dadoux
-
Compteur de contenus
69 -
Inscription
-
Dernière visite
-
Jours gagnés
1
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par dadoux
-
Bonjour, Voilà, depuis quelque temps j'ai du mal à ouvrir mes fichiers, dossiers, mes pages webs etc. Je me demande si mon PC n'est pas infecté par un virus... Comme vous m'avez déjà aidé auparavant, je viens encore vous demander de l'aide. Merci d'avance.
-
bonjour bon ben merci bien pour l'aide ... a pluche
-
bonjour, Ce qui me faisait penser à une infection c'est que je me suis co a msn et sa ma déco,j'ai eu un message qui me disais qu'une autre personne c'etais connecter sur mon compte ..
-
oups oublier sa , info.txt logfile of random's system information tool 1.08 2010-08-26 23:03:25 ======Uninstall list====== Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe -maintain activex Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin Adobe Reader 9.3.4 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A93000000001} Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} avast! Free Antivirus-->C:\Program Files\Alwil Software\Avast5\aswRunDll.exe "C:\Program Files\Alwil Software\Avast5\Setup\setiface.dll" RunSetup AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManager\unins000.exe" AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe" AVS4YOU Software Navigator 1.4-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe" CCleaner-->"C:\Program Files\CCleaner\uninst.exe" CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall Galerie de photos Windows Live-->MsiExec.exe /X{B131E59D-202C-43C6-84C9-68F0C37541F1} Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_223E2B8E7BAD9544.exe" /uninstall Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C} Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} Java 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216016FF} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5} K-Lite Codec Pack 6.2.0 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {AE187E0D-EBA5-4EE1-A397-BF1A577CB24C} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {B165D3C2-40AE-4D39-86F7-E5C87C4264C0} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {14809F99-C601-4D4A-9391-F1E8FAA964C5} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {D66D5A44-E480-4BA4-B4F2-C554F6B30EBB} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Search Enhancement Pack-->MsiExec.exe /I{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A} Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5} Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Mise à jour Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {B761869A-B85C-40E2-994C-A1CE78AC8F2C} Mise à jour Microsoft Office Outlook 2007 Help (KB963677)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {51EFB347-1F3D-4BAC-8B79-F056B904FE21} Mise à jour Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {C3DCA38E-005E-41BA-A52A-7C3429F351C3} Mise à jour Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {81536A04-DBFB-4DB3-978F-0F284590C223} Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nero 9-->C:\Program Files\Common Files\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="9M03-01A1-PCX7-K31A-8A94-98PT-KT2E-522A" neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33} Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Samsung Support Center-->MsiExec.exe /I{4D2121FE-5CCC-4D47-B3A0-BF56045A5099} Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE} Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A} Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4} Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76} Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5} Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060} Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8} Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB} Security Update for Microsoft Office Outlook 2007 (KB980376)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {48113C06-9BA2-4D54-A731-D1D2C5B3144A} Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46} Security Update for Microsoft Office Publisher 2007 (KB982124)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {289FA8BC-6A8E-4341-B194-EB26B49E9F5D} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA} Sony ACID Pro 6.0-->MsiExec.exe /X{2956585F-DB2F-45C2-9363-F8CB0BB4F2A7} Sony Media Manager 2.2-->MsiExec.exe /X{2B5A75F0-FD85-4094-AB00-94902398D192} Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall TeamSpeak 3 Client-->"C:\Program Files\TeamSpeak 3 Client\uninstall.exe" TeraCopy 2.01-->"C:\Program Files\TeraCopy\unins000.exe" Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe" Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Outlook 2007 Junk Email Filter (kb2279264)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {01D475AB-57B1-44CC-8A8F-3A6B0FA4989F} Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG Virtual DJ Home Edition - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live FolderShare-->MsiExec.exe /X{2075CB0A-D26F-4DAA-B424-5079296B43BA} Windows Live Mail-->MsiExec.exe /I{5DD76286-9BE7-4894-A990-E905E91AC818} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} Windows Live Movie Maker-->MsiExec.exe /X{53B20C18-D8D4-4588-8737-9BBFE303C354} Windows Live Toolbar-->MsiExec.exe /X{F7D27C70-90F5-49B9-B188-0A133C0CE353} Windows Live Writer-->MsiExec.exe /X{4634B21A-CC07-4396-890C-2B8168661FEA} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\Wrath of the Lich King\Uninstall.exe ======System event log====== Computer Name: ADMIN444 Event Code: 1014 Message: La résolution du nom 138.184.120.174.in-addr.arpa a expiré lorsqu’aucun des serveurs DNS configurés n’a répondu. Record Number: 921 Source Name: Microsoft-Windows-DNS-Client Time Written: 20100621120406.732881-000 Event Type: Avertissement User: AUTORITE NT\SERVICE RÉSEAU Computer Name: ADMIN444 Event Code: 4001 Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement. Record Number: 839 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20100621120258.212064-000 Event Type: Avertissement User: AUTORITE NT\Système Computer Name: ADMIN444 Event Code: 4001 Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement. Record Number: 687 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20100621114643.423652-000 Event Type: Avertissement User: AUTORITE NT\Système Computer Name: ADMIN444 Event Code: 4001 Message: Le Service d’autoconfiguration WLAN s’est arrêté correctement. Record Number: 550 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20100621113631.318687-000 Event Type: Avertissement User: AUTORITE NT\Système Computer Name: ADMIN444 Event Code: 1014 Message: La résolution du nom dns.msftncsi.com a expiré lorsqu’aucun des serveurs DNS configurés n’a répondu. Record Number: 510 Source Name: Microsoft-Windows-DNS-Client Time Written: 20100621113605.815442-000 Event Type: Avertissement User: AUTORITE NT\SERVICE RÉSEAU =====Application event log===== Computer Name: ADMIN444 Event Code: 8229 Message: Un enregistreur VSS a rejeté un événement avec l’erreur 0x800423f4, L’enregistreur a rencontré une erreur non temporaire. Si le processus de sauvegarde est relancé, il est probable que l’erreur se reproduise. . Les modifications apportées par l’enregistreur aux composants de l’enregistreur lors du traitement de l’événement ne seront pas accessibles au demandeur. Consultez le journal des événements à la recherche d’événements associés en provenance de l’application hébergeant l’enregistreur VSS. Opération : Événement Freeze Contexte : Contexte d’exécution: Writer ID de classe du rédacteur: {afbab4a2-367d-4d15-a586-71dbb18f8485} Nom du rédacteur: Registry Writer ID d’instance du rédacteur: {68c7e064-50cd-47e5-b332-0b55fc3d288a} Ligne de commande: C:\Windows\system32\vssvc.exe ID de processus: 1872 Record Number: 279 Source Name: VSS Time Written: 20100621122820.000000-000 Event Type: Avertissement User: Computer Name: ADMIN444 Event Code: 12344 Message: Erreur du service de cliché instantané des volumes : une erreur 0x00000000c000014d s’est produite pendant que Registry Writer préparait le Registre pour un cliché instantané. Consultez les journaux d’événements d’application et système pour les éventuelles erreurs associées. Opération : Événement OnFreeze Événement Freeze Contexte : Contexte d’exécution: Registry Writer Contexte d’exécution: Writer ID de classe du rédacteur: {afbab4a2-367d-4d15-a586-71dbb18f8485} Nom du rédacteur: Registry Writer ID d’instance du rédacteur: {68c7e064-50cd-47e5-b332-0b55fc3d288a} Record Number: 278 Source Name: VSS Time Written: 20100621122820.000000-000 Event Type: Erreur User: Computer Name: ADMIN444 Event Code: 1530 Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d’autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela. DÉTAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-868209335-150919648-3602792371-1000: Process 420 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-868209335-150919648-3602792371-1000 Record Number: 180 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20100621113627.075479-000 Event Type: Avertissement User: AUTORITE NT\Système Computer Name: ADMIN444 Event Code: 11 Message: Fuite de mémoire possible. L’application (C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted) (PID : 996) a transmis un pointeur non NULL à RPC pour un paramètre [out] marqué [allocate(all_nodes)]. Les paramètres [allocate(all_nodes)] sont toujours réaffectés ; si le pointeur initial contenait une adresse mémoire valide, cela entraînerait une fuite de cette mémoire. L’appel provenait de l’interface avec l’UUID ({3F31C91E-2545-4B7B-9311-9529E8BFFEF6}), Numéro de méthode (10). Action utilisateur : contactez le fournisseur de l’application pour obtenir une version mise à jour. Record Number: 173 Source Name: Microsoft-Windows-RPC-Events Time Written: 20100621103340.242037-000 Event Type: Avertissement User: AUTORITE NT\SERVICE LOCAL Computer Name: ADMIN444 Event Code: 1008 Message: Le service Windows Search démarre et tente de supprimer l’ancien index de recherche {Raison : Réinitialisation totale de l’index}. Record Number: 106 Source Name: Microsoft-Windows-Search Time Written: 20100621102613.000000-000 Event Type: Avertissement User: =====Security event log===== Computer Name: 37L4247D28-05 Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-18 Nom du compte : Système Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 Privilèges : SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 5 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100621132030.919671-000 Event Type: Succès de l’audit User: Computer Name: 37L4247D28-05 Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : 37L4247D28-05$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : Système Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x1bc Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 4 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100621132030.919671-000 Event Type: Succès de l’audit User: Computer Name: 37L4247D28-05 Event Code: 4902 Message: La table de stratégie d’audit par utilisateur a été créée. Nombre d’éléments : 0 ID de la stratégie : 0x23a31 Record Number: 3 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100621132019.968451-000 Event Type: Succès de l’audit User: Computer Name: 37L4247D28-05 Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-0-0 Nom du compte : - Domaine du compte : - ID d’ouverture de session : 0x0 Type d’ouverture de session : 0 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : Système Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x4 Nom du processus : Informations sur le réseau : Nom de la station de travail : - Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : - Package d’authentification : - Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 2 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100621132017.285247-000 Event Type: Succès de l’audit User: Computer Name: 37L4247D28-05 Event Code: 4608 Message: Windows démarre. Cet événement est journalisé lorsque LSASS.EXE démarre et que le sous-système d’audit est initialisé. Record Number: 1 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20100621132017.176046-000 Event Type: Succès de l’audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ "NUMBER_OF_PROCESSORS"=2 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 10, GenuineIntel "PROCESSOR_REVISION"=170a -----------------EOF-----------------
-
