files\Autodesk\Backburner\monitor.exe:backburner 2.3 monitor "{CE680527-609F-4227-AB3F-967E5C0D980C}"= TCP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit "{02308735-8423-4751-9DE6-19B2CE867FB5}"= UDP:c:\program files\Autodesk\3ds Max 9\3dsmax.exe:Autodesk 3ds Max 9 32-bit "UDP Query User{68D8289C-AC6C-4BB1-88FF-0B375A2CCE79}c:\\program files\\e frontier\\poser 7\\poser.exe"= TCP:c:\program files\e frontier\poser 7\poser.exe:Poser executable file "TCP Query User{B3352131-6F2A-479E-8193-75EBEAB1057F}c:\\program files\\e frontier\\poser 7\\poser.exe"= UDP:c:\program files\e frontier\poser 7\poser.exe:Poser executable file "UDP Query User{F1AF1368-BD28-4034-8B5E-CFCB681ED088}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{12130006-A756-478F-8350-A625D7AD49D0}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{FD3D117B-435F-4A6F-840C-59F0AF7EBF3A}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "TCP Query User{7B0D2CD4-2934-4116-9DD5-BAAAC49137AD}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{63C68E0B-E628-46E7-AF02-FF6567452470}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= TCP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "TCP Query User{3458B4F8-D98B-47FC-920C-8C6C18C46A0C}c:\\program files\\trackmania nations eswc\\tmnationseswc.exe"= UDP:c:\program files\trackmania nations eswc\tmnationseswc.exe:TmNationsESWC "UDP Query User{66DE1193-8C2A-42A0-89F9-778AD65F3D23}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:bittorrent "TCP Query User{F770785C-5EE1-4BB8-B1B7-6F0AA7092B3A}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:bittorrent "UDP Query User{30697472-32B7-47CE-9948-5DF7A2902B6A}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{C7E05A58-C8CA-49DE-A792-22CE12C1DA02}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{042A9DB3-D99B-4295-BE20-6066B3262F80}c:\\movamp\\mnt\\usr\\local\\apache2\\bin\\apache.exe"= TCP:c:\movamp\mnt\usr\local\apache2\bin\apache.exe:Apache HTTP Server "TCP Query User{6584065A-BD88-4B61-A88A-31C4FF5499CC}c:\\movamp\\mnt\\usr\\local\\apache2\\bin\\apache.exe"= UDP:c:\movamp\mnt\usr\local\apache2\bin\apache.exe:Apache HTTP Server "UDP Query User{8BFB18A1-FDF2-4023-BDBF-11EDF87E0A8B}c:\\movamp\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"= TCP:c:\movamp\mnt\usr\local\mysql\bin\mysqld.exe:mysqld "TCP Query User{66FB58E2-F4C9-4AB3-88BE-BFE9841DF6BD}c:\\movamp\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"= UDP:c:\movamp\mnt\usr\local\mysql\bin\mysqld.exe:mysqld "UDP Query User{37CFCF5D-67EC-4852-BF46-12B5566FDC00}c:\\users\\nègre\\desktop\\movamp\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"= TCP:c:\users\nègre\desktop\movamp\mnt\usr\local\mysql\bin\mysqld.exe:mysqld.exe "TCP Query User{855681DF-0EA4-4E63-B32C-B0DD78A0AD0E}c:\\users\\nègre\\desktop\\movamp\\mnt\\usr\\local\\mysql\\bin\\mysqld.exe"= UDP:c:\users\nègre\desktop\movamp\mnt\usr\local\mysql\bin\mysqld.exe:mysqld.exe "{33A95756-696B-4836-9D08-430E0FE02039}"= TCP:4669:eMule "{C5B64F91-4D43-4799-820B-1F0F988247E4}"= TCP:4669:eMule "UDP Query User{A586B216-43B6-4DDE-A657-B20CBB8B37A3}c:\\program files\\e-on software\\vue 6 xstream\\application\\vue 6 xstream.eon"= Disabled:TCP:c:\program files\e-on software\vue 6 xstream\application\vue 6 xstream.eon:Vue 6 xStream.eon "TCP Query User{A3CC07CE-D840-48CE-B795-7DF4D5FDBC47}c:\\program files\\e-on software\\vue 6 xstream\\application\\vue 6 xstream.eon"= Disabled:UDP:c:\program files\e-on software\vue 6 xstream\application\vue 6 xstream.eon:Vue 6 xStream.eon "{BDD52BD1-B142-4688-A82D-1EEA08237D86}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{5C785D1E-6BB8-4695-9C23-332E52000DDB}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "UDP Query User{1F3A92C8-E523-4EBE-AFE7-0B630A6809D0}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{6378C20E-A87F-45B5-9903-F75DA0C14DD0}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{2AC4B52F-1005-4264-8947-B068E6B65FFC}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{D7922AA8-3FDB-483D-AD39-73F7E0636F77}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "TCP