Aller au contenu

eric3342

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    98

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par eric3342

  1. eric3342
    01/01/2009 12:05:08 C:\USERS\ADMINISTRATEUR\APPDATA\roaming\Microsoft\spoolsv.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:05:07 C:\USERS\ADMINISTRATEUR\APPDATA\roaming\Microsoft\sessmgr.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:05:07 C:\USERS\ADMINISTRATEUR\APPDATA\roaming\Microsoft\rsvp.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:05:06 C:\USERS\ADMINISTRATEUR\APPDATA\roaming\Microsoft\mstinit.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:05:06 C:\USERS\ADMINISTRATEUR\APPDATA\roaming\Microsoft\esentutl.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:05:05 C:\USERS\ADMINISTRATEUR\APPDATA\roaming\Microsoft\dllhst3g.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:05:05 C:\USERS\ADMINISTRATEUR\APPDATA\roaming\Microsoft\comrepl.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:05:04 C:\USERS\ADMINISTRATEUR\APPDATA\roaming\Microsoft\cmstp.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:05:04 C:\USERS\ADMINISTRATEUR\APPDATA\roaming\Microsoft\cisvc.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:05:03 C:\USERS\ADMINISTRATEUR\APPDATA\roaming\spoolsv.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:05:03 C:\USERS\ADMINISTRATEUR\APPDATA\roaming\mstsc.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:05:02 C:\USERS\ADMINISTRATEUR\APPDATA\roaming\esentutl.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:05:02 C:\USERS\ADMINISTRATEUR\APPDATA\roaming\cmstp.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:05:01 C:\USERS\ADMINISTRATEUR\APPDATA\roaming\clipsrv.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:05:01 C:\USERS\ADMINISTRATEUR\APPDATA\roaming\cisvc.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:01:54 C:\WINDOWS\ieudinit.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:01:54 C:\WINDOWS\spoolsv.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:01:52 C:\WINDOWS\rsvp.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:01:47 C:\WINDOWS\mstsc.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:01:47 C:\WINDOWS\mstinit.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:01:47 C:\WINDOWS\logman.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:01:46 C:\WINDOWS\clipsrv.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 12:01:04 C:\WINDOWS\cisvc.exe Malwarebytes' Anti-Malware Détectés: HEUR:Trojan.Win32.Generic 01/01/2009 11:06:50 Antivirus Fichiers Kaspersky Anti-Virus Lancement de la tâche 01/01/2009 10:57:26 Antivirus Fichiers Kaspersky Anti-Virus Lancement de la tâche
  2. eric3342
    re ne connaissant pas kapersky je ne sait pas ou se trouve les rapport 03/01/2009 09:25:00 C:\Qoobox\Quarantine\C\Users\ADMINI~1\AppData\Roaming\spoolsv.exe.vir Windows Explorer Détectés: HEUR:Trojan.Win32.Generic 03/01/2009 09:20:07 C:\Qoobox\Quarantine\C\Users\ADMINI~1\AppData\Roaming\mstsc.exe.vir Windows Explorer Détectés: HEUR:Trojan.Win32.Generic 03/01/2009 09:18:31 C:\Qoobox\Quarantine\C\Users\ADMINI~1\AppData\Roaming\esentutl.exe.vir Windows Explorer Détectés: HEUR:Trojan.Win32.Generic 03/01/2009 09:17:58 C:\Qoobox\Quarantine\C\Users\ADMINI~1\AppData\Roaming\cmstp.exe.vir Windows Explorer Détectés: HEUR:Trojan.Win32.Generic 03/01/2009 09:17:43 C:\Qoobox\Quarantine\C\Users\ADMINI~1\AppData\Roaming\clipsrv.exe.vir Windows Explorer Détectés: HEUR:Trojan.Win32.Generic 03/01/2009 09:16:29 C:\Qoobox\Quarantine\C\Users\ADMINI~1\AppData\Roaming\cisvc.exe.vir Windows Explorer Détectés: HEUR:Trojan.Win32.Generic 03/01/2009 09:11:30 Antivirus Fichiers Kaspersky Anti-Virus Lancement de la tâche 03/01/2009 08:52:08 C:\Qoobox\Quarantine\C\Windows\System32\drivers\spoolsv.exe.vir Microsoft Windows Search Protocol Host Détectés: HEUR:Trojan.Win32.Generic 03/01/2009 08:52:02 C:\Qoobox\Quarantine\C\Windows\spoolsv.exe.vir Microsoft Windows Search Protocol Host Détectés: HEUR:Trojan.Win32.Generic 03/01/2009 08:49:18 Antivirus Fichiers Kaspersky Anti-Virus Lancement de la tâche
  3. eric3342
    c'est encore moi je n'arrive pas a compresser le fichier. j'ai un message qui me dit: fichier introuvable ou non autorise.kaperski lui me dit qu'il bloc le trojan
  4. eric3342
    bonjour thanos voici le rapport demande ComboFix 09-01-01.01 - Administrateur 2009-01-03 9:01:05.1 - NTFSx86 Microsoft® Windows Vista™ Professionnel 6.0.6001.1.1252.1.1036.18.1023.358 [GMT 1:00] Lancé depuis: c:\users\Administrateur\Desktop\ComboFix.exe Commutateurs utilisés :: c:\users\Administrateur\Desktop\CFScript.txt FILE :: c:\users\ADMINI~1\AppData\Roaming\cisvc.exe c:\users\ADMINI~1\AppData\Roaming\clipsrv.exe c:\users\ADMINI~1\AppData\Roaming\cmstp.exe c:\users\ADMINI~1\AppData\Roaming\esentutl.exe c:\users\ADMINI~1\AppData\Roaming\mstsc.exe c:\users\ADMINI~1\AppData\Roaming\spoolsv.exe c:\users\Administrateur\AppData\Roaming\cisvc.exe c:\users\Administrateur\AppData\Roaming\clipsrv.exe c:\users\Administrateur\AppData\Roaming\cmstp.exe c:\users\Administrateur\AppData\Roaming\esentutl.exe c:\users\Administrateur\AppData\Roaming\mstsc.exe c:\users\Administrateur\AppData\Roaming\spoolsv.exe c:\windows\cisvc.exe c:\windows\clipsrv.exe c:\windows\ieudinit.exe c:\windows\logman.exe c:\windows\mstinit.exe c:\windows\mstsc.exe c:\windows\rsvp.exe c:\windows\system\cisvc.exe c:\windows\system\comrepl.exe c:\windows\system\dllhst3g.exe c:\windows\system\esentutl.exe c:\windows\system\ieudinit.exe c:\windows\system\mstinit.exe c:\windows\system\spoolsv.exe c:\windows\System32\drivers\comrepl.exe c:\windows\System32\drivers\dllhst3g.exe c:\windows\System32\drivers\esentutl.exe c:\windows\System32\drivers\logman.exe c:\windows\System32\drivers\mqtgsvc.exe c:\windows\system32\drivers\mstsc.exe c:\windows\System32\drivers\rsvp.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\ADMINI~1\AppData\Roaming\cisvc.exe c:\users\ADMINI~1\AppData\Roaming\clipsrv.exe c:\users\ADMINI~1\AppData\Roaming\cmstp.exe c:\users\ADMINI~1\AppData\Roaming\esentutl.exe c:\users\ADMINI~1\AppData\Roaming\mstsc.exe c:\users\ADMINI~1\AppData\Roaming\spoolsv.exe c:\users\Administrateur\AppData\Roaming\cisvc.exe c:\users\Administrateur\AppData\Roaming\clipsrv.exe c:\users\Administrateur\AppData\Roaming\cmstp.exe c:\users\Administrateur\AppData\Roaming\esentutl.exe c:\users\Administrateur\AppData\Roaming\mstsc.exe c:\users\Administrateur\AppData\Roaming\spoolsv.exe c:\windows\cisvc.exe c:\windows\clipsrv.exe c:\windows\ieudinit.exe c:\windows\logman.exe c:\windows\mstinit.exe c:\windows\mstsc.exe c:\windows\rsvp.exe c:\windows\system\cisvc.exe c:\windows\system\comrepl.exe c:\windows\system\dllhst3g.exe c:\windows\system\esentutl.exe c:\windows\system\ieudinit.exe c:\windows\system\mstinit.exe c:\windows\system\spoolsv.exe c:\windows\System32\drivers\comrepl.exe c:\windows\System32\drivers\dllhst3g.exe c:\windows\System32\drivers\esentutl.exe c:\windows\System32\drivers\logman.exe c:\windows\System32\drivers\mqtgsvc.exe c:\windows\system32\drivers\mstsc.exe c:\windows\System32\drivers\rsvp.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-03 au 2009-01-03 )))))))))))))))))))))))))))))))))))) . 2009-01-01 11:29 . 2009-01-01 11:30 <REP> d-------- C:\rsit 2008-12-31 09:58 . 2008-12-31 09:58 96,976 --a------ c:\windows\System32\drivers\klin.dat 2008-12-31 09:58 . 2008-12-31 09:58 87,855 --a------ c:\windows\System32\drivers\klick.dat 2008-12-31 09:56 . 2009-01-03 08:53 <REP> d-------- c:\users\All Users\Kaspersky Lab 2008-12-31 09:56 . 2008-12-31 09:56 <REP> d-------- c:\program files\Kaspersky Lab 2008-12-31 09:56 . 2009-01-03 08:53 <REP> d-------- c:\progra~2\Kaspersky Lab 2008-12-31 09:56 . 2009-01-02 13:10 3,526,688 --ahs---- c:\windows\System32\drivers\fidbox.dat 2008-12-31 09:56 . 2009-01-03 09:02 344,096 --ahs---- c:\windows\System32\drivers\fidbox2.dat 2008-12-31 09:56 . 2009-01-02 13:10 31,776 --ahs---- c:\windows\System32\drivers\fidbox.idx 2008-12-31 09:56 . 2009-01-03 08:57 3,304 --ahs---- c:\windows\System32\drivers\fidbox2.idx 2008-12-31 07:59 . 2008-12-31 08:00 <REP> d-------- c:\program files\ZebHelpProcess 2 2008-12-31 07:59 . 2008-12-31 07:59 <REP> d-------- c:\program files\Common Files\Borland Shared 2008-12-31 07:59 . 1999-01-20 05:01 210,032 --a------ c:\windows\System32\DBCLIENT.DLL 2008-12-31 07:59 . 1999-11-12 05:11 183,808 --a------ c:\windows\System32\BDEADMIN.CPL 2008-12-31 07:59 . 2008-12-31 08:54 13,030 --a------ C:\PDOXUSRS.NET 2008-12-28 08:57 . 2008-12-28 09:06 <REP> d-------- c:\users\Administrateur\.housecall6.6 2008-12-27 09:58 . 2008-12-27 09:58 <REP> d-------- c:\users\Administrateur\AppData\Roaming\Uniblue 2008-12-27 09:58 . 2008-12-27 09:58 <REP> d-------- c:\program files\Uniblue 2008-12-22 12:20 . 2008-12-22 12:20 <REP> d-------- c:\program files\DivX 2008-12-22 12:11 . 1998-11-02 20:57 196,096 --------- c:\windows\System32\MACD32.DLL 2008-12-22 12:11 . 1998-11-02 20:57 138,752 --------- c:\windows\System32\MASE32.DLL 2008-12-22 12:11 . 1998-11-02 20:57 136,192 --------- c:\windows\System32\MAMC32.DLL 2008-12-22 12:11 . 1998-11-02 20:57 57,856 --------- c:\windows\System32\MASD32.DLL 2008-12-22 12:11 . 1998-11-02 20:57 27,648 --------- c:\windows\System32\MA32.DLL 2008-12-22 12:10 . 2008-12-22 12:10 <REP> d-------- c:\program files\Pinnacle 2008-12-22 12:10 . 2003-03-19 06:28 2,179,072 --------- c:\windows\System32\mfc71d.dll 2008-12-22 12:10 . 2003-03-19 05:04 765,952 --------- c:\windows\System32\msvcp71d.dll 2008-12-22 12:10 . 2002-01-05 21:16 737,280 --------- c:\windows\System32\msvcp70d.dll 2008-12-22 12:10 . 2006-12-01 23:54 626,688 --------- c:\windows\System32\msvcr80.dll 2008-12-22 12:10 . 2006-12-01 23:54 548,864 --------- c:\windows\System32\msvcp80.dll 2008-12-22 12:10 . 2003-03-19 05:03 544,768 --------- c:\windows\System32\msvcr71d.dll 2008-12-22 12:10 . 2002-01-05 21:16 536,576 --------- c:\windows\System32\msvcr70d.dll 2008-12-22 12:10 . 2004-07-23 09:00 446,464 --------- c:\windows\System32\HHActiveX.dll 2008-12-22 12:10 . 2004-06-03 12:47 385,100 --------- c:\windows\System32\MSVCRTD.DLL 2008-12-22 12:10 . 2003-03-19 06:05 89,088 --------- c:\windows\System32\atl71.dll 2008-12-22 12:08 . 2008-12-22 12:31 <REP> d-------- c:\users\All Users\Pinnacle 2008-12-22 12:08 . 2008-12-22 12:31 <REP> d-------- c:\progra~2\Pinnacle 2008-12-22 12:07 . 2006-08-16 13:39 124,544 --a------ c:\windows\System32\drivers\RoyalTS.sys 2008-12-20 06:37 . 