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4485 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 26/08/2010 22:58:10 mbam-log-2010-08-26 (22-58-10).txt Type d'examen: Examen rapide Elément(s) analysé(s): 133816 Temps écoulé: 5 minute(s), 24 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 6 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us (Redir.ChercheUs) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://www.cherche.us'>http://www.cherche.us'>http://www.cherche.us'>http://www.cherche.us'>http://www.cherche.us/keyword/'>http://www.cherche.us/keyword/) Good: (http://www.google.com'>http://www.google.com'>http://www.google.com'>http://www.google.com'>http://www.google.com'>http://www.google.com) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page_bak (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) Logfile of random's system information tool 1.08 (written by random/random) Run by Admin at 2010-08-26 23:03:04 Microsoft Windows 7 Édition Familiale Premium Service Pack 3 System drive C: has 247 GB (81%) free of 305 GB Total RAM: 3005 MB (67% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:03:19, on 26/08/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Admin\Desktop\RSIT.exe C:\Program Files\trend micro\Admin.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.cherche.us/keyword/%s R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Actualité, Sport et Vidéo R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICE RÉSEAU') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL O15 - Trusted Zone: *.chat-land.org O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (Audiosrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\defragsvc.dll,-101 (defragsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: Service Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sdrsvc.dll,-107 (SDRSVC) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\ipnathlp.dll,-106 (SharedAccess) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (StiSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\sysmain.dll,-1000 (SysMain) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\wmpnetwk.exe O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe O23 - Service: @%systemroot%\system32\wuaueng.dll,-105 (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe -- End of file - 21342 bytes ======Scheduled tasks folder====== C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}] Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll [2010-06-25 814648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}] Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-14 278192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-06-28 2837864] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-02-20 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-02-20 175640] "Persistence"=C:\Windows\system32\igfxpers.exe [2010-02-20 167960] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-02-26 1713448] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-06-23 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2010-02-20 227328] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2010-08-26 23:03:04 ----D---- C:\rsit 2010-08-26 23:03:04 ----D---- C:\Program Files\trend micro 2010-08-26 22:49:12 ----D---- C:\Users\Admin\AppData\Roaming\Malwarebytes 2010-08-26 22:49:05 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys 2010-08-26 22:49:04 ----D---- C:\ProgramData\Malwarebytes 2010-08-26 22:49:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-08-26 22:49:04 ----A---- C:\Windows\system32\drivers\mbam.sys 2010-08-26 06:59:24 ----D---- C:\Windows\BDOSCAN8 2010-08-25 13:02:40 ----A---- C:\Windows\system32\javaws.exe 2010-08-25 13:02:40 ----A---- C:\Windows\system32\javaw.exe 2010-08-25 13:02:40 ----A---- C:\Windows\system32\java.exe 2010-08-25 08:06:20 ----A---- C:\Windows\system32\oleaut32.dll 2010-08-20 13:54:41 ----D---- C:\Users\Admin\AppData\Roaming\Nero 2010-08-11 09:34:21 ----A---- C:\Windows\system32\drivers\tcpip.sys 2010-08-11 09:34:05 ----A---- C:\Windows\system32\ir32_32.dll 2010-08-11 09:34:05 ----A---- C:\Windows\system32\iccvid.dll 2010-08-11 09:34:04 ----A---- C:\Windows\system32\rtutils.dll 2010-08-11 09:34:03 ----A---- C:\Windows\system32\msxml3.dll 2010-08-11 09:34:02 ----A---- C:\Windows\system32\drivers\srvnet.sys 2010-08-11 09:34:02 ----A---- C:\Windows\system32\drivers\srv2.sys 2010-08-11 09:34:02 ----A---- C:\Windows\system32\drivers\srv.sys 2010-08-11 09:34:01 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-08-11 09:34:01 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-08-11 09:33:58 ----A---- C:\Windows\system32\mshtml.dll 2010-08-11 09:33:57 ----A---- C:\Windows\system32\ieframe.dll 2010-08-11 09:33:56 ----A---- C:\Windows\system32\wininet.dll 2010-08-11 09:33:56 ----A---- C:\Windows\system32\urlmon.dll 2010-08-11 09:33:56 ----A---- C:\Windows\system32\mstime.dll 2010-08-11 09:33:56 ----A---- C:\Windows\system32\msfeedssync.exe 2010-08-11 09:33:56 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-08-11 09:33:56 ----A---- C:\Windows\system32\jsproxy.dll 2010-08-11 09:33:56 ----A---- C:\Windows\system32\ieui.dll 2010-08-11 09:33:56 ----A---- C:\Windows\system32\iepeers.dll 2010-08-11 09:33:56 ----A---- C:\Windows\system32\iedkcs32.dll 2010-08-11 09:33:49 ----A---- C:\Windows\system32\schannel.dll 2010-08-11 09:33:48 ----A---- C:\Windows\system32\win32k.sys 2010-08-03 00:23:25 ----A---- C:\Windows\system32\shell32.dll ======List of files/folders modified in the last 1 months====== 2010-08-26 23:03:12 ----D---- C:\Windows\Temp 2010-08-26 23:03:04 ----RD---- C:\Program Files 2010-08-26 22:49:22 ----D---- C:\Windows\Prefetch 2010-08-26 22:49:05 ----D---- C:\Windows\system32\drivers 2010-08-26 22:49:04 ----HD---- C:\ProgramData 2010-08-26 22:43:51 ----D---- C:\Windows\system32\config 2010-08-26 22:39:53 ----D---- C:\Windows\System32 2010-08-26 22:39:53 ----D---- C:\Users\Admin\AppData\Roaming\DMCache 2010-08-26 07:04:17 ----D---- C:\Windows 2010-08-26 06:59:26 ----D---- C:\Windows\Downloaded Program Files 2010-08-26 04:27:18 ----D---- C:\Windows\winsxs 2010-08-26 03:00:34 ----D---- C:\Windows\AppPatch 2010-08-26 03:00:26 ----SHD---- C:\System Volume Information 2010-08-26 02:08:44 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-08-26 02:08:43 ----D---- C:\Windows\inf 2010-08-25 13:03:58 ----SHD---- C:\Windows\Installer 2010-08-25 13:03:58 ----D---- C:\Program Files\Common Files\Java 2010-08-25 13:02:38 ----D---- C:\Program Files\Java 2010-08-25 08:06:15 ----D---- C:\Windows\system32\catroot 2010-08-25 08:05:30 ----D---- C:\Windows\system32\catroot2 2010-08-12 09:06:33 ----D---- C:\Windows\Microsoft.NET 2010-08-12 09:06:07 ----RSD---- C:\Windows\assembly 2010-08-12 03:10:59 ----D---- C:\Windows\system32\migration 2010-08-12 03:10:59 ----D---- C:\Program Files\Internet Explorer 2010-08-12 03:03:30 ----D---- C:\ProgramData\Microsoft Help 2010-08-10 03:10:36 ----D---- C:\Users\Admin\AppData\Roaming\vlc 2010-08-06 05:42:05 ----SD---- C:\Users\Admin\AppData\Roaming\Microsoft 2010-08-03 21:09:32 ----A---- C:\Windows\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 amdxata;amdxata; C:\Windows\system32\DRIVERS\amdxata.sys [2009-07-14 23616] R0 CLFS;@%SystemRoot%\system32\clfs.sys,-100; C:\Windows\System32\CLFS.sys [2009-07-14 249408] R0 CNG;CNG; C:\Windows\System32\Drivers\cng.sys [2009-07-14 369568] R0 FileInfo;@%SystemRoot%\system32\drivers\fileinfo.sys,-100; C:\Windows\system32\drivers\fileinfo.sys [2009-07-14 58448] R0 fvevol;@%SystemRoot%\system32\drivers\fvevol.sys,-100; C:\Windows\System32\DRIVERS\fvevol.sys [2009-09-26 194488] R0 hwpolicy;@%systemroot%\system32\drivers\hwpolicy.sys,-101; C:\Windows\System32\drivers\hwpolicy.sys [2009-07-14 13904] R0 KSecPkg;KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [2009-12-11 133720] R0 msahci;msahci; C:\Windows\system32\DRIVERS\msahci.sys [2009-07-14 27712] R0 msisadrv;msisadrv; C:\Windows\system32\DRIVERS\msisadrv.sys [2009-07-14 13888] R0 pcw;Performance Counters for Windows Driver; C:\Windows\System32\drivers\pcw.sys [2009-07-14 43088] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648] R0 spldr;Security Processor Loader Driver; C:\Windows\system32\drivers\spldr.sys [2009-07-14 17472] R0 vdrvroot;Pilote d’énumérateur de lecteur virtuel Microsoft; C:\Windows\system32\DRIVERS\vdrvroot.sys [2009-07-14 32832] R0 volmgr;Pilote du Gestionnaire de volume; C:\Windows\system32\DRIVERS\volmgr.sys [2009-07-14 53312] R0 volmgrx;@%SystemRoot%\system32\drivers\volmgrx.sys,-100; C:\Windows\System32\drivers\volmgrx.sys [2009-07-14 297040] R0 Wdf01000;Kernel Mode Driver Frameworks service; C:\Windows\system32\drivers\Wdf01000.sys [2009-07-14 445008] R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2010-06-28 23376] R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2010-06-28 165456] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2010-06-28 46672] R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys [2009-07-14 35328] R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys [2009-07-14 78336] R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys [2009-07-14 32256] R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys [2009-07-14 16896] R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys [2009-07-14 6656] R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys [2009-07-14 7168] R1 SABI;SAMSUNG Kernel Driver For Windows 7; \??\C:\Windows\system32\Drivers\SABI.sys [2009-08-10 10752] R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys [2009-07-14 74240] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys [2009-07-14 63488] R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys [2009-07-14 9728] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/21 16:55:13]; \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 87536] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2010-06-28 17744] R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256] R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys [2009-07-14 48128] R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys [2009-07-14 86528] R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys [2009-07-14 586752] R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys [2009-07-14 60928] R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys [2009-07-14 34816] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-12-14 1245696] R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys [2009-07-14 69632] R3 CompositeBus;Pilote de l’énumérateur de bus composite; C:\Windows\system32\DRIVERS\CompositeBus.sys [2009-07-14 31232] R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys [2009-10-02 728648] R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-07-14 304128] R3 HDAudBus;Pilote de bus UAA Microsoft pour High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys [2009-07-14 108544] R3 HidUsb;Pilote de classe HID Microsoft; C:\Windows\system32\DRIVERS\hidusb.sys [2009-07-14 24064] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2010-02-20 8726528] R3 intelppm;Pilote de processeur Intel; C:\Windows\system32\DRIVERS\intelppm.sys [2009-07-14 53760] R3 monitor;Service Pilote de fonction de classe Moniteur Microsoft; C:\Windows\system32\DRIVERS\monitor.sys [2009-07-14 23552] R3 mouhid;Pilote HID de souris; C:\Windows\system32\DRIVERS\mouhid.sys [2009-07-14 26112] R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys [2009-07-14 60416] R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys [2010-02-27 221696] R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys [2010-02-27 95744] R3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys [2009-07-14 267264] R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys [2009-07-14 49152] R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys [2009-07-14 75264] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776] R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys [2010-06-22 307200] R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [2010-06-22 113664] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-02-26 242992] R3 tunnel;Pilote de carte miniport Microsoft Tunnel; C:\Windows\system32\DRIVERS\tunnel.sys [2009-07-14 108544] R3 umbus;Pilote d’énumérateur UMBus; C:\Windows\system32\DRIVERS\umbus.sys [2009-07-14 39936] R3 usbccgp;Pilote parent générique USB Microsoft; C:\Windows\system32\DRIVERS\usbccgp.sys [2009-07-14 75264] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\Windows\system32\DRIVERS\usbuhci.sys [2009-07-14 24064] R3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2009-07-14 146176] R3 vwifibus;Pilote de bus WiFi virtuel; C:\Windows\system32\DRIVERS\vwifibus.sys [2009-07-14 19968] R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336] R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672] S3 1394ohci;1394 OHCI Compliant Host Controller; C:\Windows\system32\DRIVERS\1394ohci.sys [2009-07-14 163328] S3 AcpiPmi;ACPI Power Meter Driver; C:\Windows\system32\DRIVERS\acpipmi.sys [2009-07-14 9728] S3 adp94xx;adp94xx; C:\Windows\system32\DRIVERS\adp94xx.sys [2009-07-14 422976] S3 adpahci;adpahci; C:\Windows\system32\DRIVERS\adpahci.sys [2009-07-14 297552] S3 adpu320;adpu320; C:\Windows\system32\DRIVERS\adpu320.sys [2009-07-14 146512] S3 agp440;Intel AGP Bus Filter; C:\Windows\system32\DRIVERS\agp440.sys [2009-07-14 53312] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312] S3 amdide;amdide; C:\Windows\system32\DRIVERS\amdide.sys [2009-07-14 14912] S3 AmdK8;AMD K8 Processor Driver; C:\Windows\system32\DRIVERS\amdk8.sys [2009-07-14 55296] S3 AmdPPM;AMD Processor Driver; C:\Windows\system32\DRIVERS\amdppm.sys [2009-07-14 52736] S3 amdsata;amdsata; C:\Windows\system32\DRIVERS\amdsata.sys [2009-07-14 79952] S3 amdsbs;amdsbs; C:\Windows\system32\DRIVERS\amdsbs.sys [2009-07-14 159312] S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys [2009-07-14 50176] S3 arc;arc; C:\Windows\system32\DRIVERS\arc.sys [2009-07-14 76368] S3 arcsas;arcsas; C:\Windows\system32\DRIVERS\arcsas.sys [2009-07-14 