doc charly
-
Compteur de contenus
34 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Tout ce qui a été posté par doc charly
-
et bien c'est un mystère mais c'est rentré dans l'ordre comme c'était arrivé ... j'avais en effet (essayer d') installé un module de sécurité pour la lecture de la carte vitale, sans succès, qui a persisté avec la réinstallation et la réintégration des préférences... son "élimination" sauvage a à priori résolu le problème. Merci et a plus
-
salut fifi, merci de ton aide, j'ai désinstallé et réinstallé firefox, j'ai désactvé les 2 malheureux modules complémentaires que j'avais mais pas mieux... une autre idée ?
-
bonjour, comme indiqué dans le titre lorsque je (ré)ouvre firefox, j'ai un message d'erreur me disant que l'application est encore ouverte; je dois passer par le ctr+alt+sup pour fermer l'application afin de pouvoir le réouvrir. Cela me le fait depuis seulement 2 jours. Vous auriez une idée du problème ? merci par avance.
-
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
encore merci pour tout !!! en esperant ne plus avoir besoin de toi avant longtemps !!! salut l'indien charles -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
hello, effectivement il se manipule facilement et est a priori beaucoup plus efficace .... et voila : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:35:26, on 25/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\System32\00THotkey.exe C:\Program Files\wifi\WG511v210\Utility\WG511WLU.exe C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Startup Faster\sfAgent.exe C:\WINDOWS\system32\TFNF5.exe C:\WINDOWS\system32\TPWRTRAY.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\WINDOWS\system32\TDispVol.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\scan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - D:\Dragon_Naturally_speaking_Preferred_XP_FR\Program\web_ie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [startupFaster] "C:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: StartupFaster O4 - Global Startup: StartupFaster O8 - Extra context menu item: &Clean Traces - C:\Program Files\internet\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\internet\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\internet\DAP\dapextie2.htm O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab O16 - DPF: Yahoo! Pyramids - http://download2.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199619111384 O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photostation.fr/aurigma/ImageUploader4.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...383/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{02F7DEAF-AEFB-4EF2-9C17-16F592ABB12B}: NameServer = 217.19.48.80 O17 - HKLM\System\CS1\Services\Tcpip\..\{02F7DEAF-AEFB-4EF2-9C17-16F592ABB12B}: NameServer = 217.19.48.80 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - D:\IPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- End of file - 8834 bytes -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
et voilà, le changement est fait, je te poste le rapport : Avira AntiVir Personal Report file date: mercredi 24 septembre 2008 21:18 Scanning for 1641354 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: charly Computer name: PORTABLE-CHARLY Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16 ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 19:11:52 ANTIVIR3.VDF : 7.0.6.207 415744 Bytes 24/09/2008 19:11:54 Engineversion : 8.1.1.35 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22 AESCRIPT.DLL : 8.1.0.76 319867 Bytes 24/09/2008 19:12:08 AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:50 AERDL.DLL : 8.1.1.2 438644 Bytes 24/09/2008 19:12:06 AEPACK.DLL : 8.1.2.3 364918 Bytes 24/09/2008 19:12:04 AEOFFICE.DLL : 8.1.0.25 196986 Bytes 24/09/2008 19:12:02 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 24/09/2008 19:12:02 AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:50 AEGEN.DLL : 8.1.0.36 315764 Bytes 24/09/2008 19:11:58 AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:22 AECORE.DLL : 8.1.1.11 172406 Bytes 24/09/2008 19:11:56 AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:50 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02 AVREP.DLL : 8.0.0.2 98344 Bytes 24/09/2008 19:11:56 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mercredi 24 septembre 2008 21:18 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned Scan process 'TouchED.exe' - '1' Module(s) have been scanned Scan process 'WkUFind.exe' - '1' Module(s) have been scanned Scan process 'TDispVol.exe' - '1' Module(s) have been scanned Scan process 'TosHKCW.exe' - '1' Module(s) have been scanned Scan process 'APDPROXY.EXE' - '1' Module(s) have been scanned Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned Scan process 'TPWRTRAY.EXE' - '1' Module(s) have been scanned Scan process 'TFNF5.EXE' - '1' Module(s) have been scanned Scan process 'SFAgent.exe' - '1' Module(s) have been scanned Scan process 'BTDNA.EXE' - '1' Module(s) have been scanned Scan process 'AlarmWatcher.exe' - '1' Module(s) have been scanned Scan process 'TMESBS32.EXE' - '1' Module(s) have been scanned Scan process 'WG511WLU.EXE' - '1' Module(s) have been scanned Scan process '00THotkey.exe' - '1' Module(s) have been scanned Scan process 'RAMASST.EXE' - '1' Module(s) have been scanned Scan process 'ALG.EXE' - '1' Module(s) have been scanned Scan process 'CALMAIN.EXE' - '1' Module(s) have been scanned Scan process 'TMESBS32.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned Scan process 'DVDRAMSV.EXE' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned Scan process 'LSASS.EXE' - '1' Module(s) have been scanned Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned Scan process 'SMSS.EXE' - '1' Module(s) have been scanned 43 processes with 43 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '92' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! Begin scan in 'D:\' End of the scan: mercredi 24 septembre 2008 22:13 Used time: 54:15 Minute(s) The scan has been done completely. 8696 Scanning directories 333915 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 333913 Files not concerned 6759 Archives were scanned 2 Warnings 0 Notes -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