2008-12-13 07:23 1,659,392 --a------ c:\windows\System32\mshtml.tlb 2008-12-12 16:58 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll 2008-12-12 16:49 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll 2008-12-12 16:49 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll 2008-12-12 16:47 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll 2008-12-12 16:44 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe 2008-12-12 16:44 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll 2008-12-12 16:44 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll 2008-12-12 16:44 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe 2008-12-10 17:45 . 2008-12-10 19:59 <REP> d-------- c:\program files\DVDFab 5 2008-12-04 08:11 . 2008-12-04 08:11 <REP> d-------- c:\program files\LibUSB-Win32-0.1.10.1 2008-12-04 08:11 . 2005-03-09 20:50 19,456 --a------ c:\windows\System32\libusbd-9x.exe 2008-12-04 08:11 . 2005-03-09 20:50 18,944 --a------ c:\windows\System32\libusbd-nt.exe 2008-12-04 07:47 . 2005-03-09 20:50 46,592 --a------ c:\windows\System32\libusb0.dll 2008-12-04 07:47 . 2005-03-09 20:50 33,792 --a------ c:\windows\System32\drivers\libusb0.sys 2008-12-03 08:25 . 2008-12-03 08:25 <REP> d-------- c:\users\All Users\LightScribe 2008-12-03 08:25 . 2008-12-03 08:25 <REP> d-------- c:\progra~2\LightScribe . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-24 06:58 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-12-22 11:10 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-20 06:37 --------- d-----w c:\program files\Common Files\Adobe 2008-12-14 08:10 --------- d-----w c:\program files\ma-config.com 2008-12-14 08:10 --------- d-----w c:\progra~2\ma-config.com 2008-12-12 16:38 --------- d-----w c:\program files\Windows Mail 2008-12-12 16:04 --------- d-----w c:\progra~2\Microsoft Help 2008-12-10 17:10 --------- d-----w c:\program files\SlySoft 2008-12-04 07:56 --------- d-----w c:\program files\eMule 2008-12-04 06:40 --------- d-----w c:\program files\lg_fwupdate 2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-03 07:21 --------- d-----w c:\users\Administrateur\AppData\Roaming\CyberLink 2008-12-03 07:21 --------- d-----w c:\progra~2\CyberLink 2008-12-03 06:41 --------- d-----w c:\program files\Java 2008-12-02 16:22 --------- d-----w c:\program files\CyberLink 2008-12-02 16:20 --------- d-----w c:\program files\LightScribeODK 2008-12-02 16:20 --------- d-----w c:\program files\Common Files\LightScribe 2008-12-02 16:10 --------- d-----w c:\program files\Common Files\AVSMedia 2008-12-02 16:10 --------- d-----w c:\program files\AVS4YOU 2008-11-28 16:24 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-28 13:59 --------- d-----w c:\progra~2\Spybot - Search & Destroy 2008-11-24 07:19 --------- d-----w c:\program files\QuickTime 2008-11-19 17:21 93,128 ----a-w c:\windows\System32\ElbyCDIO.dll 2008-11-14 08:09 --------- d-----w c:\progra~2\NVIDIA 2008-11-13 14:28 --------- d-----w c:\program files\Microsoft Silverlight 2008-11-13 07:59 --------- d-----w c:\users\Administrateur\AppData\Roaming\Wallpaper 2008-11-13 07:47 --------- d-----w c:\program files\Wallpaper 2008-11-13 06:19 --------- d-----w c:\program files\Common Files\aol 2008-11-13 06:18 --------- d-----w c:\progra~2\AOL OCP 2008-11-11 19:00 218,376 ----a-w c:\windows\System32\klogon.dll 2008-11-11 18:58 25,601 ----a-w c:\windows\system32\drivers\klopp.dat 2008-11-10 04:43 410,984 ----a-w c:\windows\System32\deploytk.dll 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll 2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll 2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll 2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll 2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe 2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll 2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll 2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll 2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll 2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll 2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe 2008-04-01 14:41 174 --sha-w c:\program files\desktop.ini 2007-10-20 06:51 581,632 ----a-w c:\users\Administrateur\starthook.dll 2007-10-20 06:51 34,304 ----a-w c:\users\Administrateur\3duserpic.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "Wallpaper"="c:\program files\Wallpaper\Wallpaper.exe" [2007-08-21 233472] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HostManager"="c:\program files\Common Files\AOL\1188731367\ee\AOLSoftware.exe" [2006-11-14 50736] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 c:\windows\RtHDVCpl.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-02 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll,c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] --------- 2007-11-16 11:20 91432 c:\program files\CyberLink\Shared Files\brs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-09-20 14:35 202024 c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantBurn] --a------ 2007-06-04 18:24 599600 c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU] --a------ 2006-08-17 13:45 249856 c:\program files\lg_fwupdate\fwupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-09-20 08:51 1836328 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager] --a------ 2006-01-13 22:22 249856 c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader] --a------ 2007-07-26 12:28 105544 c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote] --a------ 2007-07-04 13:52 253000 c:\program files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-10-28 09:35 72736 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] --a------ 2001-07-03 09:11 57344 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{B5F95734-ACF2-42FB-BE2A-C690174AE644}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect "{50907726-65E5-4E27-B736-EAE8104FF914}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect "{E2EC6974-4E24-4D57-89CB-F4F2B22B46CF}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL "{D8824C46-6C7A-4330-A9FE-A58EC3678794}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL "{A9FC00C9-0792-4027-8CA8-DED7BE5F2F3B}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL "{4B5CF425-9A99-4999-A10F-A2DD87702E6D}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL "{7BCC5924-5D1D-4DEF-B28B-1C73A3EA97C5}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{FE858DE8-824A-471A-AFD9-E04BD28CC939}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{F4354797-F52B-48A8-8899-D8553594CED5}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader "{3A6FBE9C-2151-4BAE-ACDD-3698C5C02C46}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader "{B5C4383F-1472-423F-B1A4-13F594420DBE}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information "{AC142439-0A3B-4E6F-9F3C-D130B1BF90C2}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information "{AF20C2F0-0FFF-44FC-A268-D352FEE7EABF}"= UDP:c:\program files\Common Files\aol\1188731367\ee\aolsoftware.exe:AOL Shared Components "{C432EC89-6101-46CD-A737-7B454B4D1BEF}"= TCP:c:\program files\Common Files\aol\1188731367\ee\aolsoftware.exe:AOL Shared Components "{0025EEA6-C901-4EF2-95F4-89954BF5A7CB}"= UDP:c:\program files\AOL 9.0 VRa\waol.exe:AOL "{FDE6E615-C53F-404E-93E4-77F0498F66BC}"= TCP:c:\program files\AOL 9.0 VRa\waol.exe:AOL "TCP Query User{507BB1BC-21FB-45E1-95B2-D4FD8AF44313}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home "UDP Query User{8D8D7AAE-767E-45D3-A581-86797741DF43}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home "TCP Query User{A8F4A730-56DC-45BC-9C94-D410A93AD97E}c:\\program files\\nero\\nero8\\nero burning rom\\nero.exe"= UDP:c:\program files\nero\nero8\nero burning rom\nero.exe:Nero Express "UDP Query User{3E351EAB-5E1B-40BE-8CE2-AD48F1F69F45}c:\\program files\\nero\\nero8\\nero burning rom\\nero.exe"= TCP:c:\program files\nero\nero8\nero burning rom\nero.exe:Nero Express "TCP Query User{5B2AFA87-BFF9-4A6A-9836-649844D21B0C}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer "UDP Query User{AA99F133-B2D9-4F97-AD93-BE22FF1976D9}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer "TCP Query User{F406D4C8-11FB-45AC-830E-7EA25CD7F878}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{CA4D1452-6AD5-472F-847D-3F852B4A3C79}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{BB179BFE-A561-4C4A-8CD1-AFF8E1A49376}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{53E2BDF5-4131-4F3D-9D8F-80234A0E8387}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{E1F485D8-361A-4395-89BD-A27F316B0837}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{27D27EA5-5BA1-4732-B77E-AE086AD7DBC2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{5610E825-E67E-48DC-94F6-068429B83D93}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp "{1BC2A114-4708-4741-ADCA-90DEECB3F939}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp "{16447F3F-CBB2-49F9-8BEA-D416104670A9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{73FF7864-912E-46B9-B04E-F7E78BAC5E57}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "{6EAE9930-94D4-42A5-94A7-B83D881F9F83}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice "{03D6C10C-D93B-43B4-84AE-48811796BC6A}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2008-12-02 16048] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496] R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2008-12-02 17:15:54 41456] R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2008-12-02 162096] R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe [] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-12-04 33792] R3 PinnacleRoyalTS;Pinnacle Systems RoyalTS Device;c:\windows\system32\DRIVERS\RoyalTS.sys [2008-12-22 124544] S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-11-17 195752] S3 Navcar;Navman In-car Navigator USB Driver Service;c:\windows\system32\DRIVERS\Navcar.sys [2008-07-19 30329] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ rsmsvcs REG_MULTI_SZ ntmssvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16d0d45b-d188-11dc-9485-00038a000015}] \shell\AutoRun\command - i:\wd_windows_tools\setup.exe . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.msn.fr/ IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe c:\windows\Downloaded Program Files\live.ini c:\windows\Downloaded Program Files\scanoptions.tsi c:\windows\Downloaded Program Files\lang.ini c:\windows\Downloaded Program Files\ipsupd.dll c:\windows\Downloaded Program Files\bdupd.dll c:\windows\Downloaded Program Files\libfn.dll c:\windows\Downloaded Program Files\bdcore.dll c:\windows\Downloaded Program Files\oscan8.ocx O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://www.zebulon.fr/scan8/oscan8.cab c:\windows\Downloaded Program Files\oscan8.inf . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-03 09:05:32 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... c:\users\ADMINI~1\AppData\Local\Temp\catchme.dll 53248 bytes executable c:\windows\TEMP\TMP00000044097E51FDD71467D6 524288 bytes executable Scan terminé avec succès Fichiers cachés: 2 ************************************************************************** . Heure de fin: 2009-01-03 9:07:44 ComboFix-quarantined-files.txt 2009-01-03 08:07:27 ComboFix2.txt 2009-01-02 08:28:18 Avant-CF: 27 770 114 048 octets libres Après-CF: 27,624,243,200 octets libres 334 --- E O F --- 2009-01-01 15:25:49