Query User{5D729616-852C-441D-BCB8-E72AFC0D7001}c:\\program\\green border\\sea battle\\seabattle.exe"= UDP:c:\program\green border\sea battle\seabattle.exe:Green Border Sea Battle "UDP Query User{788CBDBF-4169-4CAC-A55E-EA44E6D345A8}c:\\program\\green border\\sea battle\\seabattle.exe"= TCP:c:\program\green border\sea battle\seabattle.exe:Green Border Sea Battle "TCP Query User{67A4B2DC-9ABF-496C-93E9-BE85CE82F77E}c:\\users\\nègre\\desktop\\das_boot_1.0\\das boot.exe"= UDP:c:\users\nègre\desktop\das_boot_1.0\das boot.exe:das boot.exe "UDP Query User{6E3423CE-578B-4AD6-87D9-31773CB93A0E}c:\\users\\nègre\\desktop\\das_boot_1.0\\das boot.exe"= TCP:c:\users\nègre\desktop\das_boot_1.0\das boot.exe:das boot.exe "TCP Query User{C6BED574-ED13-44B6-9A5B-758924C6FF78}c:\\program files\\netintellgames\\net sea war 4\\seawar.exe"= UDP:c:\program files\netintellgames\net sea war 4\seawar.exe:Net Sea War "UDP Query User{1220AA84-28E6-4049-B4E8-17F68580271F}c:\\program files\\netintellgames\\net sea war 4\\seawar.exe"= TCP:c:\program files\netintellgames\net sea war 4\seawar.exe:Net Sea War "TCP Query User{10D2B4EA-A0DE-4B7E-85CF-2443A0593B9E}c:\\program files\\codemasters\\colin mcrae - dirt\\dirt.exe"= UDP:c:\program files\codemasters\colin mcrae - dirt\dirt.exe:DiRT Executable "UDP Query User{F7E527C9-B506-4D4C-AEFF-27358B6C7EF6}c:\\program files\\codemasters\\colin mcrae - dirt\\dirt.exe"= TCP:c:\program files\codemasters\colin mcrae - dirt\dirt.exe:DiRT Executable "{C7222D63-E7F1-49F2-ABCB-33BF3D89FD18}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp "{FBDD44DF-EF1B-46FC-86C8-A1B2F2B1C4FA}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp "{2D24A0FB-ABE2-477A-9497-8EB7095BB6B2}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice "{4076580F-88EC-4EC6-9E1E-383B02A41206}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DoNotAllowExceptions"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent R2 Maxtor Sync Service;Maxtor Service;"c:\program files\Maxtor\Sync\SyncServices.exe" [2008-07-21 193888] R3 HabuFltr;Habu Mouse;c:\windows\system32\drivers\habu.sys [2008-02-08 27776] S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-11-02 195752] S3 WMSvc;Service de gestion Web;c:\windows\system32\inetsrv\wmsvc.exe [2008-06-14 11264] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10bfe7f9-7067-11dd-9454-00196610b979}] \shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f8781a5-bec9-11dc-a8d6-00196610b979}] \shell\Auto\command - cmd /C launch.bat \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Tâches planifiées' 2008-12-07 c:\windows\Tasks\User_Feed_Synchronization-{1559A6B9-87C7-4552-AD27-F2EAF32344CB}.job - c:\windows\system32\msfeedssync.exe [2008-01-19 08:33] . . ------- Examen supplémentaire ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = *.local IE: Convertir en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la cible du lien en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la cible du lien en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir la sélection en Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convertir la sélection en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convertir les liens sélectionnés en fichier Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convertir les liens sélectionnés en un fichier PDF existant - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html c:\windows\Downloaded Program Files\MegaMocapWeb.ocx - O16 -: {E3E6FFEE-748F-43BA-87AE-B1F1B11ED193} hxxp://www.charactermotion.com/products/powermoves/megamocap/MegaMocapWeb.ocx FireFox -: Profile - c:\users\nègre\AppData\Roaming\Mozilla\Firefox\Profiles\wa6gzygd.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll FF -: plugin - c:\users\nègre\AppData\Roaming\Mozilla\Firefox\Profiles\wa6gzygd.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-07 22:55:15 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-12-07 22:56:39 ComboFix-quarantined-files.txt 2008-12-07 21:56:37 Avant-CF: 139 274 121 216 octets libres Après-CF: 139,298,209,792 octets libres 233 --- E O F --- 2008-12-04 17:11:19 -
