Aller au contenu

jezabel

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    59

  • Inscription

  • Dernière visite

  • Jours gagnés

    1

 Type de contenu 

Tout ce qui a été posté par jezabel

  1. jezabel
    Emule, je l'utilise de façon très ponctuelle et jamais pour attraper du GENKEY. Ceci dit, il faudra que je l'utilise avec encore plus de prudence quoi... Voilà le rapport de Antivir : Avira AntiVir Personal Report file date: dimanche 7 décembre 2008 20:53 Scanning for 1075399 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (Service Pack 1) [6.0.6001] Boot mode: Normally booted Username: SYSTEM Computer name: NEGRE Version information: BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 28/11/2008 08:37:21 AVSCAN.DLL : 8.1.4.0 40705 Bytes 17/07/2008 20:55:16 LUKE.DLL : 8.1.4.5 164097 Bytes 17/07/2008 20:55:16 LUKERES.DLL : 8.1.4.0 12033 Bytes 17/07/2008 20:55:16 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 20:21:54 ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 19:39:04 ANTIVIR2.VDF : 7.1.0.160 571392 Bytes 30/11/2008 19:13:50 ANTIVIR3.VDF : 7.1.0.195 219648 Bytes 05/12/2008 17:08:42 Engineversion : 8.2.0.42 AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 16:23:38 AESCRIPT.DLL : 8.1.1.17 336251 Bytes 05/12/2008 17:08:50 AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 19:40:26 AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 19:40:40 AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 19:40:59 AEOFFICE.DLL : 8.1.0.32 196987 Bytes 05/12/2008 17:08:48 AEHEUR.DLL : 8.1.0.74 1519990 Bytes 05/12/2008 17:08:47 AEHELP.DLL : 8.1.2.0 119159 Bytes 20/11/2008 17:09:16 AEGEN.DLL : 8.1.1.6 323955 Bytes 29/11/2008 08:36:30 AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 16:23:28 AECORE.DLL : 8.1.5.2 172405 Bytes 29/11/2008 08:36:29 AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 16:23:26 AVWINLL.DLL : 1.0.0.12 15105 Bytes 17/07/2008 20:55:16 AVPREF.DLL : 8.0.2.0 38657 Bytes 17/07/2008 20:55:16 AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 06:00:37 AVREG.DLL : 8.0.0.1 33537 Bytes 17/07/2008 20:55:16 AVARKT.DLL : 1.0.0.23 307457 Bytes 15/04/2008 16:51:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 17/07/2008 20:55:16 SQLITE3.DLL : 3.3.17.1 339968 Bytes 15/04/2008 16:51:24 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 17/07/2008 20:55:17 NETNT.DLL : 8.0.0.1 7937 Bytes 15/04/2008 16:51:24 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 17/07/2008 20:55:14 RCTEXT.DLL : 8.0.52.0 86273 Bytes 17/07/2008 20:55:14 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: dimanche 7 décembre 2008 20:53 Starting search for hidden objects. '85376' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'msfeedssync.exe' - '0' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'mstinit.exe' - '1' Module(s) have been scanned Scan process 'NMIndexStoreSvr.exe' - '1' Module(s) have been scanned Scan process 'NMIndexingService.exe' - '1' Module(s) have been scanned Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned Scan process 'MaxMenuMgr.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'acrotray.exe' - '1' Module(s) have been scanned Scan process 'MSASCui.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'dwm.exe' - '1' Module(s) have been scanned Scan process 'taskeng.exe' - '1' Module(s) have been scanned Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'TCPSVCS.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SyncServices.exe' - '1' Module(s) have been scanned Scan process 'inetinfo.exe' - '1' Module(s) have been scanned Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned Scan process 'AdskScSrv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'a2service.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'SLsvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'audiodg.exe' - '0' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'Ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 54 processes with 54 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '42' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Program Files\AntiVir PersonalEdition Classic\avnotify.exe [WARNING] The file could not be opened! End of the scan: dimanche 7 décembre 2008 21:55 Used time: 1:02:36 Hour(s) The scan has been done completely. 26916 Scanning directories 643299 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 643296 Files not concerned 8840 Archives were scanned 3 Warnings 0 Notes 85376 Objects were scanned with rootkit scan 0 Hidden objects were found
  2. jezabel
    Zut de zut. À peine, ma réponse postée, rebelote. Cette fois c'est un dénommé smss.exe (que j'avais déjà eu), toujours dans le même répertoire AppData etc... qui a déclenché une alerte de l'antivirus !
  3. jezabel
    J'ai l'impression que les alertes se sont effectivement tassées. Je laisse la machine tourner ce soir pour voir si ça revient. Merci en tous cas infiniment de ton aide bien précieuse. Très prudente sur Internet, je vois pas où j'ai pu attraper ces sales bestioles ! T'as une idée, toi ?
  4. jezabel
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:28:33, on 07/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\System32\drivers\mstinit.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\eMule\emule.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\nègre\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F3 - REG:win.ini: load=C:\Windows\System32\drivers\mstinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\Windows\System\mstsc.exe /waitservice O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O13 - Gopher Prefix: O16 - DPF: {E3E6FFEE-748F-43BA-87AE-B1F1B11ED193} (MegaMocapWeb Control) - http://www.charactermotion.com/products/po...egaMocapWeb.ocx O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8006 bytes
  5. jezabel
    zou : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:17:35, on 07/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\System32\drivers\mstinit.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\eMule\emule.exe C:\Users\nègre\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F3 - REG:win.ini: load=C:\Windows\System32\drivers\mstinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKLM\..\Policies\Explorer\Run: [Mstsc] C:\Windows\System\mstsc.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Windows\cisvc.exe /waitservice O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System32\drivers\cmstp.exe /waitservice (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System32\drivers\cmstp.exe /waitservice (User 'Default user') O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O13 - Gopher Prefix: O16 - DPF: {E3E6FFEE-748F-43BA-87AE-B1F1B11ED193} (MegaMocapWeb Control) - http://www.charactermotion.com/products/po...egaMocapWeb.ocx O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8635 bytes
  6. jezabel
    et hop encore : ========== PROCESSES ========== Process explorer.exe killed successfully. ========== FILES ========== C:\windows\system32\drivers\clipsrv.exe moved successfully. C:\Windows\System\cmstp.exe moved successfully. C:\Windows\System\comrepl.exe moved successfully. C:\Windows\System32\drivers\ieudinit.exe moved successfully. ========== COMMANDS ========== File delete failed. C:\Users\NGRE~1\AppData\Local\Temp\hsperfdata_nègre\2496 scheduled to be deleted on reboot. File delete failed. C:\Users\NGRE~1\AppData\Local\Temp\etilqs_X4h5PJWsx5blKMiuqzIF scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. C:\Windows\temp\TMP0000005FF3058297ECFEF6AE scheduled to be deleted on reboot. Windows Temp folder emptied. File delete failed. C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. Explorer started successfully OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12072008_192109 Files moved on Reboot... File C:\Users\NGRE~1\AppData\Local\Temp\hsperfdata_nègre\2496 not found! File C:\Users\NGRE~1\AppData\Local\Temp\etilqs_X4h5PJWsx5blKMiuqzIF not found! File C:\Windows\temp\TMP0000005FF3058297ECFEF6AE not found! C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\Cache\_CACHE_001_ moved successfully. C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\Cache\_CACHE_002_ moved successfully. C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\Cache\_CACHE_003_ moved successfully. C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\Cache\_CACHE_MAP_ moved successfully. C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\urlclassifier3.sqlite moved successfully. C:\Users\nègre\AppData\Local\Mozilla\Firefox\Profiles\wa6gzygd.default\XUL.mfl moved successfully.