  5. eric3342
    bonjoComboFix 09-01-01.01 - Administrateur 2009-01-02 9:20:30.1 - NTFSx86 Microsoft® Windows Vista™ Professionnel 6.0.6001.1.1252.1.1036.18.1023.400 [GMT 1:00] Lancé depuis: c:\users\Administrateur\Desktop\ComboFix.exe . ADS - Windows: deleted 24 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\spoolsv.exe c:\windows\system32\drivers\spoolsv.exe . ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-02 au 2009-01-02 )))))))))))))))))))))))))))))))))))) . 2009-01-02 09:12 . 2009-01-02 09:12 81,920 --a------ c:\users\Administrateur\AppData\Roaming\cisvc.exe 2009-01-02 09:12 . 2009-01-02 09:12 81,920 --a------ c:\users\ADMINI~1\AppData\Roaming\cisvc.exe 2009-01-01 13:20 . 2009-01-01 13:20 81,920 --a------ c:\windows\rsvp.exe 2009-01-01 13:20 . 2009-01-01 13:20 81,920 --a------ c:\windows\mstsc.exe 2009-01-01 13:20 . 2009-01-01 13:20 81,920 --a------ c:\windows\mstinit.exe 2009-01-01 13:20 . 2009-01-01 13:20 81,920 --a------ c:\windows\logman.exe 2009-01-01 13:20 . 2009-01-01 13:20 81,920 --a------ c:\windows\ieudinit.exe 2009-01-01 13:20 . 2009-01-01 13:20 81,920 --a------ c:\windows\clipsrv.exe 2009-01-01 13:20 . 2009-01-01 13:20 81,920 --a------ c:\windows\cisvc.exe 2009-01-01 13:20 . 2009-01-01 13:20 81,920 --a------ c:\users\Administrateur\AppData\Roaming\spoolsv.exe 2009-01-01 13:20 . 2009-01-01 13:20 81,920 --a------ c:\users\Administrateur\AppData\Roaming\mstsc.exe 2009-01-01 13:20 . 2009-01-01 13:20 81,920 --a------ c:\users\Administrateur\AppData\Roaming\esentutl.exe 2009-01-01 13:20 . 2009-01-01 13:20 81,920 --a------ c:\users\Administrateur\AppData\Roaming\cmstp.exe 2009-01-01 13:20 . 2009-01-01 13:20 81,920 --a------ c:\users\Administrateur\AppData\Roaming\clipsrv.exe 2009-01-01 13:20 . 2009-01-01 13:20 81,920 --a------ c:\users\ADMINI~1\AppData\Roaming\spoolsv.exe 2009-01-01 13:20 . 2009-01-01 13:20 81,920 --a------ c:\users\ADMINI~1\AppData\Roaming\mstsc.exe 2009-01-01 13:20 . 2009-01-01 13:20 81,920 --a------ c:\users\ADMINI~1\AppData\Roaming\esentutl.exe 2009-01-01 13:20 . 2009-01-01 13:20 81,920 --a------ c:\users\ADMINI~1\AppData\Roaming\cmstp.exe 2009-01-01 13:20 . 2009-01-01 13:20 81,920 --a------ c:\users\ADMINI~1\AppData\Roaming\clipsrv.exe 2009-01-01 11:29 . 2009-01-01 11:30 <REP> d-------- C:\rsit 2008-12-31 09:58 . 2008-12-31 09:58 96,976 --a------ c:\windows\System32\drivers\klin.dat 2008-12-31 09:58 . 2008-12-31 09:58 87,855 --a------ c:\windows\System32\drivers\klick.dat 2008-12-31 09:56 . 2009-01-02 09:12 <REP> d-------- c:\users\All Users\Kaspersky Lab 2008-12-31 09:56 . 2008-12-31 09:56 <REP> d-------- c:\program files\Kaspersky Lab 2008-12-31 09:56 . 2009-01-02 09:12 <REP> d-------- c:\progra~2\Kaspersky Lab 2008-12-31 09:56 . 2009-01-01 17:17 3,526,688 --ahs---- c:\windows\System32\drivers\fidbox.dat 2008-12-31 09:56 . 2009-01-01 17:17 327,712 --ahs---- c:\windows\System32\drivers\fidbox2.dat 2008-12-31 09:56 . 2009-01-01 17:17 31,776 --ahs---- c:\windows\System32\drivers\fidbox.idx 2008-12-31 09:56 . 2009-01-01 17:17 3,248 --ahs---- c:\windows\System32\drivers\fidbox2.idx 2008-12-31 09:42 . 2008-12-31 11:23 81,920 --a------ c:\windows\system\comrepl.exe 2008-12-31 09:11 . 2008-12-31 11:23 81,920 --a------ c:\windows\system\spoolsv.exe 2008-12-31 09:06 . 2008-12-31 11:23 81,920 --a------ c:\windows\system\ieudinit.exe 2008-12-31 09:05 . 2008-12-31 11:23 81,920 --a------ c:\windows\System32\drivers\logman.exe 2008-12-31 09:03 . 2008-12-31 11:23 81,920 --a------ c:\windows\System32\drivers\esentutl.exe 2008-12-31 09:02 . 2008-12-31 11:23 81,920 --a------ c:\windows\System32\drivers\mqtgsvc.exe 2008-12-31 09:01 . 2008-12-31 11:23 81,920 --a------ c:\windows\system\mstinit.exe 2008-12-31 09:01 . 2008-12-31 11:23 81,920 --a------ c:\windows\system\esentutl.exe 2008-12-31 08:59 . 2008-12-31 11:23 81,920 --a------ c:\windows\System32\drivers\comrepl.exe 2008-12-31 08:58 . 2008-12-31 11:23 81,920 --a------ c:\windows\system\dllhst3g.exe 2008-12-31 08:55 . 2008-12-31 11:23 81,920 --a------ c:\windows\System32\drivers\rsvp.exe 2008-12-31 08:54 . 2008-12-31 11:23 81,920 --a------ c:\windows\System32\drivers\dllhst3g.exe 2008-12-31 08:54 . 2008-12-31 11:23 81,920 --a------ c:\windows\system\cisvc.exe 2008-12-31 07:59 . 2008-12-31 08:00 <REP> d-------- c:\program files\ZebHelpProcess 2 2008-12-31 07:59 . 2008-12-31 07:59 <REP> d-------- c:\program files\Common Files\Borland Shared 2008-12-31 07:59 . 1999-01-20 05:01 210,032 --a------ c:\windows\System32\DBCLIENT.DLL 2008-12-31 07:59 . 1999-11-12 05:11 183,808 --a------ c:\windows\System32\BDEADMIN.CPL 2008-12-31 07:59 . 2008-12-31 08:54 13,030 --a------ C:\PDOXUSRS.NET 2008-12-28 08:57 . 2008-12-28 09:06 <REP> d-------- c:\users\Administrateur\.housecall6.6 2008-12-27 09:58 . 2008-12-27 09:58 <REP> d-------- c:\users\Administrateur\AppData\Roaming\Uniblue 2008-12-27 09:58 . 2008-12-27 09:58 <REP> d-------- c:\users\ADMINI~1\AppData\Roaming\Uniblue 2008-12-27 09:58 . 2008-12-27 09:58 <REP> d-------- c:\program files\Uniblue 2008-12-22 12:20 . 2008-12-22 12:20 <REP> d-------- c:\program files\DivX 2008-12-22 12:11 . 1998-11-02 20:57 196,096 --------- c:\windows\System32\MACD32.DLL 2008-12-22 12:11 . 1998-11-02 20:57 138,752 --------- c:\windows\System32\MASE32.DLL 2008-12-22 12:11 . 1998-11-02 20:57 136,192 --------- c:\windows\System32\MAMC32.DLL 2008-12-22 12:11 . 1998-11-02 20:57 57,856 --------- c:\windows\System32\MASD32.DLL 2008-12-22 12:11 . 1998-11-02 20:57 27,648 --------- c:\windows\System32\MA32.DLL 2008-12-22 12:10 . 2008-12-22 12:10 <REP> d-------- c:\program files\Pinnacle 2008-12-22 12:10 . 2003-03-19 06:28 2,179,072 --------- c:\windows\System32\mfc71d.dll 2008-12-22 12:10 . 2003-03-19 05:04 765,952 --------- c:\windows\System32\msvcp71d.dll 2008-12-22 12:10 . 2002-01-05 21:16 737,280 --------- c:\windows\System32\msvcp70d.dll 2008-12-22 12:10 . 2006-12-01 23:54 626,688 --------- c:\windows\System32\msvcr80.dll 2008-12-22 12:10 . 2006-12-01 23:54 548,864 --------- c:\windows\System32\msvcp80.dll 2008-12-22 12:10 . 2003-03-19 05:03 544,768 --------- c:\windows\System32\msvcr71d.dll 2008-12-22 12:10 . 2002-01-05 21:16 536,576 --------- c:\windows\System32\msvcr70d.dll 2008-12-22 12:10 . 2004-07-23 09:00 446,464 --------- c:\windows\System32\HHActiveX.dll 2008-12-22 12:10 . 2004-06-03 12:47 385,100 --------- c:\windows\System32\MSVCRTD.DLL 2008-12-22 12:10 . 2003-03-19 06:05 89,088 --------- c:\windows\System32\atl71.dll 2008-12-22 12:08 . 2008-12-22 12:31 <REP> d-------- c:\users\All Users\Pinnacle 2008-12-22 12:08 . 2008-12-22 12:31 <REP> d-------- c:\progra~2\Pinnacle 2008-12-22 12:07 . 2006-08-16 13:39 124,544 --a------ c:\windows\System32\drivers\RoyalTS.sys 2008-12-20 06:37 . 2008-12-13 07:23 1,659,392 --a------ c:\windows\System32\mshtml.tlb 2008-12-12 16:58 . 2008-10-22 02:22 2,048 --a------ c:\windows\System32\tzres.dll 2008-12-12 16:49 . 2008-11-01 02:21 4,240,384 --a------ c:\windows\System32\GameUXLegacyGDFs.dll 2008-12-12 16:49 . 2008-11-01 04:44 28,672 --a------ c:\windows\System32\Apphlpdm.dll 2008-12-12 16:47 . 2008-10-21 06:25 296,960 --a------ c:\windows\System32\gdi32.dll 2008-12-12 16:44 . 2008-10-29 07:29 2,927,104 --a------ c:\windows\explorer.exe 2008-12-12 16:44 . 2008-06-23 02:59 2,868,736 --a------ c:\windows\System32\mf.dll 2008-12-12 16:44 . 2008-06-23 02:59 996,352 --a------ c:\windows\System32\WMNetMgr.dll 2008-12-12 16:44 . 2008-06-23 02:58 94,720 --a------ c:\windows\System32\logagent.exe 2008-12-10 17:45 . 2008-12-10 19:59 <REP> d-------- c:\program files\DVDFab 5 2008-12-04 08:11 . 2008-12-04 08:11 <REP> d-------- c:\program files\LibUSB-Win32-0.1.10.1 2008-12-04 08:11 . 2005-03-09 20:50 19,456 --a------ c:\windows\System32\libusbd-9x.exe 2008-12-04 08:11 . 2005-03-09 20:50 18,944 --a------ c:\windows\System32\libusbd-nt.exe 2008-12-04 07:47 . 2005-03-09 20:50 46,592 --a------ c:\windows\System32\libusb0.dll 2008-12-04 07:47 . 2005-03-09 20:50 33,792 --a------ c:\windows\System32\drivers\libusb0.sys 2008-12-03 08:25 . 2008-12-03 08:25 <REP> d-------- c:\users\All Users\LightScribe 2008-12-03 08:25 . 2008-12-03 08:25 <REP> d-------- c:\progra~2\LightScribe 2008-12-02 17:33 . 2008-12-02 17:41 <REP> d-------- c:\users\Public\CyberLink 2008-12-02 17:22 . 2008-12-04 07:40 <REP> d-------- c:\program files\lg_fwupdate 2008-12-02 17:22 . 1998-06-24 00:00 115,016 --a------ c:\windows\System32\MSINET.OCX 2008-12-02 17:22 . 1998-07-22 00:00 102,912 --a------ c:\windows\System32\Vb6stkit.dll 2008-12-02 17:22 . 1998-07-22 00:00 102,160 --a------ c:\windows\System32\VB6KO.DLL 2008-12-02 17:22 . 2006-02-17 14:19 16,384 --a------ c:\windows\System32\lgfwunis.exe 2008-12-02 17:22 . 2008-12-04 07:40 324 --a------ c:\windows\lgfwup.ini 2008-12-02 17:21 . 2005-01-07 17:34 486,766 --a------ c:\windows\CLBUDF.tbl 2008-12-02 17:21 . 2007-06-04 18:25 162,096 --------- c:\windows\System32\drivers\CLBUDF.sys 2008-12-02 17:21 . 2007-06-04 18:24 131,072 --a------ c:\windows\IBUnInst.exe 2008-12-02 17:21 . 2007-06-04 18:25 16,048 --------- c:\windows\System32\drivers\CLBStor.sys 2008-12-02 17:20 . 2008-12-02 17:20 <REP> d-------- c:\program files\LightScribeODK 2008-12-02 17:20 . 2008-12-02 17:20 <REP> d-------- c:\program files\Common Files\LightScribe 2008-12-02 17:19 . 2002-12-11 20:11 37,916 --a------ c:\windows\System32\WMPrfFRA.prx 2008-12-02 17:18 . 2008-12-03 08:21 <REP> d-------- c:\users\Administrateur\AppData\Roaming\CyberLink 2008-12-02 17:18 . 2008-12-03 08:21 <REP> d-------- c:\users\ADMINI~1\AppData\Roaming\CyberLink 2008-12-02 17:18 . 2007-03-22 21:28 1,053,232 --------- c:\windows\System32\MFC71u.dll 2008-12-02 17:17 . 2002-12-11 20:11 37,916 --a------ c:\windows\WMPrfFRA.prx 2008-12-02 17:16 . 2008-12-03 08:21 <REP> d-------- c:\users\All Users\CyberLink 2008-12-02 17:16 . 2008-12-03 08:21 <REP> d-------- c:\progra~2\CyberLink 2008-12-02 17:16 . 2007-03-14 21:02 49,712 --a------ c:\windows\System32\msxma1f6.rra 2008-12-02 17:15 . 2008-12-02 17:22 <REP> d-------- c:\program files\CyberLink . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-31 10:23 81,920 ----a-w c:\windows\system32\drivers\mstsc.exe 2008-12-24 06:58 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2008-12-22 11:10 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-20 06:37 --------- d-----w c:\program files\Common Files\Adobe 2008-12-14 08:10 --------- d-----w c:\program files\ma-config.com 2008-12-14 08:10 --------- d-----w c:\progra~2\ma-config.com 2008-12-12 16:38 --------- d-----w c:\program files\Windows Mail 2008-12-12 16:04 --------- d-----w c:\progra~2\Microsoft Help 2008-12-10 17:10 --------- d-----w c:\program files\SlySoft 2008-12-04 07:56 --------- d-----w c:\program files\eMule 2008-12-03 18:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2008-12-03 18:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2008-12-03 06:41 --------- d-----w c:\program files\Java 2008-12-02 16:10 --------- d-----w c:\program files\Common Files\AVSMedia 2008-12-02 16:10 --------- d-----w c:\program files\AVS4YOU 2008-11-28 16:24 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-11-28 13:59 --------- d-----w c:\progra~2\Spybot - Search & Destroy 2008-11-24 07:19 --------- d-----w c:\program files\QuickTime 2008-11-19 17:21 93,128 ----a-w c:\windows\System32\ElbyCDIO.dll 2008-11-14 08:09 --------- d-----w c:\progra~2\NVIDIA 2008-11-13 14:28 --------- d-----w c:\program files\Microsoft Silverlight 2008-11-13 07:59 --------- d-----w c:\users\Administrateur\AppData\Roaming\Wallpaper 2008-11-13 07:59 --------- d-----w c:\users\ADMINI~1\AppData\Roaming\Wallpaper 2008-11-13 07:47 --------- d-----w c:\program files\Wallpaper 2008-11-13 06:19 --------- d-----w c:\program files\Common Files\aol 2008-11-13 06:18 --------- d-----w c:\progra~2\AOL OCP 2008-11-11 19:00 218,376 ----a-w c:\windows\System32\klogon.dll 2008-11-11 18:58 25,601 ----a-w c:\windows\system32\drivers\klopp.dat 2008-11-10 04:43 410,984 ----a-w c:\windows\System32\deploytk.dll 2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll 2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll 2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll 2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll 2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll 2008-10-22 03:57 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll 2008-10-21 05:25 1,645,568 ----a-w c:\windows\System32\connect.dll 2008-10-16 21:13 1,809,944 ----a-w c:\windows\System32\wuaueng.dll 2008-10-16 21:12 561,688 ----a-w c:\windows\System32\wuapi.dll 2008-10-16 21:09 51,224 ----a-w c:\windows\System32\wuauclt.exe 2008-10-16 21:09 43,544 ----a-w c:\windows\System32\wups2.dll 2008-10-16 21:08 34,328 ----a-w c:\windows\System32\wups.dll 2008-10-16 20:56 1,524,736 ----a-w c:\windows\System32\wucltux.dll 2008-10-16 20:55 83,456 ----a-w c:\windows\System32\wudriver.dll 2008-10-16 13:08 162,064 ----a-w c:\windows\System32\wuwebv.dll 2008-10-16 12:56 31,232 ----a-w c:\windows\System32\wuapp.exe 2008-04-01 14:41 174 --sha-w c:\program files\desktop.ini 2007-10-20 06:51 581,632 ----a-w c:\users\Administrateur\starthook.dll 2007-10-20 06:51 34,304 ----a-w c:\users\Administrateur\3duserpic.exe . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "Wallpaper"="c:\program files\Wallpaper\Wallpaper.exe" [2007-08-21 233472] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HostManager"="c:\program files\Common Files\AOL\1188731367\ee\AOLSoftware.exe" [2006-11-14 50736] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-10-11 62760] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-11-11 206088] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 c:\windows\RtHDVCpl.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe] c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-04-02 805392] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll,c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-10-15 01:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] --------- 2007-11-16 11:20 91432 c:\program files\CyberLink\Shared Files\brs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-09-20 14:35 202024 c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantBurn] --a------ 2007-06-04 18:24 599600 c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU] --a------ 2006-08-17 13:45 249856 c:\program files\lg_fwupdate\fwupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-09-20 08:51 1836328 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager] --a------ 2006-01-13 22:22 249856 c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader] --a------ 2007-07-26 12:28 105544 c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote] --a------ 2007-07-04 13:52 253000 c:\program files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-10-28 09:35 72736 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] --a------ 2001-07-03 09:11 57344 c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-11-10 05:43 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "Sidebar"=c:\program files\Windows Sidebar\sidebar.exe /autoRun [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{B5F95734-ACF2-42FB-BE2A-C690174AE644}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect "{50907726-65E5-4E27-B736-EAE8104FF914}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Autoconnect "{E2EC6974-4E24-4D57-89CB-F4F2B22B46CF}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL "{D8824C46-6C7A-4330-A9FE-A58EC3678794}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:module de connexion AOL "{A9FC00C9-0792-4027-8CA8-DED7BE5F2F3B}"= UDP:c:\program files\AOL 9.0 VR\waol.exe:AOL "{4B5CF425-9A99-4999-A10F-A2DD87702E6D}"= TCP:c:\program files\AOL 9.0 VR\waol.exe:AOL "{7BCC5924-5D1D-4DEF-B28B-1C73A3EA97C5}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{FE858DE8-824A-471A-AFD9-E04BD28CC939}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed "{F4354797-F52B-48A8-8899-D8553594CED5}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader "{3A6FBE9C-2151-4BAE-ACDD-3698C5C02C46}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader "{B5C4383F-1472-423F-B1A4-13F594420DBE}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information "{AC142439-0A3B-4E6F-9F3C-D130B1BF90C2}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information "{AF20C2F0-0FFF-44FC-A268-D352FEE7EABF}"= UDP:c:\program files\Common Files\aol\1188731367\ee\aolsoftware.exe:AOL Shared Components "{C432EC89-6101-46CD-A737-7B454B4D1BEF}"= TCP:c:\program files\Common Files\aol\1188731367\ee\aolsoftware.exe:AOL Shared Components "{0025EEA6-C901-4EF2-95F4-89954BF5A7CB}"= UDP:c:\program files\AOL 9.0 VRa\waol.exe:AOL "{FDE6E615-C53F-404E-93E4-77F0498F66BC}"= TCP:c:\program files\AOL 9.0 VRa\waol.exe:AOL "TCP Query User{507BB1BC-21FB-45E1-95B2-D4FD8AF44313}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= UDP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home "UDP Query User{8D8D7AAE-767E-45D3-A581-86797741DF43}c:\\program files\\nero\\nero8\\nero home\\nerohome.exe"= TCP:c:\program files\nero\nero8\nero home\nerohome.exe:Nero Home "TCP Query User{A8F4A730-56DC-45BC-9C94-D410A93AD97E}c:\\program files\\nero\\nero8\\nero burning rom\\nero.exe"= UDP:c:\program files\nero\nero8\nero burning rom\nero.exe:Nero Express "UDP Query User{3E351EAB-5E1B-40BE-8CE2-AD48F1F69F45}c:\\program files\\nero\\nero8\\nero burning rom\\nero.exe"= TCP:c:\program files\nero\nero8\nero burning rom\nero.exe:Nero Express "TCP Query User{5B2AFA87-BFF9-4A6A-9836-649844D21B0C}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer "UDP Query User{AA99F133-B2D9-4F97-AD93-BE22FF1976D9}c:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:c:\program files\common files\nero\nero web\setupx.exe:Nero Installer "TCP Query User{F406D4C8-11FB-45AC-830E-7EA25CD7F878}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule "UDP Query User{CA4D1452-6AD5-472F-847D-3F852B4A3C79}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule "TCP Query User{BB179BFE-A561-4C4A-8CD1-AFF8E1A49376}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{53E2BDF5-4131-4F3D-9D8F-80234A0E8387}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{E1F485D8-361A-4395-89BD-A27F316B0837}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{27D27EA5-5BA1-4732-B77E-AE086AD7DBC2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer "{5610E825-E67E-48DC-94F6-068429B83D93}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp "{1BC2A114-4708-4741-ADCA-90DEECB3F939}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp "{16447F3F-CBB2-49F9-8BEA-D416104670A9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{73FF7864-912E-46B9-B04E-F7E78BAC5E57}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD "{6EAE9930-94D4-42A5-94A7-B83D881F9F83}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice "{03D6C10C-D93B-43B4-84AE-48811796BC6A}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784] R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2008-12-02 16048] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2008-07-09 20496] R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\000.fcl [2008-12-02 17:15:54 41456] R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2008-12-02 162096] R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe [] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-12-04 33792] R3 PinnacleRoyalTS;Pinnacle Systems RoyalTS Device;c:\windows\system32\DRIVERS\RoyalTS.sys [2008-12-22 124544] S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-11-17 195752] S3 Navcar;Navman In-car Navigator USB Driver Service;c:\windows\system32\DRIVERS\Navcar.sys [2008-07-19 30329] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ rsmsvcs REG_MULTI_SZ ntmssvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16d0d45b-d188-11dc-9485-00038a000015}] \shell\AutoRun\command - i:\wd_windows_tools\setup.exe *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . - - - - ORPHELINS SUPPRIMES - - - - HKCU-Run-Power2GoExpress - (no file) HKLM-Run-Bluetooth Connection Assistant - LBTWIZ.EXE Notify-LBTWlgn - (no file) . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.msn.fr/ IE: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 c:\windows\bdoscandellang.ini - c:\windows\bdoscandel.exe c:\windows\Downloaded Program Files\live.ini c:\windows\Downloaded Program Files\scanoptions.tsi c:\windows\Downloaded Program Files\lang.ini c:\windows\Downloaded Program Files\ipsupd.dll c:\windows\Downloaded Program Files\bdupd.dll c:\windows\Downloaded Program Files\libfn.dll c:\windows\Downloaded Program Files\bdcore.dll c:\windows\Downloaded Program Files\oscan8.ocx O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://www.zebulon.fr/scan8/oscan8.cab c:\windows\Downloaded Program Files\oscan8.inf . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-02 09:26:02 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'Explorer.exe'(2852) c:\program files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL c:\program files\Hewlett-Packard\HP Share-to-Web\S2WNSRES.DLL c:\program files\Hewlett-Packard\HP Share-to-Web\HPGS2WNFPS.DLL . Heure de fin: 2009-01-02 9:28:16 ComboFix-quarantined-files.txt 2009-01-02 08:28:06 Avant-CF: 28 170 924 032 octets libres Après-CF: 28,037,140,480 octets libres 332 --- E O F --- 2009-01-01 15:25:49 ur thanos voici le rapport de combofix