86608] S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbdx.sys [2009-07-14 430080] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888] S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver; C:\Windows\system32\DRIVERS\BrFiltLo.sys [2009-07-14 13568] S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver; C:\Windows\system32\DRIVERS\BrFiltUp.sys [2009-07-14 5248] S3 Brserid;Brother MFC Serial Port Interface Driver (WDM); C:\Windows\System32\Drivers\Brserid.sys [2009-07-14 272128] S3 BrSerWdm;Brother WDM Serial driver; C:\Windows\System32\Drivers\BrSerWdm.sys [2009-07-14 62336] S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\Windows\System32\Drivers\BrUsbMdm.sys [2009-07-14 12160] S3 BrUsbSer;Brother MFC USB Serial WDM Driver; C:\Windows\System32\Drivers\BrUsbSer.sys [2009-07-14 11904] S3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816] S3 BTHMODEM;Pilote de communications modem Bluetooth; C:\Windows\system32\DRIVERS\bthmodem.sys [2009-07-14 56320] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696] S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704] S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880] S3 circlass;Consumer IR Devices; C:\Windows\system32\DRIVERS\circlass.sys [2009-07-14 37888] S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbdx.sys [2009-07-14 3100160] S3 elxstor;elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [2009-07-14 453712] S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\DRIVERS\errdev.sys [2009-07-14 7168] S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys [2009-07-14 142336] S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys [2009-07-14 28160] S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys [2009-07-14 46160] S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms; C:\Windows\system32\DRIVERS\gagp30kx.sys [2009-07-14 57936] S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys [2009-07-14 26624] S3 HidBatt;HID UPS Battery Driver; C:\Windows\system32\DRIVERS\HidBatt.sys [2009-07-14 21504] S3 HidBth;Microsoft Bluetooth HID Miniport; C:\Windows\system32\DRIVERS\hidbth.sys [2009-07-14 91136] S3 HidIr;Microsoft Infrared HID Driver; C:\Windows\system32\DRIVERS\hidir.sys [2009-07-14 37888] S3 HpSAMD;HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [2009-07-14 67152] S3 iaStorV;iaStorV; C:\Windows\system32\DRIVERS\iaStorV.sys [2009-07-14 332352] S3 iirsp;iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [2009-07-14 41040] S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [2009-07-14 65536] S3 iScsiPrt;iScsiPort Driver; C:\Windows\system32\DRIVERS\msiscsi.sys [2009-07-14 186960] S3 kbdhid;Keyboard HID Driver; C:\Windows\system32\DRIVERS\kbdhid.sys [2009-07-14 28160] S3 LSI_FC;LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [2009-07-14 95824] S3 LSI_SAS;LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [2009-07-14 89168] S3 LSI_SAS2;LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [2009-07-14 54864] S3 LSI_SCSI;LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [2009-07-14 96848] S3 megasas;megasas; C:\Windows\system32\DRIVERS\megasas.sys [2009-07-14 30800] S3 MegaSR;MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [2009-07-14 235584] S3 mpio;mpio; C:\Windows\system32\DRIVERS\mpio.sys [2009-07-14 130624] S3 msdsm;msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [2009-07-14 115792] S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys [2009-07-14 4096] S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys [2009-07-14 162896] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2009-07-14 6144] S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys [2009-07-14 12288] S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys [2009-07-14 27136] S3 nfrd960;nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [2009-07-14 44624] S3 nv_agp;NVIDIA nForce AGP Bus Filter; C:\Windows\system32\DRIVERS\nv_agp.sys [2009-07-14 105024] S3 nvraid;nvraid; C:\Windows\system32\DRIVERS\nvraid.sys [2009-07-14 117312] S3 nvstor;nvstor; C:\Windows\system32\DRIVERS\nvstor.sys [2009-07-14 142416] S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy); C:\Windows\system32\DRIVERS\ohci1394.sys [2009-07-14 62464] S3 ql2300;ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [2009-07-14 1383488] S3 ql40xx;ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [2009-07-14 106064] S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys [2009-07-14 31744] S3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys [2009-07-14 18944] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536] S3 sbp2port;sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [2009-07-14 85568] S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys [2009-07-14 26624] S3 sermouse;Serial Mouse Driver; C:\Windows\system32\DRIVERS\sermouse.sys [2009-07-14 19968] S3 sffdisk;Pilote de classe de stockage SFF; C:\Windows\system32\DRIVERS\sffdisk.sys [2009-07-14 11264] S3 sffp_mmc;Pilote de protocole de stockage SFF pour MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys [2009-07-14 12288] S3 sffp_sd;Pilote de protocole de stockage SFF pour SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys [2009-10-10 12800] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304] S3 SiSRaid2;SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [2009-07-14 40016] S3 SiSRaid4;SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [2009-07-14 77888] S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys [2009-07-14 71168] S3 stexstor;stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [2009-07-14 21072] S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys [2010-06-14 1286016] S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys [2009-07-14 30208] S3 uagp35;Microsoft AGPv3.5 Filter; C:\Windows\system32\DRIVERS\uagp35.sys [2009-07-14 55888] S3 uliagpkx;Uli AGP Bus Filter; C:\Windows\system32\DRIVERS\uliagpkx.sys [2009-07-14 57424] S3 UmPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys [2009-07-14 8192] S3 usbcir;eHome Infrared Receiver (USBCIR); C:\Windows\system32\DRIVERS\usbcir.sys [2009-07-14 86016] S3 usbprint;Microsoft USB PRINTER Class; C:\Windows\system32\DRIVERS\usbprint.sys [2009-07-14 19968] S3 USBSTOR;Pilote de stockage de masse USB; C:\Windows\system32\DRIVERS\USBSTOR.SYS [2009-07-14 74752] S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys [2009-07-14 26112] S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [2009-07-14 159824] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 vsmraid;vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [2009-07-14 141904] S3 WacomPen;Wacom Serial Pen HID Driver; C:\Windows\system32\DRIVERS\wacompen.sys [2009-07-14 21632] S3 Wd;Wd; C:\Windows\system32\DRIVERS\wd.sys [2009-07-14 19024] S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008] S3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2009-07-14 11264] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224] S4 crcdisk;Crcdisk Filter Driver; C:\Windows\system32\DRIVERS\crcdisk.sys [2009-07-14 22096] S4 ws2ifsl;@%systemroot%\System32\drivers\ws2ifsl.sys,-1000; C:\Windows\system32\drivers\ws2ifsl.sys [2009-07-14 16384] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337] R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208] R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe [2009-07-14 3179520] R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992] R2 WMPNetworkSvc;@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files\Windows Media Player\wmpnetwk.exe [2009-07-14 1121280] R2 WSearch;@%systemroot%\system32\SearchIndexer.exe,-103; C:\Windows\system32\SearchIndexer.exe [2009-07-14 428032] R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384] R3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe [2009-07-14 22528] R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe [2009-07-14 20992] R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992] R3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] S2 gupdate;Service Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-23 135664] S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe [2009-07-14 22528] S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\Windows\ehome\ehRecvr.exe [2010-05-09 556032] S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\Windows\ehome\ehsched.exe [2009-07-14 94720] S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2009-07-14 522752] S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2009-06-11 42856] S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-23 182768] S3 idsvc;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2009-06-11 878416] S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-03 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe [2009-07-14 12800] S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872] S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-14 204800] S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe [2009-07-14 35840] S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe [2009-07-14 22528] S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe [2009-07-14 452608] S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-22 1343400] S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2009-07-14 1202688] S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992] S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-11 66384] S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\Windows\system32\svchost.exe [2009-07-14 20992] S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-11 128848] -----------------EOF-----------------
-
bonjour, je soupsonne un virus sur mon ordinateur je voudrais l'analyser et voir mais je me rapelle plus la marche a suivre "le truc rapport ect" donc si vous pouviez m'aider a verifier et si au cas ou resoudre le problème . merçi d'avance...
-
lentement du pc et un bip bizard
dadoux a répondu à un(e) sujet de dadoux dans Analyses et éradication malwares
heu j'ai pas oublier [ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ] -->- Recherche: C:\Combofix.txt: trouvé ! C:\fixnavi.txt: trouvé ! C:\cleannavi.txt: trouvé ! C:\TB.txt: trouvé ! C:\Qoobox: trouvé ! C:\Toolbar SD: trouvé ! C:\Program Files\Navilog1: trouvé ! C:\Program Files\Navilog1\Navilog1.bat: trouvé ! C:\Program Files\Trend Micro\HijackThis: trouvé ! C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé ! C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé ! C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé ! C:\Toolbar SD\ToolBar S&D.lnk: trouvé ! C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\Navilog1: trouvé ! C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1: trouvé ! C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Navilog1\Navilog1.lnk: trouvé ! C:\Users\mariano\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis: trouvé ! C:\Users\mariano\AppData\Local\VirtualStore\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé ! C:\Users\mariano\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes\Toolbar S&D: trouvé ! C:\Users\mariano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar S&D: trouvé ! C:\Users\mariano\Desktop\Dss.exe: trouvé ! C:\Users\mariano\Desktop\HijackThis.lnk: trouvé ! C:\Users\mariano\Desktop\Navilog1.exe: trouvé ! C:\Users\mariano\Desktop\ComboFix.exe: trouvé ! C:\Users\mariano\Desktop\HijackThis.exe: trouvé ! C:\Users\mariano\Desktop\ToolBarSD.exe: trouvé ! C:\Users\mariano\Desktop\ToolBar S&D.lnk: trouvé ! C:\Users\mariano\Desktop\hijackthis.log: trouvé ! C:\Users\mariano\Desktop\DiagHelp: trouvé ! C:\Users\mariano\Documents\fixnavi.txt: trouvé ! C:\Users\mariano\Documents\TB.txt: trouvé ! C:\Users\mariano\Documents\dossier zip\Clean.zip: trouvé ! C:\Users\mariano\Documents\dossier zip\Lopxpmh2.zip: trouvé ! C:\Users\Public\Desktop\Navilog1.lnk: trouvé ! -
lentement du pc et un bip bizard
dadoux a répondu à un(e) sujet de dadoux dans Analyses et éradication malwares
merci beaucoup godlike A-- -
lentement du pc et un bip bizard
dadoux a répondu à un(e) sujet de dadoux dans Analyses et éradication malwares