  7. jezabel
    et de trois : Fichier ieudinit.exe reçu le 2008.12.07 18:37:09 (CET) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.12.6.0 2008.12.06 - AntiVir 7.9.0.42 2008.12.07 - Authentium 5.1.0.4 2008.12.06 - Avast 4.8.1281.0 2008.12.06 - AVG 8.0.0.199 2008.12.06 - BitDefender 7.2 2008.12.07 - CAT-QuickHeal 10.00 2008.12.06 - ClamAV 0.94.1 2008.12.07 - Comodo 698 2008.12.06 - DrWeb 4.44.0.09170 2008.12.07 - eSafe 7.0.17.0 2008.12.07 - eTrust-Vet 31.6.6246 2008.12.05 - Ewido 4.0 2008.12.07 - F-Prot 4.4.4.56 2008.12.04 - F-Secure 8.0.14332.0 2008.12.07 - Fortinet 3.117.0.0 2008.12.07 - GData 19 2008.12.07 - Ikarus T3.1.1.45.0 2008.12.07 Trojan.Win32.Tervemoy.A K7AntiVirus 7.10.547 2008.12.06 - Kaspersky 7.0.0.125 2008.12.07 Heur.Trojan.Generic McAfee 5456 2008.12.06 - McAfee+Artemis 5456 2008.12.06 - Microsoft 1.4205 2008.12.07 Trojan:Win32/Tervemoy.A NOD32 3668 2008.12.06 - Norman 5.80.02 2008.12.05 - Panda 9.0.0.4 2008.12.07 Suspicious file PCTools 4.4.2.0 2008.12.07 - Prevx1 V2 2008.12.07 Cloaked Malware Rising 21.06.62.00 2008.12.07 - SecureWeb-Gateway 6.7.6 2008.12.07 - Sophos 4.36.0 2008.12.07 - Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.07 - TheHacker 6.3.1.2.179 2008.12.06 - TrendMicro 8.700.0.1004 2008.12.05 - VBA32 3.12.8.10 2008.12.07 - ViRobot 2008.12.6.1504 2008.12.06 - VirusBuster 4.5.11.0 2008.12.05 - Information additionnelle File size: 86016 bytes MD5...: c80525d8b5e0d1bee3956c49c6a77923 SHA1..: c9ac022667e78d12c29bb9a0eb03603041b0dcf7 SHA256: b952ed331073e0df0393796abc1819ac0fc8216083b41767af999ccda1d406fa SHA512: e53d769df01d0269a4de8d402a932aa5fccea5b92c795b6e23c02cd4ea3082b2<br>12029d1d98decc3ee80c2bfd07eb22ddda30785583107ce2982008d1cb6752c3<br> ssdeep: 1536:AKqRvSyOil9He/WcE4W97tGJBIDCbgkcGhoRnWQGyJ0t:ARRvSyO7sD7tGW<br>ygkyJ0t<br> PEiD..: - TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40b036<br>timedatestamp.....: 0x48c164ae (Fri Sep 05 16:56:14 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf8bf 0x10000 6.25 503dfb0074c3bbaeffb1b8a8046d6c12<br>.rdata 0x11000 0x2002 0x3000 4.11 860f50b3c0c8190c82de2fdcaf0eaf66<br>.data 0x14000 0x3798 0x1000 1.47 1e264dcbdf82cf592f2666f88b42a537<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegOpenKeyExA, RegEnumValueA, RegGetKeySecurity, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetStartupInfoA, OpenProcess, GetFileType, GetSystemDirectoryA, GetVolumeInformationA, CreateDirectoryA, GetFileTime, GetProcessPriorityBoost, OpenMutexA, CreateMutexA, CloseHandle, GetLogicalDriveStringsA, GetDriveTypeA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, SetFilePointer, LoadLibraryA, InterlockedExchange, VirtualQuery, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E''>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923''>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923</a>'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923</a> Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.12.6.0 2008.12.06 - AntiVir 7.9.0.42 2008.12.07 - Authentium 5.1.0.4 2008.12.06 - Avast 4.8.1281.0 2008.12.06 - AVG 8.0.0.199 2008.12.06 - BitDefender 7.2 2008.12.07 - CAT-QuickHeal 10.00 2008.12.06 - ClamAV 0.94.1 2008.12.07 - Comodo 698 2008.12.06 - DrWeb 4.44.0.09170 2008.12.07 - eSafe 7.0.17.0 2008.12.07 - eTrust-Vet 31.6.6246 2008.12.05 - Ewido 4.0 2008.12.07 - F-Prot 4.4.4.56 2008.12.04 - F-Secure 8.0.14332.0 2008.12.07 - Fortinet 3.117.0.0 2008.12.07 - GData 19 2008.12.07 - Ikarus T3.1.1.45.0 2008.12.07 Trojan.Win32.Tervemoy.A K7AntiVirus 7.10.547 2008.12.06 - Kaspersky 7.0.0.125 2008.12.07 Heur.Trojan.Generic McAfee 5456 2008.12.06 - McAfee+Artemis 5456 2008.12.06 - Microsoft 1.4205 2008.12.07 Trojan:Win32/Tervemoy.A NOD32 3668 2008.12.06 - Norman 5.80.02 2008.12.05 - Panda 9.0.0.4 2008.12.07 Suspicious file PCTools 4.4.2.0 2008.12.07 - Prevx1 V2 2008.12.07 Cloaked Malware Rising 21.06.62.00 2008.12.07 - SecureWeb-Gateway 6.7.6 2008.12.07 - Sophos 4.36.0 2008.12.07 - Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.07 - TheHacker 6.3.1.2.179 2008.12.06 - TrendMicro 8.700.0.1004 2008.12.05 - VBA32 3.12.8.10 2008.12.07 - ViRobot 2008.12.6.1504 2008.12.06 - VirusBuster 4.5.11.0 2008.12.05 - Information additionnelle File size: 86016 bytes MD5...: c80525d8b5e0d1bee3956c49c6a77923 SHA1..: c9ac022667e78d12c29bb9a0eb03603041b0dcf7 SHA256: b952ed331073e0df0393796abc1819ac0fc8216083b41767af999ccda1d406fa SHA512: e53d769df01d0269a4de8d402a932aa5fccea5b92c795b6e23c02cd4ea3082b2<br>12029d1d98decc3ee80c2bfd07eb22ddda30785583107ce2982008d1cb6752c3<br> ssdeep: 1536:AKqRvSyOil9He/WcE4W97tGJBIDCbgkcGhoRnWQGyJ0t:ARRvSyO7sD7tGW<br>ygkyJ0t<br> PEiD..: - TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40b036<br>timedatestamp.....: 0x48c164ae (Fri Sep 05 16:56:14 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf8bf 0x10000 6.25 503dfb0074c3bbaeffb1b8a8046d6c12<br>.rdata 0x11000 0x2002 0x3000 4.11 860f50b3c0c8190c82de2fdcaf0eaf66<br>.data 0x14000 0x3798 0x1000 1.47 1e264dcbdf82cf592f2666f88b42a537<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegOpenKeyExA, RegEnumValueA, RegGetKeySecurity, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetStartupInfoA, OpenProcess, GetFileType, GetSystemDirectoryA, GetVolumeInformationA, CreateDirectoryA, GetFileTime, GetProcessPriorityBoost, OpenMutexA, CreateMutexA, CloseHandle, GetLogicalDriveStringsA, GetDriveTypeA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, SetFilePointer, LoadLibraryA, InterlockedExchange, VirtualQuery, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923</a>