  6. eric3342
    et voci le rapport de mbam Malwarebytes' Anti-Malware 1.31 Version de la base de données: 1574 Windows 6.0.6001 Service Pack 1 01/01/2009 12:18:51 mbam-log-2009-01-01 (12-18-51).txt Type de recherche: Examen rapide Eléments examinés: 51803 Temps écoulé: 5 minute(s), 29 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)
  7. eric3342
    je doit preciser que j'ai telecharge kaperski. il me detecte les virus me les met en quarantaine mais a chaque redemarage tout revient avec de nouveau nom,la plus part du temp
  8. eric3342
    bonjour thanos merci de prendre le temps pour m'aider. voici le premier rapport Logfile of random's system information tool 1.05 (written by random/random) Run by Administrateur at 2009-01-01 11:29:32 Microsoft® Windows Vista™ Professionnel Service Pack 1 System drive C: has 28 GB (49%) free of 57 GB Total RAM: 1023 MB (25% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:30:02, on 01/01/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\aol\1188731367\ee\aolsoftware.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Wallpaper\Wallpaper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Windows\System32\mobsync.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Mail\WinMail.exe C:\Program Files\Internet Explorer\iexplore.exe c:\program files\aol\aol toolbar 4.0\AolTbServer.exe C:\Users\Administrateur\Desktop\RSIT.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Administrateur\Desktop\Administrateur.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1188731367\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [East-Tec Eraser 2007] "C:\Program Files\East-Tec Eraser 2007\etsecureerase.exe" "/R:C:\Users\Administrateur\AppData\Roaming\EAST Technologies\East-Tec Eraser 2007" O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 7525 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Vérifier les mises à jour de Windows Live Toolbar.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}] IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll [2008-11-11 62728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-10 320920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}] AOL Toolbar Launcher - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll [2007-02-09 970752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] Windows Live Toolbar Helper - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-10 34816] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - Windows Live Toolbar - C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 546320] {DE9C389F-3316-41A7-809B-AA305ED9D922} - AOL Toolbar - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll [2007-02-09 970752] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "HostManager"=C:\Program Files\Common Files\AOL\1188731367\ee\AOLSoftware.exe [2006-11-14 50736] "Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-02-29 76304] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-08-27 4702208] "Bluetooth Connection Assistant"=LBTWIZ.EXE -silent [] "Logitech Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-02-29 76304] "NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-09-17 13580832] "NvMediaCenter"=C:\Windows\system32\NvMcTray.dll [2008-09-17 92704] "LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-10-11 62760] "AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-11-11 206088] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920] "Wallpaper"=C:\Program Files\Wallpaper\Wallpaper.exe [2007-08-21 233472] "Power2GoExpress"= [] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce] "East-Tec Eraser 2007"=C:\Program Files\East-Tec Eraser 2007\etsecureerase.exe [2006-11-22 856064] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe [2007-11-16 91432] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [2007-09-20 202024] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantBurn] C:\PROGRA~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe [2007-06-04 599600] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU] C:\Program Files\lg_fwupdate\fwupdate.exe [2006-08-17 249856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] [] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2007-09-20 1836328] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager] C:\PROGRA~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe [2006-01-13 249856] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe [2007-07-26 105544] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe [2007-07-04 253000] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-10-28 72736] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2001-07-03 57344] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-10 136600] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon] C:\Windows\system32\klogon.dll [2008-11-11 218376] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16d0d45b-d188-11dc-9485-00038a000015}] shell\AutoRun\command - I:\wd_windows_tools\setup.exe ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %* ======List of files/folders created in the last 1 months====== 2009-01-01 11:29:32 ----D---- C:\rsit 2008-12-31 09:56:04 ----D---- C:\Program Files\Kaspersky Lab 2008-12-31 09:56:03 ----D---- C:\ProgramData\Kaspersky Lab 2008-12-31 09:49:30 ----A---- C:\Windows\ntbtlog.txt 2008-12-31 09:45:29 ----A---- C:\Users\Administrateur\AppData\Roaming\esentutl.exe 2008-12-31 09:43:59 ----A---- C:\Users\Administrateur\AppData\Roaming\cisvc.exe 2008-12-31 09:42:14 ----A---- C:\Users\Administrateur\AppData\Roaming\spoolsv.exe 2008-12-31 09:08:26 ----A---- C:\Users\Administrateur\AppData\Roaming\clipsrv.exe 2008-12-31 09:08:11 ----A---- C:\Windows\logman.exe 2008-12-31 09:07:56 ----A---- C:\Users\Administrateur\AppData\Roaming\mstsc.exe 2008-12-31 08:59:05 ----A---- C:\Windows\ieudinit.exe 2008-12-31 08:58:50 ----A---- C:\Windows\spoolsv.exe 2008-12-31 08:57:35 ----A---- C:\Windows\cisvc.exe 2008-12-31 08:55:05 ----A---- C:\Windows\mstsc.exe 2008-12-31 08:53:50 ----A---- C:\Windows\rsvp.exe 2008-12-31 08:53:35 ----A---- C:\Windows\mstinit.exe 2008-12-31 08:53:20 ----A---- C:\Windows\clipsrv.exe 2008-12-31 07:59:29 ----A---- C:\Windows\system32\DBCLIENT.DLL 2008-12-31 07:59:28 ----D---- C:\Program Files\Common Files\Borland Shared 2008-12-31 07:59:12 ----D---- C:\Program Files\ZebHelpProcess 2 2008-12-27 09:58:13 ----D---- C:\Users\Administrateur\AppData\Roaming\Uniblue 2008-12-27 09:58:06 ----D---- C:\Program Files\Uniblue 2008-12-22 12:20:19 ----D---- C:\Program Files\DivX 2008-12-22 12:11:07 ----N---- C:\Windows\system32\MASE32.DLL 2008-12-22 12:11:07 ----N---- C:\Windows\system32\MASD32.DLL 2008-12-22 12:11:07 ----N---- C:\Windows\system32\MAMC32.DLL 2008-12-22 12:11:07 ----N---- C:\Windows\system32\MACD32.DLL 2008-12-22 12:11:07 ----N---- C:\Windows\system32\MA32.DLL 2008-12-22 12:10:37 ----N---- C:\Windows\system32\MSVCRTD.DLL 2008-12-22 12:10:37 ----N---- C:\Windows\system32\msvcr71d.dll 2008-12-22 12:10:37 ----N---- C:\Windows\system32\msvcr70d.dll 2008-12-22 12:10:37 ----N---- C:\Windows\system32\msvcp71d.dll 2008-12-22 12:10:37 ----N---- C:\Windows\system32\msvcp70d.dll 2008-12-22 12:10:37 ----N---- C:\Windows\system32\mfc71d.dll 2008-12-22 12:10:37 ----N---- C:\Windows\system32\HHActiveX.dll 2008-12-22 12:10:35 ----A---- C:\Windows\system32\DivXEncSettings.txt 2008-12-22 12:10:11 ----N---- C:\Windows\system32\msvcp80.dll 2008-12-22 12:10:11 ----N---- C:\Windows\system32\atl71.dll 2008-12-22 12:10:10 ----N---- C:\Windows\system32\msvcr80.dll 2008-12-22 12:10:10 ----D---- C:\Program Files\Pinnacle 2008-12-22 12:08:03 ----D---- C:\ProgramData\Pinnacle 2008-12-20 10:30:01 ----A---- C:\Users\Administrateur\AppData\Roaming\cmstp.exe 2008-12-20 06:37:27 ----A---- C:\Windows\system32\mshtml.dll 2008-12-12 16:58:04 ----A---- C:\Windows\system32\tzres.dll 2008-12-12 16:49:22 ----A---- C:\Windows\system32\Apphlpdm.dll 2008-12-12 16:49:21 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2008-12-12 16:47:59 ----A---- C:\Windows\system32\gdi32.dll 2008-12-12 16:45:21 ----A---- C:\Windows\system32\shell32.dll 2008-12-12 16:44:54 ----A---- C:\Windows\explorer.exe 2008-12-12 16:44:51 ----A---- C:\Windows\system32\mf.dll 2008-12-12 16:44:49 ----A---- C:\Windows\system32\WMVCORE.DLL 2008-12-12 16:44:48 ----A---- C:\Windows\system32\WMNetMgr.dll 2008-12-12 16:44:48 ----A---- C:\Windows\system32\logagent.exe 2008-12-10 17:45:43 ----D---- C:\Program Files\DVDFab 5 2008-12-04 08:11:08 ----D---- C:\Program Files\LibUSB-Win32-0.1.10.1 2008-12-04 08:11:08 ----A---- C:\Windows\system32\libusbd-nt.exe 2008-12-04 08:11:08 ----A---- C:\Windows\system32\libusbd-9x.exe 2008-12-04 07:47:41 ----A---- C:\Windows\system32\libusb0.dll 2008-12-03 08:25:32 ----D---- C:\ProgramData\LightScribe 2008-12-03 07:41:28 ----A---- C:\Windows\system32\javaws.exe 2008-12-03 07:41:28 ----A---- C:\Windows\system32\javaw.exe 2008-12-03 07:41:28 ----A---- C:\Windows\system32\java.exe 2008-12-02 17:22:03 ----A---- C:\Windows\lgfwup.ini 2008-12-02 17:22:00 ----D---- C:\Program Files\lg_fwupdate 2008-12-02 17:22:00 ----A---- C:\Windows\system32\Vb6stkit.dll 2008-12-02 17:22:00 ----A---- C:\Windows\system32\VB6KO.DLL 2008-12-02 17:22:00 ----A---- C:\Windows\system32\lgfwunis.exe 2008-12-02 17:21:10 ----A---- C:\Windows\IBUnInst.exe 2008-12-02 17:20:23 ----D---- C:\Program Files\LightScribeODK 2008-12-02 17:20:23 ----D---- C:\Program Files\Common Files\LightScribe 2008-12-02 17:18:59 ----N---- C:\Windows\system32\MFC71u.dll 2008-12-02 17:18:42 ----D---- C:\Users\Administrateur\AppData\Roaming\CyberLink 2008-12-02 17:16:27 ----D---- C:\ProgramData\CyberLink 2008-12-02 17:15:14 ----D---- C:\Program Files\CyberLink ======List of files/folders modified in the last 1 months====== 2009-01-01 11:29:51 ----D---- C:\Windows\Temp 2009-01-01 11:22:21 ----D---- C:\Windows\system32\drivers 2009-01-01 11:15:55 ----D---- C:\Windows\system 2009-01-01 10:59:41 ----AD---- C:\Windows 2009-01-01 10:59:39 ----SD---- C:\Users\Administrateur\AppData\Roaming\Microsoft 2008-12-31 10:05:59 ----D---- C:\Windows\system32\WDI 2008-12-31 09:58:32 ----SHD---- C:\Windows\Installer 2008-12-31 09:57:39 ----D---- C:\Windows\system32\catroot 2008-12-31 09:57:03 ----D---- C:\Windows\inf 2008-12-31 09:56:36 ----SHD---- C:\System Volume Information 2008-12-31 09:56:35 ----D---- C:\Windows\System32 2008-12-31 09:56:04 ----RD---- C:\Program Files 2008-12-31 09:56:03 ----HD---- C:\ProgramData 2008-12-31 09:48:18 ----D---- C:\Windows\system32\LogFiles 2008-12-31 09:47:03 ----D---- C:\Windows\Prefetch 2008-12-31 07:59:28 ----D---- C:\Program Files\Common Files 2008-12-30 10:11:24 ----D---- C:\Windows\system32\appmgmt 2008-12-28 10:37:37 ----A---- C:\Windows\win.ini 2008-12-27 13:18:27 ----D---- C:\Windows\system32\config 2008-12-27 10:03:45 ----D---- C:\Windows\system32\catroot2 2008-12-27 09:58:08 ----SD---- C:\ProgramData\Microsoft 2008-12-26 08:20:40 ----D---- C:\temp 2008-12-24 07:58:34 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-12-22 12:20:48 ----RSD---- C:\Windows\Fonts 2008-12-22 12:10:08 ----HD---- C:\Program Files\InstallShield Installation Information 2008-12-20 07:38:21 ----D---- C:\Windows\winsxs 2008-12-20 07:37:16 ----D---- C:\ProgramData\Adobe 2008-12-20 07:37:00 ----D---- C:\Program Files\Common Files\Adobe 2008-12-20 07:37:00 ----D---- C:\Program Files\Adobe 2008-12-14 09:10:55 ----D---- C:\ProgramData\ma-config.com 2008-12-14 09:10:55 ----D---- C:\Program Files\ma-config.com 2008-12-13 07:44:45 ----D---- C:\Windows\rescache 2008-12-12 17:38:37 ----D---- C:\Windows\AppPatch 2008-12-12 17:38:37 ----D---- C:\Program Files\Windows Mail 2008-12-12 17:38:36 ----D---- C:\Windows\system32\fr-FR 2008-12-12 17:33:57 ----D---- C:\Windows\Debug 2008-12-12 17:04:55 ----D---- C:\ProgramData\Microsoft Help 2008-12-10 20:34:14 ----A---- C:\Windows\NeroDigital.ini 2008-12-10 18:10:38 ----D---- C:\Program Files\SlySoft 2008-12-10 00:24:37 ----A---- C:\Windows\system32\mrt.exe 2008-12-04 08:56:53 ----D---- C:\Program Files\eMule 2008-12-03 07:41:27 ----D---- C:\Program Files\Java 2008-12-02 17:16:38 ----D---- C:\Windows\system32\Tasks 2008-12-02 17:11:46 ----A---- C:\Windows\system32\PerfStringBackup.INI 2008-12-02 17:10:58 ----D---- C:\Program Files\AVS4YOU 2008-12-02 17:10:46 ----D---- C:\Program Files\Common Files\AVSMedia ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 CLBStor;InstantBurn Storage Helper Driver; C:\Windows\system32\drivers\CLBStor.sys [2007-06-04 16048] R1 CSC;Offline Files Driver; C:\Windows\system32\drivers\csc.sys [2008-01-19 350720] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392] R1 kl1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2008-07-21 121872] R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2008-12-31 239632] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2008-07-09 20496] R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B}; \??\C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-11-05 41456] R2 CLBUDF;CyberLink InstantBurn UDF Filesystem; C:\Windows\system32\drivers\CLBUDF.sys [2007-06-04 162096] R3 BthEnum;Pilote de bloc de demande Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-19 19456] R3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160] R3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184] R3 Dot4;Pilote MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584] R3 Dot4Print;Pilote de classe Imprimante pour IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384] R3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864] R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2005-04-12 4608] R3 HidBatt;Pilote de batterie onduleur HID; C:\Windows\system32\DRIVERS\HidBatt.sys [2008-01-19 21504] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-08-28 1951000] R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\Windows\system32\DRIVERS\L8042Kbd.sys [2007-01-23 20496] R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344] R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1; C:\Windows\system32\drivers\libusb0.sys [2005-03-09 33792] R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880] R3 MRV6X32P;Pilote WiFi natif Vista 32-bits; C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 253952] R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-09-17 7379872] R3 PinnacleRoyalTS;Pinnacle Systems RoyalTS Device; C:\Windows\system32\DRIVERS\RoyalTS.sys [2006-08-16 124544] R3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-19 49664] R3 RTL8023xp;Pilote Realtek 10/100 NIC Family NDIS x86; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104] R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160] S3 DFUBTUSB;WIDCOMM USB Bluetooth Driver in DFU State; C:\Windows\System32\Drivers\frmupgr.sys [2007-01-03 27536] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [2008-11-17 15360] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\Windows\system32\DRIVERS\L8042mou.Sys [2007-01-23 62992] S3 LMouKE;SetPoint Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouKE.Sys [2007-01-23 78864] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 Navcar;Navman In-car Navigator USB Driver Service; C:\Windows\system32\DRIVERS\Navcar.sys [2006-09-18 30329] S3 Pcouffin;Low level access layer for CD devices; C:\Windows\System32\Drivers\Pcouffin.sys [2008-05-12 47360] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640] R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe [2008-11-11 206088] R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2008-01-19 21504] R2 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360] R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1; C:\Windows\system32\libusbd-nt.exe [2005-03-09 18944] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-27 79136] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288] R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-09-17 196608] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe [2008-01-19 523776] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-11-17 195752] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-09-20 382248] S3 NtmsSvc;@%SystemRoot%\system32\ntmssvc.dll,-2; C:\Windows\system32\svchost.exe [2008-01-19 21504] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2008-01-19 21504] S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe [2008-01-19 917504] -----------------EOF----------------- et voici le deuxieme rapport info.txt logfile of random's system information tool 1.05 2009-01-01 11:30:07 ======Uninstall list====== -->"C:\Program Files\AOL\AOL Toolbar 4.0\uninstall.exe" -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0401-0000-0000000FF1CE} /uninstall {5A2F65A4-808F-4A1E-973E-92E17824982D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0413-0000-0000000FF1CE} /uninstall {B3F4DC34-7F60-4B7C-A79F-1C13012D99D4} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-040C-0000-0000000FF1CE} /uninstall {A0353900-21A2-42CF-B973-883500A027F7} Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{8186E1B9-DDC6-45B6-B9EB-C28947CBC4CF} Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Reader 8.1.3 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003} AOL - Assistant de désinstallation-->C:\Program Files\Common Files\AOL\uninstaller.exe Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Around the World-->C:\Program Files\Around the World\Uninstal.exe BD/HD Advisor 1.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}\setup.exe" -uninstall BDi Reflexive Games Crack-->C:\Windows\iun6002.exe "C:\Program Files\Atlantis Quest\irunin.ini" CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A} CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2" CyberLink InstantBurn-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}\Setup.exe" -l0x40c -uninstall Détecteur de flux Windows Live Toolbar (Windows Live Toolbar)-->MsiExec.exe /X{EFFCB0F1-CFEC-48D4-B793-EBFCAE852976} DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC DivxToDVD 1.99.24-->"C:\Program Files\vso\DivxToDVD\unins000.exe" DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.2.2-->"C:\Program Files\DVDFab 5\unins000.exe" East-Tec Eraser 2007 Version 8.0-->"C:\Program Files\East-Tec Eraser 2007\unins000.exe" eMule-->"C:\Program Files\eMule\Uninstall.exe" Faire Part-->MsiExec.exe /X{B31C9233-0710-4D96-9C8F-79388751A725} Hi-Def Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall HijackThis 2.0.2-->"C:\Users\Administrateur\Desktop\HijackThis.exe" /uninstall HP Precisionscan Pro 3.1-->MsiExec.exe /I{6B36DEBF-27D0-4B1E-858D-D397091C6C7D} HP Share-to-Web-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{748F4870-8350-11D3-B0BF-080009FB4A19}\setup.exe" --MAIN -l1036 J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000} Java 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF} Java 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020} Java 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A} Kaspersky Anti-Virus 2009-->MsiExec.exe /I{6580C5A3-2336-4EC5-85F1-3448C5F6208A} Kaspersky On-line Scanner-->C:\Windows\system32\KASPER~1\KASPER~1\kavuninstall.exe KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355} LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\Setup.exe" LibUSB-Win32-0.1.10.1-->"C:\Program Files\LibUSB-Win32-0.1.10.1\unins000.exe" LightScribe Optical Disc Kit-->MsiExec.exe /X{71F17309-007D-43F9-9313-DBFBA5FCB3B3} Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly Ma-Config.com-->MsiExec.exe /X{3A4EE7A4-356E-43B7-A4A3-9C55B22A05B3} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Menus intelligents (Windows Live Toolbar)-->MsiExec.exe /X{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929} Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE} Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE} Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE} Microsoft Office Language Pack 2007 Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040C-0000-0000000FF1CE} /uninstall {EC50B538-CBE1-42E6-B7FE-87AA540AADFB} Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE} Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE} Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE} Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE} Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE} Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE} Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC} Navman F20 Service Pack-->C:\Program Files\InstallShield Installation Information\{D972C4DC-0E76-4698-A2B4-ABEFA25FFB9E}\setup.exe -runfromtemp -l0x040c -removeonly Nero 8-->MsiExec.exe /X{B4649EFB-54CB-42AB-8536-8FED519E1036} Nero PhotoShow Deluxe 4-->"C:\Program Files\Nero\Nero PhotoShow 4\data\Xtras\Uninstall.exe" neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI Pinnacle TVCenter Pro-->"C:\Program Files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exe" -runfromtemp -l0x040c -removeonly Plus de 200 000 Cliparts et Photos-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{D01940CE-8BD3-4258-B4E2-42F185AE1968} Power2Go 5.