re dsl pour le retard mais mon FAI n'est pas a la hauteur (big probleme de connection) voila java.log: JavaRa 1.11 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Tue Nov 18 05:08:38 2008 Found and removed: C:\Program Files\Java\jre1.6.0_04 There was an error removing C:\Program Files\Java\jre1.6.0_07. The error returned was 32. Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Classes\JavaPlugin.160_04 Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_04 Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_04 Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610004 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610004 Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160040} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\JavaPlugin.160_04 Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA} Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_04\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_04\bin\ Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_04.b12\ Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01 Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_04 Found and removed: Software\JavaSoft\Java2D\1.6.0_04 Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA} Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB} ------------------------------------ Finished reporting. et voila le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 05:30:28, on 18/11/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16757) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Hotkey Utility\tray.exe C:\Program Files\Power Manager\PM.exe C:\Program Files\Light Sensor Utility\Sensor.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Windows\System32\rundll32.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Windows\ehome\ehtray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DAP\DAP.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Secunia\PSI (RC4)\psi.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?sourceid=navcli...fr&ie=UTF-8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8800 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe O4 - HKLM\..\Run: [silent Mode] C:\Program Files\Light Sensor Utility\Sensor.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8936CB3B-FE82-4FA4-B420-4C2B11F092C2}: NameServer = 217.175.160.168 217.175.160.11 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10750 bytes -
lentement du pc et un bip bizard
dadoux a répondu à un(e) sujet de dadoux dans Analyses et éradication malwares
veinard c vite dit (pour vous peu etre ) voila : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:14:42, on 18/11/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16757) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Hotkey Utility\tray.exe C:\Program Files\Power Manager\PM.exe C:\Program Files\Light Sensor Utility\Sensor.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\DAP\DAP.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\mobsync.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\mariano\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?sourceid=navcli...fr&ie=UTF-8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8800 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe O4 - HKLM\..\Run: [silent Mode] C:\Program Files\Light Sensor Utility\Sensor.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [iS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [recinfo420] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8936CB3B-FE82-4FA4-B420-4C2B11F092C2}: NameServer = 217.175.160.168 217.175.160.11 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 12992 bytes -
lentement du pc et un bip bizard
dadoux a répondu à un(e) sujet de dadoux dans Analyses et éradication malwares
re je suis reunionnais (d'ou le decalage horaire).. ben oui j'ai applique les consignes .... voila le rapport : ComboFix 08-11-16.05 - mariano 2008-11-18 0:40:11.1 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1813 [GMT 4:00] Lancé depuis: c:\users\mariano\Desktop\ComboFix.exe * Un nouveau point de restauration a été créé . ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-17 au 2008-11-17 )))))))))))))))))))))))))))))))))))) . 2008-11-17 18:51 . 2008-11-17 23:18 <REP> d-------- c:\program files\Navilog1 2008-11-14 17:51 . 2008-11-14 17:51 <REP> d-------- c:\program files\OpenPlsInWMP 2008-11-13 11:40 . 2008-11-14 00:42 <REP> d-------- c:\program files\World of Warcraft 2008-11-12 23:17 . 2008-11-17 19:54 <REP> d-------- c:\program files\HLSW 2008-11-12 22:20 . 2008-09-10 07:25 1,341,440 --a------ c:\windows\System32\msxml6.dll 2008-11-12 22:20 . 2008-09-05 08:48 1,194,496 --a------ c:\windows\System32\msxml3.dll 2008-11-12 22:20 . 2008-09-10 07:21 2,048 --a------ c:\windows\System32\msxml6r.dll 2008-11-12 22:20 . 2008-09-05 08:45 2,048 --a------ c:\windows\System32\msxml3r.dll 2008-11-12 22:04 . 2008-08-26 05:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-11 07:25 . 2008-11-11 07:25 <REP> d-------- c:\users\mariano\WoW-BurningCrusade-frFR-Slim-Installer 2008-11-10 18:37 . 2008-11-13 11:44 <REP> d-------- c:\program files\Common Files\Blizzard Entertainment 2008-11-07 01:26 . 2008-11-10 22:49 <REP> d-------- c:\users\Public\Games 2008-11-06 14:19 . 2008-11-06 14:19 <REP> d-------- c:\users\All Users\ma-config.com 2008-11-06 14:19 . 2008-11-06 14:19 <REP> d-------- c:\programdata\ma-config.com 2008-11-06 14:19 . 2008-11-06 14:19 <REP> d-------- c:\program files\ma-config.com 2008-11-05 19:44 . 2008-11-05 19:44 <REP> d-------- c:\program files\eMule 2008-11-04 17:42 . 2008-11-04 17:42 <REP> d-------- c:\users\mariano\AppData\Roaming\Apple Computer 2008-11-04 17:41 . 2008-11-04 17:41 <REP> d----c--- c:\windows\System32\DRVSTORE 2008-11-04 17:41 . 2008-11-04 17:41 <REP> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-04 17:41 . 2008-11-04 17:41 <REP> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-11-04 17:41 . 2008-11-04 17:41 <REP> d-------- c:\program files\iTunes 2008-11-04 17:41 . 2008-11-04 17:41 <REP> d-------- c:\program files\iPod 2008-11-04 17:41 . 2008-04-17 13:12 107,368 --a------ c:\windows\System32\GEARAspi.dll 2008-11-04 17:41 . 2008-04-17 13:12 15,464 --a------ c:\windows\System32\drivers\GEARAspiWDM.sys 2008-11-04 17:38 . 2008-11-04 17:41 <REP> d-------- c:\users\All Users\Apple Computer 2008-11-04 17:38 . 2008-11-04 17:41 <REP> d-------- c:\programdata\Apple Computer 2008-11-04 17:38 . 2008-11-04 17:38 <REP> d-------- c:\program files\Apple Software Update 2008-11-04 17:36 . 2008-11-04 17:36 <REP> d-------- c:\users\All Users\Apple 2008-11-04 17:36 . 2008-11-04 17:36 <REP> d-------- c:\programdata\Apple 2008-11-04 17:36 . 2008-11-04 17:39 <REP> d-------- c:\program files\Common Files\Apple 2008-11-04 02:00 . 2008-11-17 19:52 <REP> d-------- c:\users\mariano\AppData\Roaming\Todae 2008-11-03 17:09 . 2008-11-03 17:12 <REP> d-------- c:\program files\CS 2008-11-03 16:19 . 2008-11-03 16:19 <REP> d-------- c:\users\mariano\AppData\Roaming\Desktopicon 2008-11-03 16:19 . 2008-11-03 16:49 <REP> d-------- c:\program files\Unlocker 2008-11-03 08:09 . 2008-11-03 17:12 <REP> d-------- c:\program files\sXe Injected 2008-11-03 08:06 . 2008-11-03 08:09 <REP> d-------- c:\program files\Mon Counter-Strike 1.6 V31 gr 2008-11-03 07:10 . 2008-11-03 07:10 244 --ah----- C:\sqmnoopt01.sqm 2008-11-03 07:10 . 2008-11-03 07:10 232 --ah----- C:\sqmdata01.sqm 2008-10-29 15:30 . 2008-08-12 07:29 441,856 --a------ c:\windows\System32\win32spl.dll 2008-10-29 15:30 . 2008-08-12 07:29 37,376 --a------ c:\windows\System32\printcom.dll 2008-10-21 21:38 . 2008-10-21 21:46 <REP> d-------- c:\users\mariano\AppData\Roaming\n-Track Studio6 2008-10-21 21:37 . 2008-10-21 21:37 <REP> d-------- c:\program files\FASoft 2008-10-19 03:04 . 2008-10-19 03:04 <REP> d-------- c:\windows\SQLTools9_KB948109_ENU 2008-10-19 03:01 . 2008-10-19 03:01 <REP> d-------- c:\windows\SQL9_KB948109_ENU 2008-10-17 22:50 . 2008-09-18 08:35 3,505,208 --a------ c:\windows\System32\ntkrnlpa.exe 2008-10-17 22:50 . 2008-09-18 08:35 3,470,904 --a------ c:\windows\System32\ntoskrnl.exe 2008-10-17 17:48 . 2008-09-18 06:03 2,027,520 --a------ c:\windows\System32\win32k.sys 2008-10-17 17:39 . 2008-08-26 05:12 290,304 --a------ c:\windows\System32\drivers\srv.sys 2008-10-17 13:02 . 2008-10-25 03:26 <REP> d-------- c:\program files\Microsoft Silverlight 2008-10-17 12:56 . 2008-10-19 03:05 <REP> d-------- c:\program files\Microsoft SQL Server . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-17 19:19 --------- d---a-w c:\programdata\TEMP 2008-11-17 19:09 --------- d-----w c:\program files\Search Settings 2008-11-17 14:34 27,525 ----a-w c:\users\mariano\AppData\Roaming\nvModes.dat 2008-11-17 13:54 --------- d-----w c:\programdata\Google Updater 2008-11-14 09:10 --------- d-----w c:\program files\Common Files\Adobe 2008-11-13 23:05 --------- d-----w c:\programdata\Microsoft Help 2008-11-13 01:38 --------- d-----w c:\users\mariano\AppData\Roaming\LimeWire 2008-11-12 16:53 51,792 ----a-w c:\windows\system32\drivers\aswMonFlt.sys 2008-11-05 15:44 --------- d-----w c:\programdata\eMule 2008-11-04 17:31 --------- d-----w c:\users\mariano\AppData\Roaming\Audacity 2008-11-04 13:40 --------- d-----w c:\program files\Bonjour 2008-11-04 13:39 --------- d-----w c:\program files\QuickTime 2008-11-03 01:32 --------- d-----w c:\users\mariano\AppData\Roaming\uTorrent 2008-10-27 01:59 --------- d-----w c:\users\mariano\AppData\Roaming\Notepad++ 2008-10-27 01:59 --------- d-----w c:\program files\Notepad++ 2008-10-20 13:38 --------- d-----w c:\programdata\Skype 2008-10-20 02:01 --------- d-----w c:\users\mariano\AppData\Roaming\Sony 2008-10-18 02:36 --------- d-----w c:\users\mariano\AppData\Roaming\skypePM 2008-10-17 08:58 --------- d-----w c:\program files\Microsoft.NET 2008-10-08 20:13 --------- d-----w c:\program files\Microsoft Visual Studio 9.0 2008-10-08 20:11 --------- d-----w c:\program files\Microsoft Synchronization Services 2008-10-08 20:11 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition 2008-10-08 20:02 --------- d-----w c:\program files\Microsoft SDKs 2008-10-08 03:21 0 ----a-w c:\users\mariano\AppData\Roaming\wklnhst.dat 2008-10-08 03:21 --------- d-----w c:\users\mariano\AppData\Roaming\Template 2008-10-03 01:42 --------- d-----w c:\program files\Microsoft Games 2008-10-03 01:42 --------- d-----w c:\program files\GameSpy Arcade 2008-10-02 23:46 81,920 ----a-w c:\windows\System32\frapsvid.dll 2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll 2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll 2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe 2008-10-01 12:57 --------- d-----w c:\users\mariano\AppData\Roaming\PeerNetworking 2008-10-01 03:13 --------- d-----w c:\program files\Free Audio Pack 2008-09-30 12:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-26 22:45 --------- d-----w c:\program files\Picasa2 2008-09-26 19:58 --------- d-----w c:\users\mariano\AppData\Roaming\FileZilla 2008-09-26 13:27 --------- d-----w c:\program files\FileZilla Client 2008-09-25 18:40 --------- d-----w c:\program files\Everest Poker 2008-09-20 05:00 --------- d-----w c:\users\mariano\AppData\Roaming\gtk-2.0 2008-09-19 20:00 --------- d-----w c:\users\mariano\AppData\Roaming\mIRC 2008-09-12 08:27 368,640 ----a-w c:\windows\System32\ReWire.dll 2008-09-12 08:27 233,472 ------w c:\windows\System32\REX Shared Library.dll 2008-08-29 06:18 87,336 ----a-w c:\windows\System32\dns-sd.exe 2008-08-29 05:53 61,440 ----a-w c:\windows\System32\dnssd.dll 2008-08-20 06:52 50,688 ----a-w c:\windows\System32\wbhelp2.dll 2008-08-01 23:25 174 --sha-w c:\program files\desktop.ini . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-17 1266992] [HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1] [HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}] [HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-01-15 1232896] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-12 39408] "DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-08-20 3065344] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2006-11-02 49664] "WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 c:\windows\System32\oobefldr.dll] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-19 86016] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-19 8466432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-19 81920] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-05-25 159744] "FIC HotKey"="c:\program files\Hotkey Utility\tray.exe" [2007-07-13 561152] "PowerManager"="c:\program files\Power Manager\PM.exe" [2007-05-16 29696] "Silent Mode"="c:\program files\Light Sensor Utility\Sensor.exe" [2007-06-27 253952] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-10-01 29744] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-02-26 153136] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 107112] "IS CfgWiz"="c:\program files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" [2006-10-24 46728] "osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2006-10-27 22696] "recinfo420"="c:\recinfo\RecInfo.exe" [2007-10-23 2764800] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-12 81000] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-07-10 36352] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-08-04 185896] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-10-02 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "RtHDVCpl"="RtHDVCpl.exe" [2007-04-10 c:\windows\RtHDVCpl.