  8. jezabel
    et de deux : (le troisième arrive) Fichier cmstp.exe reçu le 2008.12.07 18:32:46 (CET) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.12.6.0 2008.12.06 - AntiVir 7.9.0.42 2008.12.07 - Authentium 5.1.0.4 2008.12.06 - Avast 4.8.1281.0 2008.12.06 - AVG 8.0.0.199 2008.12.06 - BitDefender 7.2 2008.12.07 - CAT-QuickHeal 10.00 2008.12.06 - ClamAV 0.94.1 2008.12.07 - Comodo 698 2008.12.06 - DrWeb 4.44.0.09170 2008.12.07 - eSafe 7.0.17.0 2008.12.07 - eTrust-Vet 31.6.6246 2008.12.05 - Ewido 4.0 2008.12.07 - F-Prot 4.4.4.56 2008.12.04 - F-Secure 8.0.14332.0 2008.12.07 - Fortinet 3.117.0.0 2008.12.07 - GData 19 2008.12.07 - Ikarus T3.1.1.45.0 2008.12.07 Trojan.Win32.Tervemoy.A K7AntiVirus 7.10.547 2008.12.06 - Kaspersky 7.0.0.125 2008.12.07 Heur.Trojan.Generic McAfee 5456 2008.12.06 - McAfee+Artemis 5456 2008.12.06 - Microsoft 1.4205 2008.12.07 Trojan:Win32/Tervemoy.A NOD32 3668 2008.12.06 - Norman 5.80.02 2008.12.05 - Panda 9.0.0.4 2008.12.07 Suspicious file PCTools 4.4.2.0 2008.12.06 - Prevx1 V2 2008.12.07 Cloaked Malware Rising 21.06.62.00 2008.12.07 - SecureWeb-Gateway 6.7.6 2008.12.07 - Sophos 4.36.0 2008.12.07 - Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.07 - TheHacker 6.3.1.2.179 2008.12.06 - TrendMicro 8.700.0.1004 2008.12.05 - VBA32 3.12.8.10 2008.12.07 - ViRobot 2008.12.6.1504 2008.12.06 - VirusBuster 4.5.11.0 2008.12.05 - Information additionnelle File size: 86016 bytes MD5...: c80525d8b5e0d1bee3956c49c6a77923 SHA1..: c9ac022667e78d12c29bb9a0eb03603041b0dcf7 SHA256: b952ed331073e0df0393796abc1819ac0fc8216083b41767af999ccda1d406fa SHA512: e53d769df01d0269a4de8d402a932aa5fccea5b92c795b6e23c02cd4ea3082b2<br>12029d1d98decc3ee80c2bfd07eb22ddda30785583107ce2982008d1cb6752c3<br> ssdeep: 1536:AKqRvSyOil9He/WcE4W97tGJBIDCbgkcGhoRnWQGyJ0t:ARRvSyO7sD7tGW<br>ygkyJ0t<br> PEiD..: - TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40b036<br>timedatestamp.....: 0x48c164ae (Fri Sep 05 16:56:14 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf8bf 0x10000 6.25 503dfb0074c3bbaeffb1b8a8046d6c12<br>.rdata 0x11000 0x2002 0x3000 4.11 860f50b3c0c8190c82de2fdcaf0eaf66<br>.data 0x14000 0x3798 0x1000 1.47 1e264dcbdf82cf592f2666f88b42a537<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegOpenKeyExA, RegEnumValueA, RegGetKeySecurity, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetStartupInfoA, OpenProcess, GetFileType, GetSystemDirectoryA, GetVolumeInformationA, CreateDirectoryA, GetFileTime, GetProcessPriorityBoost, OpenMutexA, CreateMutexA, CloseHandle, GetLogicalDriveStringsA, GetDriveTypeA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, SetFilePointer, LoadLibraryA, InterlockedExchange, VirtualQuery, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E''>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923''>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923</a>'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923</a> Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.12.6.0 2008.12.06 - AntiVir 7.9.0.42 2008.12.07 - Authentium 5.1.0.4 2008.12.06 - Avast 4.8.1281.0 2008.12.06 - AVG 8.0.0.199 2008.12.06 - BitDefender 7.2 2008.12.07 - CAT-QuickHeal 10.00 2008.12.06 - ClamAV 0.94.1 2008.12.07 - Comodo 698 2008.12.06 - DrWeb 4.44.0.09170 2008.12.07 - eSafe 7.0.17.0 2008.12.07 - eTrust-Vet 31.6.6246 2008.12.05 - Ewido 4.0 2008.12.07 - F-Prot 4.4.4.56 2008.12.04 - F-Secure 8.0.14332.0 2008.12.07 - Fortinet 3.117.0.0 2008.12.07 - GData 19 2008.12.07 - Ikarus T3.1.1.45.0 2008.12.07 Trojan.Win32.Tervemoy.A K7AntiVirus 7.10.547 2008.12.06 - Kaspersky 7.0.0.125 2008.12.07 Heur.Trojan.Generic McAfee 5456 2008.12.06 - McAfee+Artemis 5456 2008.12.06 - Microsoft 1.4205 2008.12.07 Trojan:Win32/Tervemoy.A NOD32 3668 2008.12.06 - Norman 5.80.02 2008.12.05 - Panda 9.0.0.4 2008.12.07 Suspicious file PCTools 4.4.2.0 2008.12.06 - Prevx1 V2 2008.12.07 Cloaked Malware Rising 21.06.62.00 2008.12.07 - SecureWeb-Gateway 6.7.6 2008.12.07 - Sophos 4.36.0 2008.12.07 - Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.07 - TheHacker 6.3.1.2.179 2008.12.06 - TrendMicro 8.700.0.1004 2008.12.05 - VBA32 3.12.8.10 2008.12.07 - ViRobot 2008.12.6.1504 2008.12.06 - VirusBuster 4.5.11.0 2008.12.05 - Information additionnelle File size: 86016 bytes MD5...: c80525d8b5e0d1bee3956c49c6a77923 SHA1..: c9ac022667e78d12c29bb9a0eb03603041b0dcf7 SHA256: b952ed331073e0df0393796abc1819ac0fc8216083b41767af999ccda1d406fa