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall PowerBackup-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\setup.exe" -uninstall PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerpointImageExtractor-->"C:\Program Files\PowerpointImageExtractor_V1_2\unins000.exe" PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Recover My Files-->"C:\Program Files\GetData\Recover My Files\unins000.exe" RTC Client API v1.2-->MsiExec.exe /X{44CDBD1B-89FB-4E02-8319-2A4C550F664A} Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85} Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB958439)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {6491B8AA-D11C-4648-A461-6234B31EB7E2} Security Update for Microsoft Office Excel 2007 (KB958437)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {648FC016-2D6B-4A16-8D87-404533642F4B} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC} Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C} Spelling Dictionaries Support For Adobe Reader 8-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003} System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe The Rise of Atlantis (remove only)-->C:\Program Files\The Rise of Atlantis\Uninstall.exe Uniblue RegistryBooster 2-->"C:\Program Files\Uniblue\RegistryBooster 2\unins000.exe" Update for Microsoft Office Excel 2007 Help (KB957242)-->msiexec /package {90120000-0016-040C-0000-0000000FF1CE} /uninstall {49E314EE-81FA-4007-8F1A-8D39BDBB4498} Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756} Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-040C-0000-0000000FF1CE} /uninstall {80E46078-C1C5-4AE8-8744-3EAFC812E118} Update for Office 2007 (KB946691)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} Update for Outlook 2007 Junk Email Filter (kb958619)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {79B301C1-DBC0-467C-AFDA-2A6CDAFA4302} VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Wallpaper-->C:\Program Files\Wallpaper\uninst.exe WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B} Windows Live Toolbar-->"C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D} Windows Live Toolbar-->MsiExec.exe /X{0A8C97AD-DEED-4894-B446-3ABA95A77D0D} XnView 1.92-->"C:\Program Files\XnView\unins000.exe" ZebHelpProcess 2.33-->"C:\Program Files\ZebHelpProcess 2\unins000.exe" =====HijackThis Backups===== O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [CmSTP] C:\Users\ADMINI~1\LOCALS~1\APPLIC~1\MICROS~1\cmstp.exe /waitservice (User 'Default user') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [CmSTP] C:\Users\ADMINI~1\LOCALS~1\APPLIC~1\MICROS~1\cmstp.exe /waitservice (User 'SYSTEM') O4 - HKLM\..\Policies\Explorer\Run: [Cisvc] C:\Users\ADMINI~1\LOCALS~1\APPLIC~1\MICROS~1\cisvc.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [rsvp] C:\Users\ADMINI~1\AppData\Local\Temp\rsvp.exe /waitservice ======Hosts File====== 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com ======Security center information====== AV: Kaspersky Anti-Virus AS: Windows Defender AS: Kaspersky Anti-Virus System event log Computer Name: PC-de-eric Event Code: 10029 Message: DCOM a démarré le service TrustedInstaller avec les arguments « » de façon à exécuter le serveur : {752073A1-23F2-4396-85F0-8FDB879ED0ED} Record Number: 106460 Source Name: Microsoft-Windows-DistributedCOM Time Written: 20090101101008.000000-000 Event Type: Information User: Computer Name: PC-de-eric Event Code: 7036 Message: Le service Programme d’installation de modules Windows est entré dans l'état : en cours d'exécution. Record Number: 106461 Source Name: Service Control Manager Time Written: 20090101101008.000000-000 Event Type: Information User: Computer Name: PC-de-eric Event Code: 7036 Message: Le service Programme d’installation de modules Windows est entré dans l'état : arrêté. Record Number: 106462 Source Name: Service Control Manager Time Written: 20090101102009.000000-000 Event Type: Information User: Computer Name: PC-de-eric Event Code: 7036 Message: Le service Service de découverte automatique de Proxy Web pour les services HTTP Windows est entré dans l'état : arrêté. Record Number: 106463 Source Name: Service Control Manager Time Written: 20090101102320.000000-000 Event Type: Information User: Computer Name: PC-de-eric Event Code: 7036 Message: Le service Service de découverte automatique de Proxy Web pour les services HTTP Windows est entré dans l'état : en cours d'exécution. Record Number: 106464 Source Name: Service Control Manager Time Written: 20090101102908.000000-000 Event Type: Information User: Application event log Computer Name: PC-de-eric Event Code: 301 Message: WinMail (3372) WindowsMail0: Le moteur de la base de données a commencé la relecture du fichier journal C:\Users\Administrateur\AppData\Local\Microsoft\Windows Mail\edb.log. Record Number: 37884 Source Name: ESENT Time Written: 20090101100810.000000-000 Event Type: Information User: Computer Name: PC-de-eric Event Code: 302 Message: WinMail (3372) WindowsMail0: Le moteur de la base de données a terminé les étapes de récupération avec succès. Record Number: 37885 Source Name: ESENT Time Written: 20090101100811.000000-000 Event Type: Information User: Computer Name: PC-de-eric Event Code: 1 Message: Le service Centre de sécurité Windows a démarré. Record Number: 37886 Source Name: SecurityCenter Time Written: 20090101100903.000000-000 Event Type: Information User: Computer Name: PC-de-eric Event Code: 1005 Message: Les données du Programme d’amélioration de l’expérience utilisateur Windows ont été regroupées dans des fichiers qui seront envoyés à Microsoft pour analyse. Ces fichiers ne sont envoyés que si l’utilisateur joint le Programme d’amélioration de l’expérience utilisateur Windows. Record Number: 37887 Source Name: Microsoft-Windows-CEIP Time Written: 20090101101650.000000-000 Event Type: Information User: Computer Name: PC-de-eric Event Code: 5 Message: Unsupported service control request (see data below) Record Number: 37888 Source Name: LightScribeService Time Written: 20090101103005.000000-000 Event Type: Information User: Security event log Computer Name: PC-de-eric Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-ERIC$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x264 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 26101 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080711150707.917198-000 Event Type: Succès de l'audit User: Computer Name: PC-de-eric Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 Privilèges : SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 26102 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080711150707.917198-000 Event Type: Succès de l'audit User: Computer Name: PC-de-eric Event Code: 4648 Message: Tentative d’ouverture de session en utilisant des informations d’identification explicites. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-ERIC$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Compte dont les informations d’identification ont été utilisées : Nom du compte : SYSTEM Domaine du compte : AUTORITE NT GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Serveur cible : Nom du serveur cible : localhost Informations supplémentaires : localhost Informations sur le processus : ID du processus : 0x264 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Adresse du réseau : - Port : - Cet événement est généré lorsqu’un processus tente d’ouvrir une session pour un compte en spécifiant explicitement les informations d’identification de ce compte. Ceci se produit le plus souvent dans les configurations par lot comme les tâches planifiées, ou avec l’utilisation de la commande RUNAS. Record Number: 26103 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080711150712.198448-000 Event Type: Succès de l'audit User: Computer Name: PC-de-eric Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-5-18 Nom du compte : PC-DE-ERIC$ Domaine du compte : WORKGROUP ID d’ouverture de session : 0x3e7 Type d’ouverture de session : 5 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x264 Nom du processus : C:\Windows\System32\services.exe Informations sur le réseau : Nom de la station de travail : Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : Advapi Package d’authentification : Negotiate Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 26104 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080711150712.198448-000 Event Type: Succès de l'audit User: Computer Name: PC-de-eric Event Code: 4672 Message: Privilèges spéciaux attribués à la nouvelle ouverture de session. Sujet : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 Privilèges : SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege SeTakeOwnershipPrivilege SeLoadDriverPrivilege SeBackupPrivilege SeRestorePrivilege SeDebugPrivilege SeAuditPrivilege SeSystemEnvironmentPrivilege SeImpersonatePrivilege Record Number: 26105 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20080711150712.198448-000 Event Type: Succès de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "NUMBER_OF_PROCESSORS"=1 "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD "PROCESSOR_LEVEL"=15 "PROCESSOR_REVISION"=2f02 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% -----------------EOF-----------------
  9. eric3342
    bonjour a tout le monde! depuis quelques jours antivir m'alerte ccomme quoi j'aurai un trojan .je n'arrive pas a m'en debarasser. je vous remerci par avance pour l'aide que vous pourrez m'apporter. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:36:14, on 29/12/2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18241) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Common Files\aol\1188731367\ee\aolsoftware.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\Windows\System32\rundll32.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Users\Administrateur\Local Settings\APPLIC~1\esentutl.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Wallpaper\Wallpaper.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Windows Mail\WinMail.exe C:\Windows\System32\mobsync.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Administrateur\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll F3 - REG:win.ini: load=C:\Users\ADMINI~1\LOCALS~1\APPLIC~1\MICROS~1\spoolsv.exe O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1188731367\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [bluetooth Connection Assistant] LBTWIZ.EXE -silent O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Wallpaper] "C:\Program Files\Wallpaper\Wallpaper.exe" Starter O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\Users\ADMINI~1\AppData\Local\Temp\logman.exe /waitservice O4 - HKCU\..\Policies\Explorer\Run: [Esent Utl] C:\Users\ADMINI~1\LOCALS~1\APPLIC~1\esentutl.exe /waitservice O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Mstsc] C:\Users\ADMINI~1\AppData\Local\Temp\mstsc.exe /waitservice (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Mstsc] C:\Users\ADMINI~1\AppData\Local\Temp\mstsc.exe /waitservice (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite.net/co...ex/qtplugin.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://www.zebulon.fr/scan8/oscan8.cab O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe -- End of file - 7851 bytes
  10. eric3342
    salut je pense qu'il faut enlever le .fr assaye smtp.aol.com
  11. eric3342