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] c:\users\mariano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "ValidateAdminCodeSignatures"= 1 (0x1) "FilterAdministratorToken"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.mkdmp3enc"= c:\progra~1\CYBERL~1\PowerDV\Kernel\Burner\MKDMP3Enc.ACM [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{D5C1ADF6-73A2-405C-8BFC-D5ACB74493B0}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{7A978BA1-8918-4724-9F51-D6725A1D62E3}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{554B9D1C-DDD1-43D8-B608-247E79C1AF59}"= c:\program files\CyberLink\PowerDV\PowerDV.exe:CyberLink PowerDV "TCP Query User{06DAB3E1-B8F6-4593-B096-46216ECA8C3C}c:\\program files\\counter-strike source\\hl2.exe"= UDP:c:\program files\counter-strike source\hl2.exe:hl2 "UDP Query User{254A7FB6-27BF-494C-8D27-715FB16B566D}c:\\program files\\counter-strike source\\hl2.exe"= TCP:c:\program files\counter-strike source\hl2.exe:hl2 "TCP Query User{7EDE742D-18E7-41CC-9A96-D44A2F315DD6}c:\\program files\\intervideo\\dvd8\\windvd.exe"= UDP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "UDP Query User{019187DA-D0E0-48D3-9EB2-AED02DFF6E76}c:\\program files\\intervideo\\dvd8\\windvd.exe"= TCP:c:\program files\intervideo\dvd8\windvd.exe:WinDVD "TCP Query User{BE54105E-114D-40A3-A5FE-45EB144AA988}e:\\sthiw\\stinstall.exe"= UDP:e:\sthiw\stinstall.exe:SpeedTouch Setup Wizard "UDP Query User{BF02581C-A1BA-4749-A1AD-B5D688B8FA94}e:\\sthiw\\stinstall.exe"= TCP:e:\sthiw\stinstall.exe:SpeedTouch Setup Wizard "TCP Query User{BAAC0188-F755-42C0-A086-5B01D98E44A9}c:\\program files\\mirc\\mirc.exe"= UDP:c:\program files\mirc\mirc.exe:mIRC "UDP Query User{7461F891-83BD-4EB5-9333-F59EE93B0BBF}c:\\program files\\mirc\\mirc.exe"= TCP:c:\program files\mirc\mirc.exe:mIRC "{C02724B5-2BFD-411C-A702-E3A67F68FAB1}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "TCP Query User{D57C748D-FBCF-4550-AC9B-2F76160B232E}c:\\users\\mariano\\desktop\\mirc\\mirc.exe"= UDP:c:\users\mariano\desktop\mirc\mirc.exe:mirc.exe "UDP Query User{B219046A-BC79-44D5-9B6A-2FBDE33451CC}c:\\users\\mariano\\desktop\\mirc\\mirc.exe"= TCP:c:\users\mariano\desktop\mirc\mirc.exe:mirc.exe "{48896683-4BB0-40C1-982E-A41E8C61C217}"= UDP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{5A147318-ED33-4E9E-ADF1-236AD3158D30}"= TCP:c:\program files\Winamp Remote\bin\Orb.exe:Orb "{13F69BF7-44CE-434B-BDC2-5EEF66FF4BDC}"= UDP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{C99D5F33-ACB9-4F5A-A4B0-4C27A1BE873B}"= TCP:c:\program files\Winamp Remote\bin\OrbTray.exe:OrbTray "{C50D8AC0-F854-4720-ABF7-9D553FBB97F6}"= UDP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{F7C9BB06-2576-4FDE-8D1A-C4FAFF6B9A87}"= TCP:c:\program files\Winamp Remote\bin\OrbIR.exe:OrbIR "{139B5732-0B3B-4F60-A11F-4406084BD7F1}"= UDP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{AE7DD1C8-405D-4E14-A2BA-05323A5189FC}"= TCP:c:\program files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "TCP Query User{58B39CC1-99B5-4410-A3FD-D1D64ECDE82B}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent "UDP Query User{990E0811-0BCF-44B1-9E53-B2F6C0C325D2}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent "TCP Query User{6827AF18-04FB-4583-B741-A894EF3E50A2}c:\\users\\mariano\\desktop\\copy of djbot\\mirc.exe"= UDP:c:\users\mariano\desktop\copy of djbot\mirc.exe:mirc.exe "UDP Query User{40AA5569-F6FA-48B4-82A8-3A5E4160A734}c:\\users\\mariano\\desktop\\copy of djbot\\mirc.exe"= TCP:c:\users\mariano\desktop\copy of djbot\mirc.exe:mirc.exe "TCP Query User{8F9C74E4-777E-49F8-85AD-0213CD4A8F49}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{1266A800-14EA-4005-A75E-2A93CCC1AE0A}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "{58CBBFBD-BB95-4068-9F16-995422EE1E3C}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire "{F02715DF-E615-42A1-BF8C-FFF113AEEF48}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire "TCP Query User{AF6307CE-F9F4-4727-8BBC-835B72D36866}c:\\users\\mariano\\desktop\\djbot\\mirc.exe"= UDP:c:\users\mariano\desktop\djbot\mirc.exe:mirc.exe "UDP Query User{19879BB7-7DE6-428A-9A40-0C02E4853AF7}c:\\users\\mariano\\desktop\\djbot\\mirc.exe"= TCP:c:\users\mariano\desktop\djbot\mirc.exe:mirc.exe "TCP Query User{84AF67C1-96D2-479A-82B4-A7FBAF739AC7}c:\\users\\mariano\\desktop\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= UDP:c:\users\mariano\desktop\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp.exe "UDP Query User{1035ED80-112D-476C-B4FA-3D1FEDDEE483}c:\\users\\mariano\\desktop\\lucasarts\\star wars jk ii jedi outcast\\gamedata\\jk2mp.exe"= TCP:c:\users\mariano\desktop\lucasarts\star wars jk ii jedi outcast\gamedata\jk2mp.exe:jk2mp.exe "TCP Query User{718ABE1F-1055-4531-A706-6A331F61BABD}c:\\ircbel_script\\mirc.exe"= UDP:c:\ircbel_script\mirc.exe:mIRC "UDP Query User{CBEDF41B-1BF6-428B-9BAB-FEFEFCCABBF1}c:\\ircbel_script\\mirc.exe"= TCP:c:\ircbel_script\mirc.exe:mIRC "TCP Query User{0612DEBB-902F-44F8-9E9F-D6C3C911ED49}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{8EC3496A-EEEB-4BEC-A403-F8CB0200E58A}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{D6863DFE-E2BB-4451-8325-582BD857F010}c:\\program files\\dap\\dap.exe"= UDP:c:\program files\dap\dap.exe:Download Accelerator Plus (DAP) "UDP Query User{472FFB29-ADE6-42D2-983D-7B1A341E0237}c:\\program files\\dap\\dap.exe"= TCP:c:\program files\dap\dap.exe:Download Accelerator Plus (DAP) "{F60BBD9B-617D-4D0F-A882-08BA2E5425B4}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{92111F95-A70B-4E9B-BC07-56BFBBC5D231}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "TCP Query User{3CF03B47-821B-4C89-923E-8A773D7DFC17}c:\\users\\mariano\\desktop\\delire\\djs script.exe"= UDP:c:\users\mariano\desktop\delire\djs script.exe:djs script.exe "UDP Query User{D2853D51-4379-4824-A7F4-203BAFA63989}c:\\users\\mariano\\desktop\\delire\\djs script.exe"= TCP:c:\users\mariano\desktop\delire\djs script.exe:djs script.exe "TCP Query User{13D79233-F5EC-4C57-926B-4A809EC26E00}c:\\bsmaxscript[7.0]\\mirc.exe"= UDP:c:\bsmaxscript[7.0]\mirc.exe:mIRC "UDP Query User{4FF48A30-D64A-433C-BD31-7028733B77CE}c:\\bsmaxscript[7.0]\\mirc.exe"= TCP:c:\bsmaxscript[7.0]\mirc.exe:mIRC "TCP Query User{2DD748AD-61BF-4073-9671-D6CBC15BE4D8}c:\\users\\mariano\\desktop\\windrop\\windrop\\eggdrop.exe"= UDP:c:\users\mariano\desktop\windrop\windrop\eggdrop.exe:eggdrop.exe "UDP Query User{FBCA4447-FAC7-4C42-83A0-5D1E0DF6269A}c:\\users\\mariano\\desktop\\windrop\\windrop\\eggdrop.exe"= TCP:c:\users\mariano\desktop\windrop\windrop\eggdrop.exe:eggdrop.exe "TCP Query User{F504DB96-E547-42CC-849F-179BDFA4292F}c:\\users\\mariano\\desktop\\funbot_v2\\funbotv2.exe"= UDP:c:\users\mariano\desktop\funbot_v2\funbotv2.exe:funbotv2.exe "UDP Query User{39D9CD41-B77B-4A93-8E6A-1DC726D74243}c:\\users\\mariano\\desktop\\funbot_v2\\funbotv2.exe"= TCP:c:\users\mariano\desktop\funbot_v2\funbotv2.exe:funbotv2.exe "TCP Query User{ECE0DD72-D8D6-4066-BA43-D3F0A53B6C77}c:\\users\\mariano\\desktop\\analogx\\proxy\\proxy.exe"= UDP:c:\users\mariano\desktop\analogx\proxy\proxy.exe:proxy.exe "UDP Query User{4CC63046-E294-4659-AD4E-843DF486AD8A}c:\\users\\mariano\\desktop\\analogx\\proxy\\proxy.exe"= TCP:c:\users\mariano\desktop\analogx\proxy\proxy.exe:proxy.exe "TCP Query User{75C03EE7-A82B-467B-8997-B8D81318E7D6}c:\\wamp\\apache2\\bin\\httpd.exe"= UDP:c:\wamp\apache2\bin\httpd.exe:Apache HTTP Server "UDP Query User{59ED6116-8175-4E44-9F2D-DFF376B4299C}c:\\wamp\\apache2\\bin\\httpd.exe"= TCP:c:\wamp\apache2\bin\httpd.exe:Apache HTTP Server "TCP Query User{7E0A5F2E-4D76-4E31-A9CD-54FDF0BA496C}c:\\program files\\microsoft games\\halo trial\\halo.exe"= UDP:c:\program files\microsoft games\halo trial\halo.exe:Halo "UDP Query User{13790735-77B4-461E-A08B-4B5C4F453F40}c:\\program files\\microsoft games\\halo trial\\halo.exe"= TCP:c:\program files\microsoft games\halo trial\halo.exe:Halo "TCP Query User{D4E99D25-FD65-42E4-82B4-DEA884332646}c:\\program files\\counter-strike 1.6 v31\\hl.exe"= UDP:c:\program files\counter-strike 1.6 v31\hl.exe:Half-Life Launcher "UDP Query User{34392178-7E27-4BEC-8D87-CC0BEA3ADBC2}c:\\program files\\counter-strike 1.6 v31\\hl.exe"= TCP:c:\program files\counter-strike 1.6 v31\hl.exe:Half-Life Launcher "TCP Query User{2E3E35F6-E5A6-4C7F-94AB-5170B78F4DC9}c:\\program files\\virtualdj\\virtualdj_he6.exe"= UDP:c:\program files\virtualdj\virtualdj_he6.exe:VirtualDJ "UDP Query User{83ABC27E-A7A2-47F6-8011-41D1BB89B862}c:\\program files\\virtualdj\\virtualdj_he6.exe"= TCP:c:\program files\virtualdj\virtualdj_he6.exe:VirtualDJ "TCP Query User{49B8784B-746E-4D09-89E1-A2C4B58A7A49}c:\\program files\\counter-strike\\hl.exe"= UDP:c:\program files\counter-strike\hl.exe:Half-Life Launcher "UDP Query User{922C85A0-14E8-4907-9BF7-D5F787A409A1}c:\\program files\\counter-strike\\hl.exe"= TCP:c:\program files\counter-strike\hl.exe:Half-Life Launcher "TCP Query User{AE61DA8E-3130-4729-8FD8-39689CEAA0CE}c:\\users\\mariano\\documents\\my completed downloads\\wowclient-downloader.exe"= UDP:c:\users\mariano\documents\my completed downloads\wowclient-downloader.exe:wowclient-downloader.exe "UDP Query User{C3FF4BA4-8410-4C76-94D4-7B821D2D0FAE}c:\\users\\mariano\\documents\\my completed downloads\\wowclient-downloader.exe"= TCP:c:\users\mariano\documents\my completed downloads\wowclient-downloader.exe:wowclient-downloader.exe "TCP Query User{1596986C-F7AB-4158-8E4C-CBCF6498EA38}c:\\program files\\counter-strike 1.6\\hl.exe"= UDP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "UDP Query User{515AE117-9FDE-4E87-98BD-75DF19CC6DE1}c:\\program files\\counter-strike 1.6\\hl.exe"= TCP:c:\program files\counter-strike 1.6\hl.exe:Half-Life Launcher "TCP Query User{79F866AA-47EC-4C2E-ACF4-CE11F0C95088}c:\\users\\mariano\\documents\\my completed downloads\\enusinstallerbc.exe"= UDP:c:\users\mariano\documents\my completed downloads\enusinstallerbc.exe:enusinstallerbc.exe "UDP Query User{6EA01CD9-0241-44D4-9E38-A372F10963B2}c:\\users\\mariano\\documents\\my completed downloads\\enusinstallerbc.exe"= TCP:c:\users\mariano\documents\my completed downloads\enusinstallerbc.exe:enusinstallerbc.exe "TCP Query User{0069D20A-13BE-4A6E-8B98-20D56309DC37}c:\\program files\\world of warcraft\\repair.exe"= UDP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility "UDP Query User{DEC16A7A-054B-423C-8581-9B8D9D866545}c:\\program files\\world of warcraft\\repair.exe"= TCP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility "TCP Query User{0DB00D9D-6EF1-45BF-8897-5472816ECB00}c:\\program files\\cs 1.6\\hl.exe"= UDP:c:\program files\cs 1.6\hl.exe:Half-Life Launcher "UDP Query User{BA3B6069-5E50-44D2-A98F-2B295E4EA6A2}c:\\program files\\cs 1.6\\hl.exe"= TCP:c:\program files\cs 1.6\hl.exe:Half-Life Launcher "TCP Query User{1C49857F-0285-48A4-9F06-B5A0D62DCB25}c:\\program files\\mon counter-strike 1.6 v31 gr\\hl.exe"= UDP:c:\program files\mon counter-strike 1.6 v31 gr\hl.exe:Half-Life Launcher "UDP Query User{CC4B5DAD-F950-467E-993D-1A8EB53AD2F6}c:\\program files\\mon counter-strike 1.6 v31 gr\\hl.exe"= TCP:c:\program files\mon counter-strike 1.6 v31 gr\hl.exe:Half-Life Launcher "TCP Query User{930B6001-578F-4211-91C9-193A9C59B2A8}c:\\program files\\cs\\hl.exe"= UDP:c:\program files\cs\hl.exe:Half-Life Launcher "UDP Query User{5586F6BC-061E-44AA-8336-7369AD590CC3}c:\\program files\\cs\\hl.exe"= TCP:c:\program files\cs\hl.exe:Half-Life Launcher "TCP Query User{0B8A0BC2-4064-42ED-886E-FA43EBB43965}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex01.254\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex01.254\freezer.exe:freezer.exe "UDP Query User{3B332A31-3FEE-4D47-B207-845586820692}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex01.254\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex01.254\freezer.exe:freezer.exe "TCP Query User{0CD14879-38BE-474C-897D-A6F232DBACFF}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.039\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.039\freezer.exe:freezer.exe "UDP Query User{65042628-D4A9-4F67-AD0E-E0578A39125F}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.039\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.039\freezer.exe:freezer.exe "TCP Query User{FB3C4D55-81B1-40C9-9BA6-89E220E71815}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.919\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.919\freezer.exe:freezer.exe "UDP Query User{452465BA-B6B3-47F5-A3FE-A7D3A87746B4}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.919\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.919\freezer.exe:freezer.exe "TCP Query User{B1405AA7-01B7-4B09-AA36-38328368F41C}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.772\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.772\freezer.exe:freezer.exe "UDP Query User{BCEB5DD1-09D4-45D7-8060-A4E9FB88BACF}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.772\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.772\freezer.exe:freezer.exe "{64F03025-D886-45B1-A862-5BCAD461BAA4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{D9554320-5569-4EB7-BDB1-FC3D721A70F3}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{954AB9BC-02EC-4B0C-B12C-349B0947A1B7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes "{AC4B4E9D-8425-49C9-87E6-32A1030617F8}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes "TCP Query User{E0009AE3-9CCC-40EE-9374-2CEAE7977BDE}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.773\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.773\freezer.exe:freezer.exe "UDP Query User{337E7C1F-B204-4D6B-A34E-A2B8971F9C98}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.773\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.773\freezer.exe:freezer.exe "TCP Query User{813FC501-EF26-4E2B-B8B8-27CCBF0FDF1C}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.023\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.023\freezer.exe:freezer.exe "UDP Query User{3DDC6E30-C2F7-4745-8887-5B552B17FD4A}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.023\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.023\freezer.exe:freezer.exe "TCP Query