SHA512: e53d769df01d0269a4de8d402a932aa5fccea5b92c795b6e23c02cd4ea3082b2<br>12029d1d98decc3ee80c2bfd07eb22ddda30785583107ce2982008d1cb6752c3<br> ssdeep: 1536:AKqRvSyOil9He/WcE4W97tGJBIDCbgkcGhoRnWQGyJ0t:ARRvSyO7sD7tGW<br>ygkyJ0t<br> PEiD..: - TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40b036<br>timedatestamp.....: 0x48c164ae (Fri Sep 05 16:56:14 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf8bf 0x10000 6.25 503dfb0074c3bbaeffb1b8a8046d6c12<br>.rdata 0x11000 0x2002 0x3000 4.11 860f50b3c0c8190c82de2fdcaf0eaf66<br>.data 0x14000 0x3798 0x1000 1.47 1e264dcbdf82cf592f2666f88b42a537<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegOpenKeyExA, RegEnumValueA, RegGetKeySecurity, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetStartupInfoA, OpenProcess, GetFileType, GetSystemDirectoryA, GetVolumeInformationA, CreateDirectoryA, GetFileTime, GetProcessPriorityBoost, OpenMutexA, CreateMutexA, CloseHandle, GetLogicalDriveStringsA, GetDriveTypeA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, SetFilePointer, LoadLibraryA, InterlockedExchange, VirtualQuery, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E</a> CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=c80525d8b5e0d1bee3956c49c6a77923</a>
  9. jezabel
    et hop : Fichier clipsrv.exe reçu le 2008.12.07 18:26:28 (CET) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.12.6.0 2008.12.06 - AntiVir 7.9.0.42 2008.12.07 - Authentium 5.1.0.4 2008.12.06 - Avast 4.8.1281.0 2008.12.06 - AVG 8.0.0.199 2008.12.06 - BitDefender 7.2 2008.12.07 - CAT-QuickHeal 10.00 2008.12.06 - ClamAV 0.94.1 2008.12.07 - Comodo 698 2008.12.06 - DrWeb 4.44.0.09170 2008.12.07 - eSafe 7.0.17.0 2008.12.07 - eTrust-Vet 31.6.6246 2008.12.05 - Ewido 4.0 2008.12.07 - F-Prot 4.4.4.56 2008.12.04 - F-Secure 8.0.14332.0 2008.12.07 - Fortinet 3.117.0.0 2008.12.07 - GData 19 2008.12.07 - Ikarus T3.1.1.45.0 2008.12.07 Trojan.Win32.Tervemoy.A K7AntiVirus 7.10.547 2008.12.06 - Kaspersky 7.0.0.125 2008.12.07 Heur.Trojan.Generic McAfee 5456 2008.12.06 - McAfee+Artemis 5456 2008.12.06 - Microsoft 1.4205 2008.12.07 Trojan:Win32/Tervemoy.A NOD32 3668 2008.12.06 - Norman 5.80.02 2008.12.05 - Panda 9.0.0.4 2008.12.07 Suspicious file PCTools 4.4.2.0 2008.12.06 - Prevx1 V2 2008.12.07 Cloaked Malware Rising 21.06.62.00 2008.12.07 - SecureWeb-Gateway 6.7.6 2008.12.07 - Sophos 4.36.0 2008.12.07 - Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.07 - TheHacker 6.3.1.2.179 2008.12.06 - TrendMicro 8.700.0.1004 2008.12.05 - VBA32 3.12.8.10 2008.12.07 - ViRobot 2008.12.6.1504 2008.12.06 - VirusBuster 4.5.11.0 2008.12.05 - Information additionnelle File size: 86016 bytes MD5...: c80525d8b5e0d1bee3956c49c6a77923 SHA1..: c9ac022667e78d12c29bb9a0eb03603041b0dcf7 SHA256: b952ed331073e0df0393796abc1819ac0fc8216083b41767af999ccda1d406fa SHA512: e53d769df01d0269a4de8d402a932aa5fccea5b92c795b6e23c02cd4ea3082b2<br>12029d1d98decc3ee80c2bfd07eb22ddda30785583107ce2982008d1cb6752c3<br> ssdeep: 1536:AKqRvSyOil9He/WcE4W97tGJBIDCbgkcGhoRnWQGyJ0t:ARRvSyO7sD7tGW<br>ygkyJ0t<br> PEiD..: - TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40b036<br>timedatestamp.....: 0x48c164ae (Fri Sep 05 16:56:14 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf8bf 0x10000 6.25 503dfb0074c3bbaeffb1b8a8046d6c12<br>.rdata 0x11000 0x2002 0x3000 4.11 860f50b3c0c8190c82de2fdcaf0eaf66<br>.data 0x14000 0x3798 0x1000 1.47 1e264dcbdf82cf592f2666f88b42a537<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegOpenKeyExA, RegEnumValueA, RegGetKeySecurity, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetStartupInfoA, OpenProcess, GetFileType, GetSystemDirectoryA, GetVolumeInformationA, CreateDirectoryA, GetFileTime, GetProcessPriorityBoost, OpenMutexA, CreateMutexA, CloseHandle, GetLogicalDriveStringsA, GetDriveTypeA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, SetFilePointer, LoadLibraryA, InterlockedExchange, VirtualQuery, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E''>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E</a>'>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E</a> Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.12.6.0 2008.12.06 - AntiVir 7.9.0.42 2008.12.07 - Authentium 5.1.0.4 2008.12.06 - Avast 4.8.1281.0 2008.12.06 - AVG 8.0.0.199 2008.12.06 - BitDefender 7.2 2008.12.07 - CAT-QuickHeal 10.00 2008.12.06 - ClamAV 0.94.1 2008.12.07 - Comodo 698 2008.12.06 - DrWeb 4.44.0.09170 2008.12.07 - eSafe 7.0.17.0 2008.12.07 - eTrust-Vet 31.6.6246 2008.12.05 - Ewido 4.0 2008.12.07 - F-Prot 4.4.4.56 2008.12.04 - F-Secure 8.0.14332.0 2008.12.07 - Fortinet 3.117.0.0 2008.12.07 - GData 19 2008.12.07 - Ikarus T3.1.1.45.0 2008.12.07 Trojan.Win32.Tervemoy.A K7AntiVirus 7.10.547 2008.12.06 - Kaspersky 7.0.0.125 2008.12.07 Heur.Trojan.Generic McAfee 5456 2008.12.06 - McAfee+Artemis 5456 2008.12.06 - Microsoft 1.4205 2008.12.07 Trojan:Win32/Tervemoy.A NOD32 3668 2008.12.06 - Norman 5.80.02 2008.12.05 - Panda 9.0.0.4 2008.12.07 