Alerte récurrente de l'antivirus
jezabel a répondu à un(e) sujet de jezabel dans Analyses et éradication malwares
log.txt : Logfile of random's system information tool 1.04 (written by random/random) Run by nègre at 2008-12-07 22:07:46 Microsoft® Windows Vista™ Professionnel Service Pack 1 System drive C: has 131 GB (55%) free of 238 GB Total RAM: 3199 MB (64% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:07:55, on 07/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\System32\drivers\mstinit.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\nègre\Desktop\RSIT.exe C:\Users\nègre\nègre.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F3 - REG:win.ini: load=C:\Windows\System32\drivers\mstinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\Windows\System\mstsc.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [CmSTP] C:\Users\NGRE~1\AppData\Local\Temp\cmstp.exe /waitservice O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [spool] C:\Users\NGRE~1\AppData\Roaming\spoolsv.exe /waitservice (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [spool] C:\Users\NGRE~1\AppData\Roaming\spoolsv.exe /waitservice (User 'Default user') O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O13 - Gopher Prefix: O16 - DPF: {E3E6FFEE-748F-43BA-87AE-B1F1B11ED193} (MegaMocapWeb Control) - http://www.charactermotion.com/products/po...egaMocapWeb.ocx O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8330 bytes ======Scheduled tasks folder====== C:\Windows\tasks\User_Feed_Synchronization-{1559A6B9-87C7-4552-AD27-F2EAF32344CB}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}] C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}] AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328] "avgnt"=C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-17 266497] "CloneCDElbyCDFL"=C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe [2002-11-02 45056] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2007-10-03 178712] "NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe [2006-03-06 36864] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-03-28 413696] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672] "mxomssmenu"=C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe [2008-07-21 169312] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "Mstsc"=C:\Windows\System\mstsc.exe [2008-09-05 86016] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "CmSTP"=C:\Users\NGRE~1\AppData\Local\Temp\cmstp.exe [2008-09-05 86016] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableLUA"=0 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f8781a5-bec9-11dc-a8d6-00196610b979}] shell\Auto\command - cmd /C launch.bat shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat ======List of files/folders created in the last 1 months====== 2008-12-07 22:07:46 ----D---- C:\rsit 2008-12-07 20:28:28 ----A---- C:\Users\nègre\AppData\Roaming\spoolsv.exe 2008-12-07 19:21:09 ----D---- C:\_OTMoveIt 2008-12-07 19:19:57 ----A---- C:\Windows\cisvc.exe 2008-11-30 16:18:30 ----A---- C:\Windows\ntbtlog.txt 2008-11-30 14:13:44 ----A---- C:\Windows\system32\wups2.dll 2008-11-30 14:13:43 ----A---- C:\Windows\system32\wucltux.dll 2008-11-30 14:13:43 ----A---- C:\Windows\system32\wuaueng.dll 2008-11-30 14:13:43 ----A---- C:\Windows\system32\wuauclt.exe 2008-11-30 14:13:32 ----A---- C:\Windows\system32\wups.dll 2008-11-30 14:13:32 ----A---- C:\Windows\system32\wudriver.dll 2008-11-30 14:13:31 ----A---- C:\Windows\system32\wuapi.dll 2008-11-30 14:13:28 ----A---- C:\Windows\system32\wuwebv.dll 2008-11-30 14:13:28 ----A---- C:\Windows\system32\wuapp.exe 2008-11-28 