User{4138176C-4A35-45D7-9AF0-7BBB6944BCA8}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.180\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.180\freezer.exe:freezer.exe "UDP Query User{0979C723-825B-4122-AA17-4D8B56BF3CE6}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.180\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.180\freezer.exe:freezer.exe "TCP Query User{63671C37-91AD-4D4E-83F2-91A9E8512821}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.134\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.134\freezer.exe:freezer.exe "UDP Query User{41B30D48-BE2B-4678-86BE-78227D92D894}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.134\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.134\freezer.exe:freezer.exe "TCP Query User{9B5F2504-B6B8-4E25-8054-DEB3EEAE6076}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.852\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.852\freezer.exe:freezer.exe "UDP Query User{90680ABB-CB5A-4F49-BF56-3F3CAA833683}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.852\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.852\freezer.exe:freezer.exe "TCP Query User{AAFA3CF3-09FE-4304-B06B-ABE374764F8D}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.929\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.929\freezer.exe:freezer.exe "UDP Query User{B2B913AD-74AD-4536-82EB-2D1BDAC6A255}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.929\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.929\freezer.exe:freezer.exe "{5075F858-2031-40B9-9357-0E898EEE8E0F}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp "{1083B160-3DFF-49AB-8634-A822AB45FB0A}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp "{AF3B325A-37F5-4FFE-AA3A-C560D5E33B41}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice "{BD4C58AD-6F84-4A1D-8AD0-7A74C780CE9D}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice "TCP Query User{5A6B67AE-4692-4C20-8786-854329849CE4}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.321\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.321\freezer.exe:freezer.exe "UDP Query User{776D284F-1E13-484D-8702-65DC6665A88A}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.321\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.321\freezer.exe:freezer.exe "TCP Query User{8C68C3A1-9A99-491E-8B6F-60C91F2398FB}c:\\users\\public\\games\\wow-2.3.0.7561-frfr-downloader.exe"= UDP:c:\users\public\games\wow-2.3.0.7561-frfr-downloader.exe:Blizzard Downloader "UDP Query User{50741C50-ABCC-4E7A-9688-CECA47DE25FD}c:\\users\\public\\games\\wow-2.3.0.7561-frfr-downloader.exe"= TCP:c:\users\public\games\wow-2.3.0.7561-frfr-downloader.exe:Blizzard Downloader "TCP Query User{D7B2636E-E213-4AF4-8D15-CB5E1D94D78C}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.539\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.539\freezer.exe:freezer.exe "UDP Query User{0B051696-EE7E-4BCF-A7CA-713D02AAE7E5}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.539\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.539\freezer.exe:freezer.exe "TCP Query User{5F8C93CD-3646-4F32-87CA-DB5593BBE711}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.820\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.820\freezer.exe:freezer.exe "UDP Query User{C79B407D-E8CD-434C-9F5B-749C9194FD99}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.820\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.820\freezer.exe:freezer.exe "TCP Query User{EAF6076C-A7F8-4B5F-BF55-D4A3876B7B1F}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.789\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.789\freezer.exe:freezer.exe "UDP Query User{3C4C3DA3-70E7-4D93-9909-47C37EB62132}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.789\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.789\freezer.exe:freezer.exe "TCP Query User{D5F183DF-669C-414D-86B6-C2DB7CB9C4A3}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.352\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.352\freezer.exe:freezer.exe "UDP Query User{725A6E05-7A0B-408B-B873-CD1446EB6FE8}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.352\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.352\freezer.exe:freezer.exe "TCP Query User{AEEEF50A-0461-4DDC-8A29-3D0974C4D7D0}c:\\users\\mariano\\downloads\\bc.exe"= UDP:c:\users\mariano\downloads\bc.exe:bc.exe "UDP Query User{F300CDE8-966B-4C5A-AAAB-E668611DE946}c:\\users\\mariano\\downloads\\bc.exe"= TCP:c:\users\mariano\downloads\bc.exe:bc.exe "TCP Query User{81AE56CA-A7FD-4F45-85F8-1BC78061BD05}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.363\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.363\freezer.exe:freezer.exe "UDP Query User{3234393A-4A0E-4091-86F1-1C86B7B5A881}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.363\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.363\freezer.exe:freezer.exe "TCP Query User{26C3E34F-C9FD-4FC3-B879-9342FE258735}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.602\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.602\freezer.exe:freezer.exe "UDP Query User{31BF5A29-92A6-4C49-A61C-267783DAD4E6}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.602\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.602\freezer.exe:freezer.exe "TCP Query User{D2271E54-D0A2-4933-8710-6ADFEDA56EEA}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.181\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.181\freezer.exe:freezer.exe "UDP Query User{C00DA421-5FC8-4253-923F-08A8A64DB84B}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.181\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.181\freezer.exe:freezer.exe "TCP Query User{BB71A73A-B862-4DE5-B0F4-4960A9FBDF4D}c:\\users\\mariano\\downloads\\wow.exe"= UDP:c:\users\mariano\downloads\wow.exe:wow.exe "UDP Query User{A53038C2-FE51-4CDF-994C-25DA1B56E110}c:\\users\\mariano\\downloads\\wow.exe"= TCP:c:\users\mariano\downloads\wow.exe:wow.exe "TCP Query User{18A6C65C-24A5-4E68-92FE-B00A4416C447}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.774\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.774\freezer.exe:freezer.exe "UDP Query User{CD3C7272-6265-4EF1-ADBA-417C0BD4895D}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.774\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.774\freezer.exe:freezer.exe "TCP Query User{4484E576-7BE0-4EFE-8DD3-99025CD3CD2E}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.908\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.908\freezer.exe:freezer.exe "UDP Query User{8053487C-F9F3-4732-8852-597BB699DB03}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.908\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.908\freezer.exe:freezer.exe "TCP Query User{E9DEEE93-8DE5-419A-8F23-00DC6BA808BD}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.399\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.399\freezer.exe:freezer.exe "UDP Query User{CE2D97D7-AD37-47A0-8487-27E68DC47675}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.399\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.399\freezer.exe:freezer.exe "TCP Query User{7291802D-3DC4-4E58-871C-DCBC8DD32CF5}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex01.200\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex01.200\freezer.exe:freezer.exe "UDP Query User{3113E75C-127A-4F62-B31B-1A3E1B408922}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex01.200\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex01.200\freezer.exe:freezer.exe "TCP Query User{3E2126F2-F71B-412A-9559-AA391585EE75}c:\\program files\\hlsw\\hlsw_0_4_1.exe"= UDP:c:\program files\hlsw\hlsw_0_4_1.exe:MFC-Anwendung HLSW "UDP Query User{55C1BF92-8AB4-4BA7-B6B3-54B9731A8977}c:\\program files\\hlsw\\hlsw_0_4_1.exe"= TCP:c:\program files\hlsw\hlsw_0_4_1.exe:MFC-Anwendung HLSW "TCP Query User{30056622-C7F1-408B-932B-00879929EF5E}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.911\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.911\freezer.exe:freezer.exe "UDP Query User{E8460B7A-BE69-4CB6-84DF-C9C850D65E8E}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.911\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.911\freezer.exe:freezer.exe "TCP Query User{42B66E71-1B50-4AB4-A29A-F44C32DE5CB6}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.883\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.883\freezer.exe:freezer.exe "UDP Query User{AE6263C4-29E4-495D-B833-F65577D012CD}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.883\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.883\freezer.exe:freezer.exe "TCP Query User{0E8DB5C1-C8B2-4E9D-9E3A-0E487589BE0F}c:\\program files\\world of warcraft\\wow-2.4.2-frfr-downloader.exe"= UDP:c:\program files\world of warcraft\wow-2.4.2-frfr-downloader.exe:Blizzard Downloader "UDP Query User{BCAB243B-3C62-4789-A2E3-4B69950EB01B}c:\\program files\\world of warcraft\\wow-2.4.2-frfr-downloader.exe"= TCP:c:\program files\world of warcraft\wow-2.4.2-frfr-downloader.exe:Blizzard Downloader "TCP Query User{C3827576-BF61-4E00-8750-7760F3668362}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.288\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.288\freezer.exe:freezer.exe "UDP Query User{BE9A1C15-2FEE-4886-8D36-61C60B087C3D}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.288\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.288\freezer.exe:freezer.exe "TCP Query User{00514863-D1AD-42EA-9466-1B23AAD4E539}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.410\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.410\freezer.exe:freezer.exe "UDP Query User{0ECDD4CB-C43B-4498-A7C1-AA7D14669E1D}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.410\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.410\freezer.exe:freezer.exe "TCP Query User{EE92B42B-3892-4635-956D-34F135C6FF7E}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.117\\freezer.exe"= UDP:c:\users\mariano\appdata\local\temp\rar$ex00.117\freezer.exe:freezer.exe "UDP Query User{4E395360-0AAE-4F39-AD82-E2FFC0E429AC}c:\\users\\mariano\\appdata\\local\\temp\\rar$ex00.117\\freezer.exe"= TCP:c:\users\mariano\appdata\local\temp\rar$ex00.117\freezer.exe:freezer.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-08-01 110160] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-08-01 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-08-01 51792] R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler;c:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800] R3 RTSTOR;USB Mass Storage Device;c:\windows\system32\drivers\RTSTOR.SYS [2007-01-15 47616] R3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2007-01-15 218624] S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-01-15 29744] S3 IDSvix86;Symantec Intrusion Prevention Driver;\??\c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2007-01-15 202872] S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-10-28 195752] S3 Steam Client Service;Steam Client Service;c:\program files\Common Files\Steam\SteamService.exe /RunAsService [2008-08-27 87288] S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\DRIVERS\torususb.sys [2008-06-20 543555] S3 wampapache;wampapache;"c:\wamp\apache2\bin\httpd.exe" -k runservice [2007-01-09 20539] S3 wampmysqld;wampmysqld;c:\wamp\mysql\bin\mysqld-nt.exe --defaults-file=c:\wamp\mysql\my.ini wampmysqld [] S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-01-15 131616] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1019df91-626f-11dd-b798-00147fb5bb8f}] \shell\AutoRun\command - G:\EXPLORER.EXE \shell\explore\Command - G:\EXPLORER.EXE \shell\open\Command - G:\EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a5e6354-3eed-11dd-957c-003005db8da5}] \shell\AutoRun\command - ntde1ect.com \shell\explore\Command - ntde1ect.com \shell\open\Command - ntde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a5e635b-3eed-11dd-957c-003005db8da5}] \shell\AutoRun\command - H:\ntde1ect.com \shell\explore\Command - H:\ntde1ect.com \shell\open\Command - H:\ntde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a5e657c-3eed-11dd-957c-003005db8da5}] \shell\AutoRun\command - I:\ntde1ect.com \shell\explore\Command - I:\ntde1ect.com \shell\open\Command - I:\ntde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7cf6fd7-561c-11dd-a9f6-003005db8da5}] \shell\AutoRun\command - EXPLORER.EXE \shell\explore\Command - EXPLORER.EXE \shell\open\Command - EXPLORER.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d523730b-90ec-11dd-8ca9-00147fb5bb8f}] \shell\AutoRun\command - EXPLORER.EXE \shell\explore\Command - EXPLORER.EXE \shell\open\Command - EXPLORER.EXE *Newly Created Service* - COMHOST *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Tâches planifiées' 2008-11-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 18:39] . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-SuperCopier2.exe - c:\program files\SuperCopier2\SuperCopier2.exe HKCU-Run-meoii - c:\users\mariano\appdata\local\meoii.exe HKLM-Run-toolbar_eula_launcher - c:\tb_eula\EULALauncher.NET.exe . ------- Examen supplémentaire ------- . FireFox -: Profile - c:\users\mariano\AppData\Roaming\Mozilla\Firefox\Profiles\9f6oubmr.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://search.speedbit.com/ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-18 00:43:43 Windows 6.0.6000 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-11-18 0:46:22 ComboFix-quarantined-files.txt 2008-11-17 20:45:22 Avant-CF: 2 928 742 400 octets libres Après-CF: 2,745,012,224 octets libres 393 --- E O F --- 2008-11-13 23:08:23 -