Suspicious file PCTools 4.4.2.0 2008.12.06 - Prevx1 V2 2008.12.07 Cloaked Malware Rising 21.06.62.00 2008.12.07 - SecureWeb-Gateway 6.7.6 2008.12.07 - Sophos 4.36.0 2008.12.07 - Sunbelt 3.1.1832.2 2008.12.01 - Symantec 10 2008.12.07 - TheHacker 6.3.1.2.179 2008.12.06 - TrendMicro 8.700.0.1004 2008.12.05 - VBA32 3.12.8.10 2008.12.07 - ViRobot 2008.12.6.1504 2008.12.06 - VirusBuster 4.5.11.0 2008.12.05 - Information additionnelle File size: 86016 bytes MD5...: c80525d8b5e0d1bee3956c49c6a77923 SHA1..: c9ac022667e78d12c29bb9a0eb03603041b0dcf7 SHA256: b952ed331073e0df0393796abc1819ac0fc8216083b41767af999ccda1d406fa SHA512: e53d769df01d0269a4de8d402a932aa5fccea5b92c795b6e23c02cd4ea3082b2<br>12029d1d98decc3ee80c2bfd07eb22ddda30785583107ce2982008d1cb6752c3<br> ssdeep: 1536:AKqRvSyOil9He/WcE4W97tGJBIDCbgkcGhoRnWQGyJ0t:ARRvSyO7sD7tGW<br>ygkyJ0t<br> PEiD..: - TrID..: File type identification<br>Win32 Executable MS Visual C++ (generic) (65.2%)<br>Win32 Executable Generic (14.7%)<br>Win32 Dynamic Link Library (generic) (13.1%)<br>Generic Win/DOS Executable (3.4%)<br>DOS Executable Generic (3.4%) PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x40b036<br>timedatestamp.....: 0x48c164ae (Fri Sep 05 16:56:14 2008)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0xf8bf 0x10000 6.25 503dfb0074c3bbaeffb1b8a8046d6c12<br>.rdata 0x11000 0x2002 0x3000 4.11 860f50b3c0c8190c82de2fdcaf0eaf66<br>.data 0x14000 0x3798 0x1000 1.47 1e264dcbdf82cf592f2666f88b42a537<br><br>( 6 imports ) <br>> USER32.dll: LoadImageA<br>> ADVAPI32.dll: RegOpenKeyExA, RegEnumValueA, RegGetKeySecurity, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegQueryValueExA, LookupAccountSidA, GetTokenInformation, OpenProcessToken<br>> WS2_32.dll: -, -<br>> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA<br>> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree<br>> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetStartupInfoA, OpenProcess, GetFileType, GetSystemDirectoryA, GetVolumeInformationA, CreateDirectoryA, GetFileTime, GetProcessPriorityBoost, OpenMutexA, CreateMutexA, CloseHandle, GetLogicalDriveStringsA, GetDriveTypeA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, SetFilePointer, LoadLibraryA, InterlockedExchange, VirtualQuery, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc<br><br>( 0 exports ) <br> Prevx info: <a href='http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=E33D987100F3799E504C01E3D983720089CEE57E</a>
  10. jezabel
    Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:15:14, on 07/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\System32\drivers\clipsrv.exe C:\Program Files\eMule\emule.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\nègre\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F3 - REG:win.ini: load=C:\Windows\System32\drivers\clipsrv.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKLM\..\Policies\Explorer\Run: [ComRepl] C:\Windows\System\comrepl.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System\cmstp.exe /waitservice O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [iEudinit] C:\Windows\System32\drivers\ieudinit.exe /waitservice (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [iEudinit] C:\Windows\System32\drivers\ieudinit.exe /waitservice (User 'Default user') O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O13 - Gopher Prefix: O16 - DPF: {E3E6FFEE-748F-43BA-87AE-B1F1B11ED193} (MegaMocapWeb Control) - http://www.charactermotion.com/products/po...egaMocapWeb.ocx O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8783 bytes
  11. jezabel
    et voilà : Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1471 Windows 6.0.6001 Service Pack 1 07/12/2008 17:57:50 mbam-log-2008-12-07 (17-57-50).txt Type de recherche: Examen rapide Eléments examinés: 47614 Temps écoulé: 2 minute(s), 57 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 1 Fichier(s) infecté(s): 9 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): C:\Users\nègre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection (Rogue.XLG) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\Users\nègre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection\A2free.lnk (Rogue.XLG) -> Quarantined and deleted successfully. C:\Users\nègre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection\Ad-Aware.lnk (Rogue.XLG) -> Quarantined and deleted successfully. C:\Users\nègre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection\CCleaner.lnk (Rogue.XLG) -> Quarantined and deleted successfully. C:\Users\nègre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection\HiJackThis.lnk (Rogue.XLG) -> Quarantined and deleted successfully. C:\Users\nègre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection\Malware.lnk (Rogue.XLG) -> Quarantined and deleted successfully. C:\Users\nègre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection\Search_Destroy.lnk (Rogue.XLG) -> Quarantined and deleted successfully. C:\Users\nègre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Protection\Spywareblaster.lnk (Rogue.XLG) -> Quarantined and deleted successfully. C:\Users\nègre\Local Settings\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully. C:\Users\nègre\Local Settings\Application Data\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