12:16:45 ----A---- C:\Windows\logman.exe 2008-11-28 12:12:32 ----D---- C:\Users\nègre\AppData\Roaming\Malwarebytes 2008-11-28 12:12:26 ----D---- C:\ProgramData\Malwarebytes 2008-11-28 12:12:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-11-28 09:41:01 ----A---- C:\Windows\system32\connect.dll 2008-11-28 09:40:59 ----A---- C:\Windows\system32\PortableDeviceApi.dll 2008-11-28 09:40:55 ----A---- C:\Windows\system32\WindowsCodecsExt.dll 2008-11-28 09:40:55 ----A---- C:\Windows\system32\WindowsCodecs.dll 2008-11-28 09:40:55 ----A---- C:\Windows\system32\PhotoMetadataHandler.dll 2008-11-20 19:06:34 ----A---- C:\Windows\system32\gpprefcl.dll 2008-11-14 00:11:56 ----D---- C:\Program Files\SupraASCIIArt 2008-11-12 19:32:22 ----A---- C:\Windows\system32\msxml3.dll 2008-11-12 19:32:20 ----A---- C:\Windows\system32\msxml6.dll ======List of files/folders modified in the last 1 months====== 2008-12-07 22:07:55 ----D---- C:\Windows\Prefetch 2008-12-07 22:07:53 ----D---- C:\Windows\Temp 2008-12-07 19:32:32 ----D---- C:\Program Files\Mozilla Firefox 2008-12-07 19:28:12 ----D---- C:\Windows\System32 2008-12-07 19:28:12 ----D---- C:\Windows\inf 2008-12-07 19:28:12 ----A---- C:\Windows\system32\PerfStringBackup.INI 2008-12-07 19:25:13 ----D---- C:\Windows\system32\inetsrv 2008-12-07 19:23:40 ----A---- C:\Windows\Ulead32.ini 2008-12-07 19:21:10 ----D---- C:\Windows\system32\drivers 2008-12-07 19:21:10 ----D---- C:\Windows\system 2008-12-07 19:19:57 ----D---- C:\Windows 2008-12-07 13:50:05 ----D---- C:\Program Files\AntiVir PersonalEdition Classic 2008-12-07 13:50:04 ----D---- C:\ProgramData\AntiVir PersonalEdition Classic 2008-12-07 13:49:34 ----SHD---- C:\Windows\Installer 2008-12-04 20:27:01 ----SHD---- C:\System Volume Information 2008-11-30 16:47:12 ----D---- C:\Windows\rescache 2008-11-30 16:29:16 ----D---- C:\Windows\winsxs 2008-11-30 16:19:13 ----D---- C:\Windows\system32\catroot 2008-11-30 16:18:32 ----D---- C:\Windows\system32\fr-FR 2008-11-30 14:25:40 ----D---- C:\Users\nègre\AppData\Roaming\OpenOffice.org2 2008-11-29 15:31:17 ----HD---- C:\ProgramData 2008-11-29 15:27:51 ----D---- C:\Program Files\a-squared Free 2008-11-29 15:27:35 ----D---- C:\Program Files\CCleaner 2008-11-29 15:27:18 ----D---- C:\Program Files\Eraser 2008-11-29 15:27:05 ----RD---- C:\Program Files 2008-11-29 15:26:17 ----D---- C:\Program Files\Spybot - Search & Destroy 2008-11-29 15:22:36 ----D---- C:\Program Files\SpywareBlaster 2008-11-29 08:18:48 ----D---- C:\Windows\system32\catroot2 2008-11-22 14:35:55 ----A---- C:\Windows\NeroDigital.ini 2008-11-21 09:51:15 ----D---- C:\ProgramData\Spybot - Search & Destroy 2008-11-21 09:46:33 ----D---- C:\Windows\Debug ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys [2007-02-27 11840] R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2008-11-28 75072] R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-19 350720] R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352] R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2002-11-29 16320] R2 ROB_A;Pinnacle WDM PCTV Audio Capture; C:\Windows\system32\DRIVERS\rob_a.sys [2003-02-10 17664] R2 ROB_V;Pinnacle WDM PCTV Video Capture; C:\Windows\system32\drivers\rob_v.sys [2003-04-11 125568] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-12-21 3478528] R3 avgntflt;avgntflt; \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys [2008-05-31 52032] R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2002-11-28 15360] R3 HabuFltr;Habu Mouse; C:\Windows\system32\drivers\habu.sys [2006-10-23 27776] R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-01-25 106496] S3 61883;Pilote d'unité 61883; C:\Windows\system32\DRIVERS\61883.sys [2008-01-19 45696] S3 Avc;Périphérique AVC; C:\Windows\system32\DRIVERS\avc.sys [2008-01-19 40448] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-11-02 15360] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 gmer;gmer; C:\Windows\System32\DRIVERS\gmer.sys [2007-08-08 70001] S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-19 52608] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\Windows\system32\DRIVERS\mxopswd.sys [2007-05-03 22152] S3 Point32;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point32k.sys [2006-11-07 24064] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2008-02-04 366712] R2 AntiVirScheduler;AntiVir PersonalEdition Classic Scheduler; C:\Program Files\AntiVir PersonalEdition Classic\sched.exe [2008-10-24 68865] R2 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe [2008-10-24 151297] R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-12-21 643072] R2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2008-02-06 79360] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2007-10-03 358936] R2 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe [2008-01-19 13824] R2 Maxtor Sync Service;Maxtor Service; C:\Program Files\Maxtor\Sync\SyncServices.exe [2008-07-21 193888] R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2006-11-02 9728] R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152] R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2008-01-19 21504] R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848] R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2008-01-19 21504] S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [] S2 mi-raysat_3dsmax9_32;mental ray 3.5 Satellite (32-bit); C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe [2006-09-29 65536] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-07-19 72704] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 aspnet_state;@%windir%\system32\inetsrv\iisres.dll,-30009; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-01-05 33800] S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-03-06 654848] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-11-02 195752] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504] S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-19 917504] S3 WMSvc;@%windir%\system32\inetsrv\iisres.dll,-20001; C:\Windows\system32\inetsrv\wmsvc.exe [2008-01-19 11264] -----------------EOF----------------- et info.txt : info.txt logfile of random's system information tool 1.04 2008-12-07 22:07:56 ======Uninstall list====== -->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL -->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057} 3dsmax ancillary install-->MsiExec.exe /I{7C8B5E63-821A-4DFB-BDFA-19854D88EC5C} 7-Zip 4.42-->"C:\Program Files\7-Zip\Uninstall.exe" Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Adobe Acrobat 7.0-->msiexec /I {AC76BA86-1033-F400-8796-100000000002} Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000101} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color Common Settings-->C:\Program Files\Common Files\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF} Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2} Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029} Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A} Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5101} Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe ExtendScript Toolkit 2-->C:\Program Files\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8} Adobe Flash CS3 Professional-->C:\Program Files\Common Files\Adobe\Installers\b2b4b1546e74314f8131ded43e4bd9d\Setup.exe Adobe Flash CS3-->MsiExec.exe /I{80FD3971-8482-49C8-BA8C-B6464A15882F} Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C} Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Video Encoder-->MsiExec.exe /I{1B0BCA28-1F11-4D60-8A2F-DEBE04B5341E} Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B} Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-119F-4D52-B551-6739B2B22101} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Illustrator CS2-->msiexec /I {7F9A0582-482D-4F0B-B85C-C1418418077F} Adobe InDesign CS2 Trial-->msiexec /I{7F4C8163-F259-49A0-A018-2857A90578BC} Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C} Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-040C-2E257A25E34D} Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\32e9033392a51340b32fdc6ad893ab7\Setup.exe Adobe Photoshop CS3-->MsiExec.exe /I{BF794769-8875-4E01-B7BE-E00104604F4A} Adobe Premiere Pro CS3 Functional Content-->MsiExec.exe /I{50F102CA-4BE2-41A9-9810-5BB05EB91B9A} Adobe Premiere Pro CS3-->C:\Program Files\Common Files\Adobe\Installers\32fdd767b4383606e8168e834af5d90\Setup.exe Adobe Premiere Pro CS3-->MsiExec.exe /I{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA} Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001} Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1} Adobe Setup-->MsiExec.exe /I{82503EA7-7E08-4AA8-90E9-BE4D0A6D453F} Adobe Setup-->MsiExec.exe /I{926DEB4E-2B0A-4C5C-AE4A-BF6C06949702} Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D} Adobe Setup-->MsiExec.exe /I{BB81360F-041C-4CF7-B15E-71380D154244} Adobe Shockwave Player-->C:\Windows\System32\Macromed\SHOCKW~1\UNWISE.EXE C:\Windows\System32\Macromed\SHOCKW~1\Install.log Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-0C40-4930-9AFE-113BCE553101} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F} Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1} Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4} a-squared Free 3.0-->"C:\Program Files\a-squared Free\unins000.exe" ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe Autodesk 3ds Max 9 32-bit-->MsiExec.exe /I{E96D4088-AAC5-437F-9E39-EC0E387897B4} Autodesk DWF Viewer 7-->MsiExec.exe /I{9A346205-EA92-4406-B1AB-50379DA3F057} Avira AntiVir Personal - Free Antivirus-->C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CloneCD-->"C:\Program Files\Elaborate Bytes\CloneCD\ccd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneCD" Clothes Converter 3.0-->"C:\Program Files\3D Utils\Clothes Converter\unins000.exe" Colin McRae - DiRT-->"C:\Program Files\Codemasters\Colin McRae - DiRT\unins000.exe" Corel Painter IX-->MsiExec.exe /I{A0383B7D-81A2-49D3-BE06-C0FD9EFB9DFC} Digital Element Aurora-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CDA31C03-D67C-48DF-BFE9-B0519818341E}\Setup.exe" DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER e-Carte Bleue La Banque Postale-->"C:\Program Files\InstallShield Installation Information\{11B0F8D4-FD80-4800-ABA8-50D28FF769AF}\setup.exe" -runfromtemp -l0x040c -removeonly eMule-->"C:\Program Files\eMule\Uninstall.exe" FBX Plugin 2006.08 for Max 9.0-->C:\Program Files\Autodesk\FBX\FbxPlugins\2006.08\Max90\Uninstall.exe FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe" finalToon R2.0-->MsiExec.exe /I{1A7EC1C1-CF8D-42DF-86B3-FC3A87FC8F85} HijackThis 2.0.2-->"C:\Users\nègre\HijackThis.exe" /uninstall Indeo® software-->C:\Windows\IsUninst.exe -f"C:\Program Files\Intel\Indeo\Uninst.isu" -c"C:\Program Files\Intel\Indeo\SavedSystemFiles\indounin.dll" Inkscape 0.46-->C:\Program Files\Inkscape\Uninstall.exe Intel® Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} K-Lite Codec Pack 3.2.5 Full-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Kptic-->MsiExec.exe /X{4312AB5F-7C43-461E-B48B-EDFA6B9CD3D6} Ma-Config.com-->MsiExec.exe /X{DD987A54-122B-4CFD-A8C5-5577027A6B78} Macromedia Extension Manager-->MsiExec.exe /I{3C8C9FB3-5FDF-40B4-B314-EAD722728C76} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Maxtor Manager-->"C:\Program Files\InstallShield Installation Information\{4D36E953-4456-4F8F-BC44-90BC4AA59889}\setup.exe" -runfromtemp -l0x040c -removeonly Maxtor Manager-->MsiExec.exe /I{4D36E953-4456-4F8F-BC44-90BC4AA59889} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (2.0.0.17)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MP3 Player Utilities 3.79-->MsiExec.exe /I{7784A172-61F1-445E-8368-601607E0DD22} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} Nero 7-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301036} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} Notepad++-->C:\Program