lentement du pc et un bip bizard
dadoux a répondu à un(e) sujet de dadoux dans Analyses et éradication malwares
00:11 mais apres le premier rapport j'ai eu un pb de connection c pour sa le decalage enorme -
lentement du pc et un bip bizard
dadoux a répondu à un(e) sujet de dadoux dans Analyses et éradication malwares
re bon j'utilise avast , excuse moi mais j'ai oublier d'enregistrer le TB.txt (j'ai regarder dans c:/TB.txt ) mais je crois que c le m vue l'heure ... je te le met mais pas sur que ce sois sa :s -----------\\ ToolBar S&D 1.0.8 XP/Vista [ USER : mariano ] [ "C:\ToolBar SD" ] [ Selection : 1 ] [ 17/11/2008 | 18:48:33,80 ] [ PC : PC-DE-MARIANO ] [ MAJ : 04-08-2008 | 23:15 ] [ UAC => 0 ] -----------\\ Recherche de Fichiers / Dossiers ... C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio C:\Program Files\Dealio C:\Program Files\Dealio\DealioAU.exe C:\Program Files\Dealio\kb127 C:\Program Files\Dealio\SearchSettingsKit.exe C:\Windows\Prefetch\SEARCHSETTINGS.EXE-4FF31194.pf C:\Program Files\Search Settings C:\Program Files\Search Settings\kb127 C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\MSN Messenger\msimg32.dll -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\Windows\\system32\\blank.htm" "Search Page"="http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR"'>http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR" "Start Page"="http://www.google.de/webhp?sourceid=navclient&hl=fr&ie=UTF-8" "Search Bar"="http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR" "Url"="http://go.microsoft.com/fwlink/?LinkId=75720" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://fr.yahoo.com"'>http://fr.yahoo.com" "Default_Page_URL"="http://fr.yahoo.com" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [ UAC => 1 ] -----------\\ Fin du rapport a 18:48:43,21 et voila : Clean Navipromo version 3.6.9 commencé le 17/11/2008 à 23:12:22,76 Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "mariano" Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO Microsoft Windows Vista 6.0.6000 Internet Explorer : 7.0.6000.16757 Système de fichiers : NTFS Mode suppression automatique avec prise en charge résultats Catchme et GNS Nettoyage exécuté au redémarrage de l'ordinateur *** fsbl1.txt non trouvé *** (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche) *** Suppression avec sauvegardes résultats GenericNaviSearch *** * Suppression dans "C:\Windows\System32" * * Suppression dans "C:\Users\mariano\AppData\Local\Microsoft" * * Suppression dans "C:\Users\mariano\AppData\Local\virtualstore\windows\system32" * * Suppression dans "C:\Users\mariano\AppData\Local" * *** Suppression dossiers dans "C:\Windows" *** *** Suppression dossiers dans "C:\Program Files" *** *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" *** *** Suppression dossiers dans "c:\progra~2\micros~1\windows\startm~1" *** *** Suppression dossiers dans "C:\ProgramData" *** *** Suppression dossiers dans c:\users\mariano\appdata\roaming\micros~1\windows\startm~1\programs *** *** Suppression dossiers dans "C:\Users\mariano\AppData\Local\virtualstore\Program Files" *** *** Suppression dossiers dans "C:\Users\mariano\AppData\Roaming" *** *** Suppression fichiers *** *** Suppression fichiers temporaires *** Nettoyage contenu C:\Windows\Temp effectué ! Nettoyage contenu C:\Users\mariano\AppData\Local\Temp effectué ! *** Traitement Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Suppression avec sauvegardes nouveaux fichiers Instant Access : 2)Recherche, création sauvegardes et suppression Heuristique : * Dans "C:\Windows\system32" * * Dans "C:\Users\mariano\AppData\Local\Microsoft" * * Dans "C:\Users\mariano\AppData\Local\virtualstore\windows\system32" * * Dans "C:\Users\mariano\AppData\Local" * *** Sauvegarde du Registre vers dossier Safebackup *** sauvegarde du Registre réalisée avec succès ! *** Nettoyage Registre *** Nettoyage Registre Ok *** Certificats *** Certificat Egroup supprimé ! Certificat Electronic-Group supprimé ! Certificat Montorgueil absent ! Certificat OOO-Favorit supprimé ! Certificat Sunny-Day-Design-Ltdt absent ! *** Nettoyage terminé le 17/11/2008 à 23:18:54,21 *** et le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:31:37, on 17/11/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16757) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Hotkey Utility\tray.exe C:\Program Files\Power Manager\PM.exe C:\Program Files\Light Sensor Utility\Sensor.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DAP\DAP.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\mariano\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?sourceid=navcli...fr&ie=UTF-8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8800 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe O4 - HKLM\..\Run: [silent Mode] C:\Program Files\Light Sensor Utility\Sensor.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [iS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [recinfo420] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\tb_eula\EULALauncher.NET.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup O4 - HKCU\..\Run: [meoii] "c:\users\mariano\appdata\local\meoii.exe" meoii O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8936CB3B-FE82-4FA4-B420-4C2B11F092C2}: NameServer = 217.175.160.168 217.175.160.11 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 13988 bytes A++ -
lentement du pc et un bip bizard
dadoux a répondu à un(e) sujet de dadoux dans Analyses et éradication malwares
voila : -----------\\ ToolBar S&D 1.0.8 XP/Vista [ USER : mariano ] [ "C:\ToolBar SD" ] [ Selection : 1 ] [ 17/11/2008 | 18:48:33,80 ] [ PC : PC-DE-MARIANO ] [ MAJ : 04-08-2008 | 23:15 ] [ UAC => 0 ] -----------\\ Recherche de Fichiers / Dossiers ... C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Dealio C:\Program Files\Dealio C:\Program Files\Dealio\DealioAU.exe C:\Program Files\Dealio\kb127 C:\Program Files\Dealio\SearchSettingsKit.exe C:\Windows\Prefetch\SEARCHSETTINGS.EXE-4FF31194.pf C:\Program Files\Search Settings C:\Program Files\Search Settings\kb127 C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\MSN Messenger\msimg32.dll -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\Windows\\system32\\blank.htm" "Search Page"="http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR"'>http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR" "Start Page"="http://www.google.de/webhp?sourceid=navclient&hl=fr&ie=UTF-8" "Search Bar"="http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR" "Url"="http://go.microsoft.com/fwlink/?LinkId=75720" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://fr.yahoo.com"'>http://fr.yahoo.com" "Default_Page_URL"="http://fr.yahoo.com" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" [ UAC => 1 ] -----------\\ Fin du rapport a 18:48:43,21 et voila : Search Navipromo version 3.6.9 commencé le 17/11/2008 à 19:11:18,16 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Postez ce rapport sur le forum pour le faire analyser !!! !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!! Outil exécuté depuis C:\Program Files\navilog1 Session actuelle : "mariano" Mise à jour le 05.11.2008 à 21h00 par IL-MAFIOSO Microsoft Windows Vista 6.0.6000 Internet Explorer : 7.0.6000.16757 Système de fichiers : NTFS Recherche executé en mode sans échec *** Recherche Programmes installés *** *** Recherche dossiers dans "C:\Windows" *** *** Recherche dossiers dans "C:\Program Files" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" *** *** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" *** *** Recherche dossiers dans "C:\ProgramData" *** *** Recherche dossiers dans "c:\users\mariano\appdata\roaming\micros~1\windows\startm~1\programs" *** *** Recherche dossiers dans "C:\Users\mariano\AppData\Local\virtualstore\Program Files" *** *** Recherche dossiers dans "C:\Users\mariano\AppData\Roaming" *** *** Recherche avec Catchme-rootkit/stealth malware detector par gmer *** pour + d'infos : http://www.gmer.net *** Recherche avec GenericNaviSearch *** !!! Tous ces résultats peuvent révéler des fichiers légitimes !!! !!! A vérifier impérativement avant toute suppression manuelle !!! * Recherche dans "C:\Windows\system32" * * Recherche dans "C:\Users\mariano\AppData\Local\Microsoft" * * Recherche dans "C:\Users\mariano\AppData\Local\virtualstore\windows\system32" * * Recherche dans "C:\Users\mariano\AppData\Local" * *** Recherche fichiers *** *** Recherche clés spécifiques dans le Registre *** HKEY_CURRENT_USER\Software\Lanconfig trouvé ! *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche nouveaux fichiers Instant Access : 2)Recherche Heuristique : * Dans "C:\Windows\system32" : * Dans "C:\Users\mariano\AppData\Local\Microsoft" : * Dans "C:\Users\mariano\AppData\Local\virtualstore\windows\system32" : * Dans "C:\Users\mariano\AppData\Local" : 3)Recherche Certificats : Certificat Egroup trouvé ! Certificat Electronic-Group trouvé ! Certificat Montorgueil absent ! Certificat OOO-Favorit trouvé ! Certificat Sunny-Day-Design-Ltd absent ! 4)Recherche fichiers connus : *** Analyse terminée le 17/11/2008 à 19:25:33,38 *** -
bonjour , voila mon pc est un peu lent c dernier temps , et j'ai un probleme quand j'ouvre certaine application (style : internet explorer) j'ai un petit "bip" je comprend pas d'ou sa viens .... os vista .Pourriez vous m'aider svp merci d'avance voila le rapport hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:33:45, on 17/11/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16757) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\rundll32.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Windows\System32\rundll32.exe C:\Program Files\Hotkey Utility\tray.exe C:\Program Files\Power Manager\PM.exe C:\Program Files\Light Sensor Utility\Sensor.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\DAP\DAP.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\mariano\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/webhp?sourceid=navcli...fr&ie=UTF-8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8800 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O1 - Hosts: ::1 localhost O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: DealioBHO Class - {6A87B991-A31F-4130-AE72-6D0C294BF082} - C:\Program Files\Dealio\kb127\Dealio.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb127\Dealio.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [FIC HotKey] C:\Program Files\Hotkey Utility\tray.exe O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe O4 - HKLM\..\Run: [silent Mode] C:\Program Files\Light Sensor Utility\Sensor.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [iS CfgWiz] "c:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT" O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [recinfo420] c:\RecInfo\RecInfo.exe O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\tb_eula\EULALauncher.NET.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe O4 - HKLM\..\Run: [searchSettings] C:\Program Files\Search Settings\SearchSettings.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup O4 - HKCU\..\Run: [meoii] "c:\users\mariano\appdata\local\meoii.exe" meoii O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user') O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Compare Prices with &Dealio - C:\Users\mariano\AppData\LocalLow\Dealio\kb127\res\DealioSearch.html O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll O9 - Extra 'Tools' menuitem: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb127\Dealio.dll O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU) O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8936CB3B-FE82-4FA4-B420-4C2B11F092C2}: NameServer = 217.175.160.168 217.175.160.11 O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Validation de mot de passe Symantec IS (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: wampapache - Apache Software Foundation - c:\wamp\apache2\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 14761 bytes bye!!!
-
heu je viens regarde sur le net on dit que c un trojan donc je l'ai supprime lol
-
bon j'ai telecharge mais quand je veux supprime je vois que le truc me renvoie dans le processus comine.exe et c dans le systeme 32 donc je voulauis savoir si sa un importance ce fichier merci avant de la supprimer .
-
salut; voila je voudrai supprimer un dossier (qui quand j' ouvre est vide) mais windows me dit que le dossier enfin je suppose ce qui contient cad nada est utiliser pas un autre programme ... j'ai essayer avec l'invite de commande windows il trouve pas le fichier lol je n'y comprend plus rien est ce qu'on pourrai me dire comment faire svp merci. os vista ou comment faire pour voir quel programme utilise le programme (d'un dossier vide) enfin bref trop complquer for me
-
heu merci pour tout mais j'abandonne je suis entrain m'embrouiller severs... merci pour votre aide et dsl de vous avoir deranger
-
heu faut je le configure moi m ben j'ai pas vb6 comment je fait sa moi oula complquer le truc .....