  12. jezabel
    et voilà : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:46:12, on 07/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\System32\drivers\clipsrv.exe C:\Program Files\eMule\emule.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\FileZilla\FileZilla.exe C:\Program Files\Notepad++\notepad++.exe C:\Users\nègre\HiJackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F3 - REG:win.ini: load=C:\Windows\System32\drivers\clipsrv.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKLM\..\Policies\Explorer\Run: [spool] C:\Users\NGRE~1\LOCALS~1\APPLIC~1\spoolsv.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System\cmstp.exe /waitservice O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [iEudinit] C:\Windows\System32\drivers\ieudinit.exe /waitservice (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [iEudinit] C:\Windows\System32\drivers\ieudinit.exe /waitservice (User 'Default user') O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing) O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O13 - Gopher Prefix: O16 - DPF: {E3E6FFEE-748F-43BA-87AE-B1F1B11ED193} (MegaMocapWeb Control) - http://www.charactermotion.com/products/po...egaMocapWeb.ocx O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 8756 bytes
  13. jezabel
    Bonjour à tous, Depuis quelques semaines, mon antivirus, Avira Antivir, multiplie les alertes sur des chevaux de Troie se trouvant dans AppData\Local\Temp\~tmp\[nom de dossier et de fichier variables]. Exemples : - Virus or unwanted program 'TR/Agent.iob [trojan]' detected in file 'C:\Users\nègre\AppData\Local\Temp\~tmp\hmunmlcn22\svchost.exe. Action performed: Delete file - Virus or unwanted program 'TR/Agent.iob [trojan]' detected in file 'C:\Users\nègre\AppData\Local\Temp\~tmp\yunml04\spoolsv.exe. Action performed: Delete file - Virus or unwanted program 'TR/Agent.iob [trojan]' detected in file 'C:\Users\nègre\AppData\Local\Temp\~tmp\hmunmlcn18\hmunmlcn18.exe. Action performed: Delete file Que je les efface ou que je les mette en quarantaine ne change rien. Les alertes reviennent toujours. Voici le rapport : Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 17:27:30, on 07/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\System32\drivers\clipsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\nègre\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F3 - REG:win.ini: load=C:\Windows\System32\drivers\clipsrv.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [iAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKLM\..\Policies\Explorer\Run: [spool] C:\Users\NGRE~1\LOCALS~1\APPLIC~1\spoolsv.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System\cmstp.exe /waitservice O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [iEudinit] C:\Windows\System32\drivers\ieudinit.exe /waitservice (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [iEudinit] C:\Windows\System32\drivers\ieudinit.exe /waitservice (User 'Default user') O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O13 - Gopher Prefix: O16 - DPF: {E3E6FFEE-748F-43BA-87AE-B1F1B11ED193} (MegaMocapWeb Control) - http://www.charactermotion.com/products/po...egaMocapWeb.ocx O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30011 (AppHostSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Ma-Config Service (maconfservice) - Unknown owner - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 22750 bytes Merci de votre aide. Jezabel
  14. jezabel
    Bon ben à force de chercher, j'ai trouvé la solution toute seule comme une grande. Je vous la livre : Insertion du disque d'installation de Windows Vista, puis Installation/Mise à niveau (attention si on fait une installation classique on perd tous ses fichiers). Petit inconvénient : il faut se farcir un assez long Windows Update après. Et voilà. Jezabel
  15. jezabel
    Bonjour, Petit problème depuis quelques jours (peut-être depuis mise à jour des pilotes de mon ATI RADEON X1650)... Problème très visuellement exprimé à l'adresse suivante : http://thevistaforums.com/lofiversion/index.php/t26981.html Des pistes pour résoudre l'affaire ? Merci à vous.
  16. jezabel
    Bonjour, Petit problème depuis quelques jours (peut-être depuis mise à jour des pilotes de mon ATI RADEON X1650)... Problème très visuellement exprimé à l'adresse suivante : http://thevistaforums.com/lofiversion/index.php/t26981.html Des pistes pour résoudre l'affaire ? Merci à vous.
  17. jezabel
    Bonjour, Merci de ta réponse. Mais quand tu dis que le port USB ne va aimer, tu veux dire qu'il y a un risque de griller quelque chose ou simplement que je risque des problèmes de synchro et/ou de déconnexion ?