Files\Notepad++\uninstall.exe OpenAL-->"C:\Program Files\OpenAL\OalinstGridRelease.exe" /U OpenOffice.org 2.2-->MsiExec.exe /I{7FD7F10E-0666-4C9F-A0A8-422EA5E31C4C} PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5} PHP 5.2.3-->MsiExec.exe /I{F66C0680-EBE5-4A01-BC13-D5F360CFA0EF} Poser 7-->C:\Windows\unvise32.exe C:\Program Files\e frontier\Poser 7\uninstal.log PoserFusion for 3ds Max-->"C:\Program Files\Autodesk\3ds Max 9\unins000.exe" QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD} Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista-->C:\Program Files\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -l0x040c -removeonly Safari-->MsiExec.exe /I{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768} SmartSound Quicktracks Plugin-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E} Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} Spybot - Search & Destroy 1.5.2.20-->"C:\Windows\unins000.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe" SpywareBlaster v3.5.1-->"C:\Program Files\SpywareBlaster\unins000.exe" Storm Angel (remove only)-->"C:\Program Files\StormAngel\uninst.exe" Ulead VideoStudio 10-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E188D820-1218-4E28-8BCA-91134C3664C2}\Setup.exe" -l0x9 Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe" Vue 6 xStream 32bit-->C:\Program Files\e-on software\Vue 6 xStream\Uninstall.exe WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinISO 5.3-->"C:\Program Files\WinISO\unins000.exe" Xpand Rally Xtreme-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{025D4907-5D2E-4146-95F7-54E18BE087DA} /Z"UNINSTALL" =====HijackThis Backups===== R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O13 - Gopher Prefix: O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKCU\..\Policies\Explorer\Run: [MstInit] C:\Users\NGRE~1\LOCALS~1\APPLIC~1\MICROS~1\mstinit.exe /waitservice O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Mstsc] C:\Users\NGRE~1\LOCALS~1\APPLIC~1\mstsc.exe /waitservice (User 'Default user') O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\Windows\logman.exe /waitservice O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Mstsc] C:\Users\NGRE~1\LOCALS~1\APPLIC~1\mstsc.exe /waitservice (User 'SYSTEM') O4 - HKCU\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System\cmstp.exe /waitservice O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\Windows\System\comrepl.exe /waitservice O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [iEudinit] C:\Windows\System32\drivers\ieudinit.exe /waitservice (User 'Default user') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [iEudinit] C:\Windows\System32\drivers\ieudinit.exe /waitservice (User 'SYSTEM') F3 - REG:win.ini: load=C:\Windows\System32\drivers\clipsrv.exe O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Windows\cisvc.exe /waitservice R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System32\drivers\cmstp.exe /waitservice (User 'Default user') O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System32\drivers\cmstp.exe /waitservice (User 'SYSTEM') ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: Avira AntiVir PersonalEdition AV: Avira AntiVir PersonalEdition (outdated) AS: Avira AntiVir PersonalEdition AS: AVG Anti-Spyware (disabled) (outdated) AS: Windows Defender AS: Avira AntiVir PersonalEdition (outdated) ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel "PROCESSOR_REVISION"=0f02 "NUMBER_OF_PROCESSORS"=2 "Path"=C:\PHP\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Ulead Systems\MPEG;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Common Files\Adobe\AGL\;C:\inetpub\Php;C:\Program Files\Autodesk\Backburner\;C:\Program Files\Common Files\Autodesk Shared\;C:\Program Files\QuickTime\QTSystem\ "PHPRC"=C:\PHP\ "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip -----------------EOF-----------------