-
voila j'essaye de telecharge le truc pour le langage la ... mais a chaque fois que je met le lien sa me dit page introuvable ... Pour faire parler l'agent Microsoft dans la langue voulue, il faut installer le moteur TTS correspondant et spécifier le langage voulu (LanguageID). La liste des LanguageID est donnée ici : http://msdn.microsoft.com/library/default..../en-us/msagent/ pacontrol_4w2y.asp sa c sur le site que tu ma donner et que j'avais deja visiter mais le lien fonctionne pas voila le pb ... @++
-
re salut , deja essayer lol je pige que dal mdr et microsoft m'enerve internet explorer veut pas et (je sais pas code en c++ enfin je crois ) c pas une dll qu'il faut ajouter je suis dsl tout cela m'embrouille ... perdu je suis (maitre yoda) aller merci
-
bonjour, je voudrai savoir comment on fait pour changer la langue de l'agent microsoft merlin (le mettre en francais) . OS =vista .. merci d'avance
-
merci j'ai lu mais le pb je trouve pas le dossier ... j'ai un vista y a pas demarrer/excuter ou sois je suis trop con mais je le trouve pas merci a vous
-
Fichier fscreg.exe reçu le 2008.08.11 20:03:27 (CET) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.8.12.0 2008.08.11 - AntiVir 7.8.1.19 2008.08.11 - Authentium 5.1.0.4 2008.08.11 - Avast 4.8.1195.0 2008.08.11 - AVG 8.0.0.156 2008.08.11 - BitDefender 7.2 2008.08.11 - CAT-QuickHeal 9.50 2008.08.11 - ClamAV 0.93.1 2008.08.11 - DrWeb 4.44.0.09170 2008.08.11 - eSafe 7.0.17.0 2008.08.11 Suspicious File eTrust-Vet 31.6.6023 2008.08.11 - Ewido 4.0 2008.08.11 - F-Prot 4.4.4.56 2008.08.11 - F-Secure 7.60.13501.0 2008.08.11 - Fortinet 3.14.0.0 2008.08.11 - GData 2.0.7306.1023 2008.08.11 - Ikarus T3.1.1.34.0 2008.08.11 - K7AntiVirus 7.10.411 2008.08.11 - Kaspersky 7.0.0.125 2008.08.11 - McAfee 5358 2008.08.11 - Microsoft 1.3807 2008.08.11 - NOD32v2 3346 2008.08.11 - Norman 5.80.02 2008.08.11 - Panda 9.0.0.4 2008.08.11 Suspicious file PCTools 4.4.2.0 2008.08.11 - Prevx1 V2 2008.08.11 - Rising 20.57.02.00 2008.08.11 - Sophos 4.32.0 2008.08.11 - Sunbelt 3.1.1538.1 2008.08.09 - Symantec 10 2008.08.11 - TheHacker 6.2.96.395 2008.08.08 - TrendMicro 8.700.0.1004 2008.08.11 - VBA32 3.12.8.3 2008.08.11 - ViRobot 2008.8.11.1331 2008.08.11 - VirusBuster 4.5.11.0 2008.08.11 - Webwasher-Gateway 6.6.2 2008.08.11 - Information additionnelle File size: 533264 bytes MD5...: fd57509795eb9bf0d713f1a13cf28cb0 SHA1..: c5b9a6873b2c6965ff363be42ae9ec3f1f5d2b5b SHA256: 4f8dd6d374768a8b12bc3d9520eea17927bea0af11c1cb93c973b143d5b10fac SHA512: 41fcedacc6c39a9402e10c947ea2ef9ace7269480d0919f864494467a644f6ce<br>fd857344674e6ca6c853805e9c02e78cdc857acd94ec8bc67fe2a086b6d707d0 PEiD..: UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4d2700<br>timedatestamp.....: 0x47331391 (Thu Nov 08 13:48:01 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0x54000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x55000 0x7f000 0x7e400 8.00 27b470ff6dd0d616366ac898b6534a57<br>.rsrc 0xd4000 0x3000 0x2800 4.03 3cb6461ac5fd067accb6baceae48acb4<br><br>( 12 imports ) <br>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>> ADVAPI32.dll: RegCloseKey<br>> CRTDLL.dll: atoi<br>> IMAGEHLP.dll: MakeSureDirectoryPathExists<br>> MSHTML.dll: ShowHTMLDialog<br>> OLE32.dll: CoTaskMemFree<br>> SETUPAPI.dll: UnicodeToMultiByte<br>> SHELL32.dll: StrStrIA<br>> SHLWAPI.dll: SHStrDupA<br>> urlmon.dll: CreateURLMonikerEx<br>> USER32.dll: EnumWindows<br>> WININET.dll: InternetCheckConnectionA<br><br>( 0 exports ) <br> ThreatExpert info: http://www.threatexpert.com/report.aspx?md...713f1a13cf28cb0 packers (Kaspersky): UPX packers (F-Prot): UPX_LZMA Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.8.12.0 2008.08.11 - AntiVir 7.8.1.19 2008.08.11 - Authentium 5.1.0.4 2008.08.11 - Avast 4.8.1195.0 2008.08.11 - AVG 8.0.0.156 2008.08.11 - BitDefender 7.2 2008.08.11 - CAT-QuickHeal 9.50 2008.08.11 - ClamAV 0.93.1 2008.08.11 - DrWeb 4.44.0.09170 2008.08.11 - eSafe 7.0.17.0 2008.08.11 Suspicious File eTrust-Vet 31.6.6023 2008.08.11 - Ewido 4.0 2008.08.11 - F-Prot 4.4.4.56 2008.08.11 - F-Secure 7.60.13501.0 2008.08.11 - Fortinet 3.14.0.0 2008.08.11 - GData 2.0.7306.1023 2008.08.11 - Ikarus T3.1.1.34.0 2008.08.11 - K7AntiVirus 7.10.411 2008.08.11 - Kaspersky 7.0.0.125 2008.08.11 - McAfee 5358 2008.08.11 - Microsoft 1.3807 2008.08.11 - NOD32v2 3346 2008.08.11 - Norman 5.80.02 2008.08.11 - Panda 9.0.0.4 2008.08.11 Suspicious file PCTools 4.4.2.0 2008.08.11 - Prevx1 V2 2008.08.11 - Rising 20.57.02.00 2008.08.11 - Sophos 4.32.0 2008.08.11 - Sunbelt 3.1.1538.1 2008.08.09 - Symantec 10 2008.08.11 - TheHacker 6.2.96.395 2008.08.08 - TrendMicro 8.700.0.1004 2008.08.11 - VBA32 3.12.8.3 2008.08.11 - ViRobot 2008.8.11.1331 2008.08.11 - VirusBuster 4.5.11.0 2008.08.11 - Webwasher-Gateway 6.6.2 2008.08.11 - Information additionnelle File size: 533264 bytes MD5...: fd57509795eb9bf0d713f1a13cf28cb0 SHA1..: c5b9a6873b2c6965ff363be42ae9ec3f1f5d2b5b SHA256: 4f8dd6d374768a8b12bc3d9520eea17927bea0af11c1cb93c973b143d5b10fac SHA512: 41fcedacc6c39a9402e10c947ea2ef9ace7269480d0919f864494467a644f6ce<br>fd857344674e6ca6c853805e9c02e78cdc857acd94ec8bc67fe2a086b6d707d0 PEiD..: UPX 2.93 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x4d2700<br>timedatestamp.....: 0x47331391 (Thu Nov 08 13:48:01 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 3 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>UPX0 0x1000 0x54000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<br>UPX1 0x55000 0x7f000 0x7e400 8.00 27b470ff6dd0d616366ac898b6534a57<br>.rsrc 0xd4000 0x3000 0x2800 4.03 3cb6461ac5fd067accb6baceae48acb4<br><br>( 12 imports ) <br>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess<br>> ADVAPI32.dll: RegCloseKey<br>> CRTDLL.dll: atoi<br>> IMAGEHLP.dll: MakeSureDirectoryPathExists<br>> MSHTML.dll: ShowHTMLDialog<br>> OLE32.dll: CoTaskMemFree<br>> SETUPAPI.dll: UnicodeToMultiByte<br>> SHELL32.dll: StrStrIA<br>> SHLWAPI.dll: SHStrDupA<br>> urlmon.dll: CreateURLMonikerEx<br>> USER32.dll: EnumWindows<br>> WININET.dll: InternetCheckConnectionA<br><br>( 0 exports ) <br> ThreatExpert info: http://www.threatexpert.com/report.aspx?md...713f1a13cf28cb0 packers (Kaspersky): UPX packers (F-Prot): UPX_LZMA et l'autre: Fichier RecInfo.exe reçu le 2008.08.11 20:11:14 (CET) Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.8.12.0 2008.08.11 - AntiVir 7.8.1.19 2008.08.11 - Authentium 5.1.0.4 2008.08.11 - Avast 4.8.1195.0 2008.08.11 - AVG 8.0.0.156 2008.08.11 - BitDefender 7.2 2008.08.11 - CAT-QuickHeal 9.50 2008.08.11 - ClamAV 0.93.1 2008.08.11 - DrWeb 4.44.0.09170 2008.08.11 - eSafe 7.0.17.0 2008.08.11 - eTrust-Vet 31.6.6023 2008.08.11 - Ewido 4.0 2008.08.11 - F-Prot 4.4.4.56 2008.08.11 - F-Secure 7.60.13501.0 2008.08.11 - Fortinet 3.14.0.0 2008.08.11 - GData 2.0.7306.1023 2008.08.11 - Ikarus T3.1.1.34.0 2008.08.11 - K7AntiVirus 7.10.411 2008.08.11 - Kaspersky 7.0.0.125 2008.08.11 - McAfee 5358 2008.08.11 - Microsoft 1.3807 2008.08.11 - NOD32v2 3346 2008.08.11 - Norman 5.80.02 2008.08.11 - Panda 9.0.0.4 2008.08.11 - Prevx1 V2 2008.08.11 - Rising 20.57.02.00 2008.08.11 - Sophos 4.32.0 2008.08.11 - Sunbelt 3.1.1538.1 2008.08.09 - Symantec 10 2008.08.11 - TheHacker 6.2.96.395 2008.08.08 - TrendMicro 8.700.0.1004 2008.08.11 - VBA32 3.12.8.3 2008.08.11 - ViRobot 2008.8.11.1331 2008.08.11 - VirusBuster 4.5.11.0 2008.08.11 - Webwasher-Gateway 6.6.2 2008.08.11 - Information additionnelle File size: 2764800 bytes MD5...: 8e382b0c5f16daf17b3c1cf5205846d1 SHA1..: 9bbcfe2ca30ec4683d3cbb389fb7ffb6d77eede5 SHA256: 916ef2f99050841fb5aa2662ae0451255eba0429122e4984cbe9d53b15f9e725 SHA512: 8a3e0441ecb9096921fea7b1f85035119fbc8c38b330fea861f976fab4e7319c<br>e892a4c6f6d48c7f551d07768e734f5c986692999454cf27a06eae8a3f13b060 PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x6a0eee<br>timedatestamp.....: 0x471dee89 (Tue Oct 23 12:52:25 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x2000 0x29eef4 0x29f000 0.87 8e0bce18abf50795e29b50a822ab8b1a<br>.sdata 0x2a2000 0xa6 0x1000 0.41 69bb16bae47cfa7016e13383b6a52f2a<br>.rsrc 0x2a4000 0x7f0 0x1000 1.62 4d6c785c8b5c126ed200222995afcc2d<br>.reloc 0x2a6000 0xc 0x1000 0.01 5549acc2afdb623692fcff1aa701b9eb<br><br>( 1 imports ) <br>> mscoree.dll: _CorExeMain<br><br>( 0 exports ) <br> Antivirus Version Dernière mise à jour Résultat AhnLab-V3 2008.8.12.0 2008.08.11 - AntiVir 7.8.1.19 2008.08.11 - Authentium 5.1.0.4 2008.08.11 - Avast 4.8.1195.0 2008.08.11 - AVG 8.0.0.156 2008.08.11 - BitDefender 7.2 2008.08.11 - CAT-QuickHeal 9.50 2008.08.11 - ClamAV 0.93.1 2008.08.11 - DrWeb 4.44.0.09170 2008.08.11 - eSafe 7.0.17.0 2008.08.11 - eTrust-Vet 31.6.6023 2008.08.11 - Ewido 4.0 2008.08.11 - F-Prot 4.4.4.56 2008.08.11 - F-Secure 7.60.13501.0 2008.08.11 - Fortinet 3.14.0.0 2008.08.11 - GData 2.0.7306.1023 2008.08.11 - Ikarus T3.1.1.34.0 2008.08.11 - K7AntiVirus 7.10.411 2008.08.11 - Kaspersky 7.0.0.125 2008.08.11 - McAfee 5358 2008.08.11 - Microsoft 1.3807 2008.08.11 - NOD32v2 3346 2008.08.11 - Norman 5.80.02 2008.08.11 - Panda 9.0.0.4 2008.08.11 - Prevx1 V2 2008.08.11 - Rising 20.57.02.00 2008.08.11 - Sophos 4.32.0 2008.08.11 - Sunbelt 3.1.1538.1 2008.08.09 - Symantec 10 2008.08.11 - TheHacker 6.2.96.395 2008.08.08 - TrendMicro 8.700.0.1004 2008.08.11 - VBA32 3.12.8.3 2008.08.11 - ViRobot 2008.8.11.1331 2008.08.11 - VirusBuster 4.5.11.0 2008.08.11 - Webwasher-Gateway 6.6.2 2008.08.11 - Information additionnelle File size: 2764800 bytes MD5...: 8e382b0c5f16daf17b3c1cf5205846d1 SHA1..: 9bbcfe2ca30ec4683d3cbb389fb7ffb6d77eede5 SHA256: 916ef2f99050841fb5aa2662ae0451255eba0429122e4984cbe9d53b15f9e725 SHA512: 8a3e0441ecb9096921fea7b1f85035119fbc8c38b330fea861f976fab4e7319c<br>e892a4c6f6d48c7f551d07768e734f5c986692999454cf27a06eae8a3f13b060 PEiD..: - PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x6a0eee<br>timedatestamp.....: 0x471dee89 (Tue Oct 23 12:52:25 2007)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x2000 0x29eef4 0x29f000 0.87 8e0bce18abf50795e29b50a822ab8b1a<br>.sdata 0x2a2000 0xa6 0x1000 0.41 69bb16bae47cfa7016e13383b6a52f2a<br>.rsrc 0x2a4000 0x7f0 0x1000 1.62 4d6c785c8b5c126ed200222995afcc2d<br>.reloc 0x2a6000 0xc 0x1000 0.01 5549acc2afdb623692fcff1aa701b9eb<br><br>( 1 imports ) <br>> mscoree.dll: _CorExeMain<br><br>( 0 exports ) <br>