  18. jezabel
    Salut à tous, Je suis actuellement abonnée à Orange/Wanadoo avec le pack extense 512 k (modem fourni à l'époque : B-Focus ECI USB. NB: B-Focus c'est ce qui est écrit dessus, mais dessous il y a une petite étiquette à code barre où figure la mention Hi-Focus). Ma question est simple : ce modem est-il compatible avec un débit à 1 Méga ? J'envisage en effet de faire évoluer mon abonnement. J'en entendu tout et son contraire sur cette question, notamment que le modem pouvait chauffer et faire griller la carte mère. Ce dont je doute quand même. Merci de votre aide. Jezabel
  19. jezabel
    Salut et merci à toi. J'avais effectivement repéré que l'exécutable était un fichier de Windows... Si ça peut ajouter une info : cette ouverture de page se fait même en mode sans échec. Jezabel
  20. jezabel
    Salut Charles et un grand merci pour continuer de t'occuper de mon cas. Ci-dessous le rapport HiJackThis Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:58:21, on 15/09/2007 Platform: Windows Vista (WinNT 6.00.1904) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\gsicon.exe C:\Windows\System32\dslagent.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Razer\Habu\razerhid.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Razer\Habu\razerofa.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Users\nègre\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [uVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe O4 - HKLM\..\Run: [Habu] C:\Program Files\Razer\Habu\razerhid.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{88455BCE-328E-4E55-A8C0-EE17A43F00D5}: NameServer = 80.10.246.130 80.10.246.3 O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcsvc.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\emdmgmt.dll,-1000 (EMDMgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (Eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-200 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\irmon.dll,-2000 (Irmon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprof.dll,-246 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe O23 - Service: @%SystemRoot%\system32\SLUINotify.dll,-103 (SLUINotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30003 (W3SVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 20714 bytes Et le rapport antivir : AntiVir PersonalEdition Classic Report file date: samedi 15 septembre 2007 11:21 Scanning for 1071077 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows Vista Windows version: (plain) [6.0.6000] Username: nègre Computer name: NEGRE Version information: BUILD.DAT : 268 15604 Bytes 31/08/2007 13:04:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 08/09/2007 10:48:32 AVSCAN.DLL : 7.0.6.0 49192 Bytes 08/09/2007 10:48:32 LUKE.DLL : 7.0.5.3 147496 Bytes 08/09/2007 10:48:33 LUKERES.DLL : 7.0.6.1 10280 Bytes 08/09/2007 10:48:33 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58 ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 20:23:28 ANTIVIR2.VDF : 6.39.1.120 1918464 Bytes 12/09/2007 09:15:35 ANTIVIR3.VDF : 6.39.1.134 111104 Bytes 14/09/2007 09:15:35 AVEWIN32.DLL : 7.6.0.10 2789888 Bytes 15/09/2007 09:15:35 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 08/09/2007 10:48:32 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.15 360488 Bytes 23/08/2007 20:23:30 AVREG.DLL : 7.0.1.6 30760 Bytes 08/09/2007 10:48:32 AVARKT.DLL : 1.0.0.20 278568 Bytes 08/09/2007 10:48:32 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 08/09/2007 10:48:32 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 08/09/2007 10:48:23 RCTEXT.DLL : 7.0.62.0 86056 Bytes 08/09/2007 10:48:23 SQLITE3.DLL : 3.3.17.1 339968 Bytes 08/09/2007 10:48:33 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: c:\program files\antivir personaledition classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi 15 septembre 2007 11:21 Starting search for hidden objects. The driver could not be initialized. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'lsm.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'wininit.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 17 processes with 17 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '16' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' <Nouveau> Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: samedi 15 septembre 2007 11:53 Used time: 31:34 min The scan has been done completely. 15564 Scanning directories 287272 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 287272 Files not concerned 11389 Archives were scanned 1 Warnings 0 Notes
  21. jezabel
    Salut Charles, Pardon de te déranger de nouveau. T'es débordé ou mon souci est insoluble ? En tous cas merci de m'avoir aidée. Jezabel
  22. jezabel
    Salut, Je fais un petit UP car j'ai vu que Charles était de retour... Jezabel
  23. jezabel
    Bonjour, Allons bon... Voilà-t-il pas que le sieur Charles semble s'être absenté quelque temps. Y'aurait-il une bonne âme pour prendre la relève ? Merci. Jezabel
  24. jezabel
    Salut, Allons bon. Le rapport complet est trop long pour le forum. Je le colle sur mon serveur : http://www.les-nuees.net/~jezabel/ftp/lsa.txt Merci encore. Jezabel
  25. jezabel
    Et voilà. Mais j'ai vu certaines lignes qui sembkent indiquer que ce programme n'est pas compatible avec Vista... Jezabel DiagHelp version v1.1.2 - http://www.malekal.com excute le 09/08/2007 à 17:33:15,54 Liste des derniers fichies modifies/crees dans windir\system32 C:\Windows\System32/drivers\gmer.sys -->08/08/2007 14:31:23 C:\Windows\System32/drivers\mpsdrv.sys -->12/07/2007 17:52:10 C:\Windows\System32/drivers\tunnel.sys -->12/07/2007 17:52:09 C:\Windows\System32/drivers\TUNMP.SYS -->12/07/2007 17:52:09 C:\Windows\System32/drivers\hdaudbus.sys -->12/07/2007 17:50:15 C:\Windows\System32/drivers\ativvpxx.vp -->27/06/2007 04:27:58 C:\Windows\System32/drivers\atikmdag.sys -->27/06/2007 04:00:41 C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -->09/08/2007 17:27:12 C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -->09/08/2007 17:27:12 C:\Windows\System32\FNTCACHE.DAT -->08/08/2007 20:20:48 C:\Windows\System32\iklog.log -->07/08/2007 23:57:26 