    ubuntu 8.10 {resolu)

    eric3342 a répondu à un(e) sujet de eric3342 dans OS alternatifs

    je vous remercie pour vos informations. etant novice pour ce qui est de linux je n'ai que 5 mois d'utilisation derriere moi donc je ne savais pas s'il s'installai en mise a jour ou s'il faisait une reinstalle complete. merci encore pour vos informations
  12. eric3342
    bonjour a tous.je me prepare a installer ubuntu 8.10. j'ai deja le 8.04 [hardi].ma question est la suivante si je l'installe sur la meme partition,est ce que ca ecrasera l'ancienne et le demarrage? je ne voudrai pas me retrouver avec un grub qui me propose de booter sur 8.04 alors qu'il serai ecrase
  13. eric3342
    ta carte est elle compatible hdcp? si non tu ne pourra pas brancher ton ordi a la tele
  14. eric3342

    livbox et imprimante

    eric3342 a répondu à un(e) sujet de eric3342 dans Hardware

    je vient de faire un tour cher brother et il s'avere que cette imprimante n'est pas reseau. dans tout les cas je vous remercie de vos reponses rapides
  15. eric3342

    livbox et imprimante

    eric3342 a répondu à un(e) sujet de eric3342 dans Hardware

    je ne sait pas car c'est celle d'un ami .je sait qu'elle est branchee sur la prise muralle de telephone et que le combine telephonique est branche sur l'imprimante sur un port rj11. donc elle possede 2ports rj11 et 1 port usb. il y a 1entree et 1 sortie rj11
  16. eric3342

    livbox et imprimante

    eric3342 a répondu à un(e) sujet de eric3342 dans Hardware

    l'imprimante est une brother c215
  17. eric3342

    livbox et imprimante

    eric3342 a répondu à un(e) sujet de eric3342 dans Hardware

    j'apporte une petite precision sur l'imprimante c'est une multi fonctions qui fait fax elle est branche sur la ligne de telephone
  18. eric3342

    livbox et imprimante

    eric3342 a répondu à un(e) sujet de eric3342 dans Hardware

    bonjour berfizan et ou la branche t'on sur la box car il n'y a qu'un port usb qui est qualifie de maitre
  19. eric3342

    livbox et imprimante

    eric3342 a posté un sujet dans Hardware

    bonjour a tous et a toute est-il possible de connecter une imprimante a une livebox afin de partager celle-ci sur deux postes comme avec une aol box . la documentation n'en parle pas en vous remerciant par avance de vos reponses
×
×
  • Créer...