C:\Windows\System32\PerfStringBackup.INI -->03/08/2007 12:58:03 C:\Windows\System32\perfh00C.dat -->03/08/2007 12:58:03 C:\Windows\System32\perfh009.dat -->03/08/2007 12:58:03 C:\Windows\System32\perfc00C.dat -->03/08/2007 12:58:03 C:\Windows\System32\perfc009.dat -->03/08/2007 12:58:03 C:\Windows\System32\config.nt -->29/07/2007 14:55:58 C:\Windows\System32\MPSSVC.dll -->12/07/2007 17:52:10 C:\Windows\System32\FirewallAPI.dll -->12/07/2007 17:52:10 C:\Windows\System32\wfapigp.dll -->12/07/2007 17:52:09 C:\Windows\System32\iphlpsvc.dll -->12/07/2007 17:52:09 C:\Windows\System32\icfupgd.dll -->12/07/2007 17:52:09 C:\Windows\System32\cmifw.dll -->12/07/2007 17:52:09 C:\Windows\System32\mcupdate_GenuineIntel.dll -->12/07/2007 17:52:01 C:\Windows\System32\GameUXLegacyGDFs.dll -->12/07/2007 17:51:06 C:\Windows\System32\gameux.dll -->12/07/2007 17:51:06 C:\Windows\System32\slwmi.dll -->12/07/2007 17:50:38 C:\Windows\System32\SLUI.exe -->12/07/2007 17:50:38 C:\Windows\System32\SLCommDlg.dll -->12/07/2007 17:50:38 C:\Windows\System32\SLC.dll -->12/07/2007 17:50:38 C:\Windows\System32\mcbuilder.exe -->12/07/2007 17:50:38 C:\Windows\System32\SLUINotify.dll -->12/07/2007 17:50:37 C:\Windows\Ulead32.ini -->09/08/2007 17:27:56 C:\Windows\bootstat.dat -->09/08/2007 17:27:06 C:\Windows\WindowsUpdate.log -->08/08/2007 23:47:05 C:\Windows\PFRO.log -->08/08/2007 20:20:14 C:\Windows\MEMORY.DMP -->08/08/2007 15:02:42 C:\Windows\ntbtlog.txt -->08/08/2007 14:46:18 C:\Windows\gmer.ini -->08/08/2007 14:46:18 C:\Windows\gmer_uninstall.cmd -->08/08/2007 14:31:23 C:\Windows\gmer.dll -->08/08/2007 14:31:23 C:\Windows\SpywareDoctorUninstall.log -->08/08/2007 01:26:19 C:\Windows\QTFont.qfn -->07/08/2007 14:45:38 C:\Windows\QTFont.for -->07/08/2007 14:45:38 C:\Windows\setupact.log -->03/08/2007 14:08:40 C:\Windows\DPINST.LOG -->03/08/2007 14:01:58 C:\Windows\setuperr.log -->30/07/2007 15:50:11 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 50A1-919F Répertoire de C:\Windows\system32 02/11/2006 11:45 7 680 csrss.exe 1 fichier(s) 7 680 octets 0 Rép(s) 196 194 361 344 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 50A1-919F Répertoire de C:\Windows\Downloaded Program Files 03/06/2007 15:10 <REP> . 03/06/2007 15:10 <REP> .. 18/09/2006 23:26 65 desktop.ini 25/07/2002 17:13 24 576 dwusplay.dll 25/07/2002 17:13 196 608 dwusplay.exe 25/07/2002 17:05 172 032 isusweb.dll 27/03/2007 16:00 5 021 swflash.inf 5 fichier(s) 398 302 octets Total des fichiers listés : 5 fichier(s) 398 302 octets 2 Rép(s) 196 194 361 344 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 Export de la clef SharedTaskScheduler [sharedTaskScheduler] Rechercher adresses sensibles dans le fichier HOSTS... REGEDIT4 [iexplore.exe] catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-09 17:33:25 Windows 6.0.6000 NTFS scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden files: 0 KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Sorry, this version supports only Win2K/XP KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Sorry, this version supports only Win2K/XP Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 50A1-919F Répertoire de C:\Program Files 08/08/2007 01:26 <REP> . 08/08/2007 01:26 <REP> .. 03/06/2007 18:12 <REP> 7-Zip 12/10/2007 20:11 <REP> Adobe 03/06/2007 18:19 <REP> Alwil Software 06/08/2007 17:08 <REP> AntiVir PersonalEdition Classic 13/07/2007 18:01 <REP> Apple Software Update 03/08/2007 13:58 <REP> a-squared Free 01/06/2007 19:06 <REP> ATI 21/06/2007 18:02 <REP> ATI Technologies 05/06/2007 18:11 <REP> audiograbber 29/07/2007 17:33 <REP> CCleaner 29/07/2007 15:44 <REP> Common Files 07/08/2007 14:23 <REP> Curious Labs 15/10/2007 22:10 <REP> DivX 02/08/2007 16:23 <REP> e frontier 01/06/2007 22:08 <REP> ECI Telecom 03/06/2007 18:20 <REP> Elaborate Bytes 03/06/2007 18:14 <REP> eMule 16/07/2007 23:33 <REP> e-on software 07/08/2007 22:18 <REP> FileZilla 08/08/2007 01:26 <REP> Grisoft 29/07/2007 17:29 <REP> Hitman Pro 21/06/2007 18:13 <REP> Intel 20/06/2007 22:25 <REP> Internet Explorer 15/10/2007 22:11 <REP> K-Lite Codec Pack 29/07/2007 17:07 <REP> Lavasoft 03/08/2007 13:15 <REP> ma-config.com 12/10/2007 21:00 <REP> Macromedia 03/06/2007 17:06 <REP> Microsoft Games 02/11/2006 14:42 <REP> Movie Maker 13/10/2007 21:31 <REP> Mozilla Firefox 13/10/2007 21:37 <REP> Mozilla Thunderbird 02/11/2006 14:37 <REP> MSN 27/07/2007 16:50 <REP> MSXML 4.0 26/07/2007 17:29 <REP> Nero 03/06/2007 18:17 <REP> OpenOffice.org 2.2 13/07/2007 18:04 <REP> QuickTime 03/08/2007 14:00 <REP> Razer 21/06/2007 18:21 <REP> Realtek 29/07/2007 16:38 <REP> RegCleaner 03/06/2007 15:13 <REP> SmartSound Software 28/07/2007 09:03 <REP> Spybot - Search & Destroy 29/07/2007 16:40 <REP> SpywareBlaster 03/06/2007 15:10 <REP> Ulead Systems 02/11/2006 14:42 <REP> Windows Calendar 24/06/2007 17:04 <REP> Windows Defender 20/06/2007 22:25 <REP> Windows Mail 03/06/2007 15:11 <REP> Windows Media Components 02/11/2006 14:42 <REP> Windows Media Player 01/06/2007 17:34 <REP> Windows NT 02/11/2006 14:42 <REP> Windows Photo Gallery 02/11/2006 14:42 <REP> Windows Sidebar 05/06/2007 18:55 <REP> WinISO 0 fichier(s) 0 octets 54 Rép(s) 196 193 611 776 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 50A1-919F Répertoire de C:\Program Files\fichiers communs Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 50A1-919F Répertoire de C:\Program Files\common files 29/07/2007 15:44 <REP> . 29/07/2007 15:44 <REP> .. 27/07/2007 16:46 <REP> Adobe 19/07/2007 17:57 <REP> Adobe Systems Shared 26/07/2007 17:32 <REP> Ahead 17/07/2007 18:19 <REP> DAZ 03/06/2007 15:11 <REP> InstallShield 12/10/2007 21:01 <REP> Macromedia 16/07/2007 23:31 <REP> microsoft shared 02/11/2006 13:18 <REP> Services 02/11/2006 13:18 <REP> SpeechEngines 24/06/2007 15:34 <REP> SWF Studio 20/06/2007 22:25 <REP> System 03/06/2007 15:10 <REP> Ulead Systems 0 fichier(s) 0 octets 14 Rép(s) 196 193 607 680 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 50A1-919F Répertoire de C:\ 12/05/2007 18:22 68 096 diff.exe 12/05/2007 18:22 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 196 193 607 680 octets libres ****** Fin du rapport DiagHelp
×
×
  • Créer...