salut le sioux, désolé de te repondre si tard mais je viens juste de rentrer,pour le virustotal,je l'ai fait jusqu'à obtenir la bonne réponse, mais il n'y avait pas de rapport a poster .... pour le changement d'antivirus, cela me parait une bonne chose à la lecture du test .... quand tu veux pour faire le changement -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
vivivivi -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
voila, il lui a fallu du temps : ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Monday, September 22, 2008 7:11:40 AM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600) Kaspersky On-line Scanner version : 5.0.84.2 Dernière mise à jour de la base antivirus Kaspersky : 21/09/2008 Enregistrements dans la base antivirus Kaspersky : 1114769 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: faux Cible de l'analyse - Poste de travail: C:\ D:\ E:\ F:\ Statistiques de l'analyse: Total d'objets analysés: 112610 Nombre de virus trouvés: 0 Nombre d'objets infectés: 0 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 03:06:50 Nom de l'objet infecté / Nom du virus / Dernière action C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_6cc.dat L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\charly\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\charly\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\charly\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\charly\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\charly\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\charly\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\charly\ntuser.dat L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré C:\System Volume Information\_restore{07F4D003-9C4B-4F48-A2FF-FB816B160FB7}\RP2\change.log L'objet est verrouillé ignoré Analyse terminée. ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Monday, September 22, 2008 7:11:40 AM Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600) Kaspersky On-line Scanner version : 5.0.84.2 Dernière mise à jour de la base antivirus Kaspersky : 21/09/2008 Enregistrements dans la base antivirus Kaspersky : 1114769 ------------------------------------------------------------------------------- Paramètres d'analyse: Analyser avec la base antivirus suivante: standard Analyser les archives: vrai Analyser les bases de messagerie: faux Cible de l'analyse - Poste de travail: C:\ D:\ E:\ F:\ Statistiques de l'analyse: Total d'objets analysés: 112610 Nombre de virus trouvés: 0 Nombre d'objets infectés: 0 / 0 Nombre d'objets suspects: 0 Durée de l'analyse: 03:06:50 Nom de l'objet infecté / Nom du virus / Dernière action C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré C:\WINDOWS\Temp\Perflib_Perfdata_6cc.dat L'objet est verrouillé ignoré C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\temp\Fichiers Internet temporaires\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré C:\Documents and Settings\charly\ntuser.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\charly\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\charly\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\charly\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré C:\Documents and Settings\charly\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré C:\Documents and Settings\charly\Cookies\index.dat L'objet est verrouillé ignoré C:\Documents and Settings\charly\ntuser.dat L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\log\selfdef.log L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré C:\System Volume Information\_restore{07F4D003-9C4B-4F48-A2FF-FB816B160FB7}\RP2\change.log L'objet est verrouillé ignoré Analyse terminée. -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
a priori on a eu sa peau : aLogfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:20:34, on 21/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\00THotkey.exe C:\Program Files\wifi\WG511v210\Utility\WG511WLU.exe C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Startup Faster\sfAgent.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\TFNF5.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\TPWRTRAY.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\WINDOWS\system32\TDispVol.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\scan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - D:\Dragon_Naturally_speaking_Preferred_XP_FR\Program\web_ie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [startupFaster] "C:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: StartupFaster O4 - Global Startup: StartupFaster O8 - Extra context menu item: &Clean Traces - C:\Program Files\internet\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\internet\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\internet\DAP\dapextie2.htm O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab O16 - DPF: Yahoo! Pyramids - http://download2.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199619111384 O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photostation.fr/aurigma/ImageUploader4.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...383/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{02F7DEAF-AEFB-4EF2-9C17-16F592ABB12B}: NameServer = 217.19.48.80 O17 - HKLM\System\CS1\Services\Tcpip\..\{02F7DEAF-AEFB-4EF2-9C17-16F592ABB12B}: NameServer = 217.19.48.80 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - D:\IPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- End of file - 9003 bytes -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
et accesoirement la boule bleue d'avast n'a jamais disparue ..... j'aurai peut etre du le dire plus tôt .... -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
j'ai un message d'erreur disant que les informations n'ont pas été iscrites correctement .... et donc pas de modification du registre -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
oki, comme demandé : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:17:24, on 21/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\00THotkey.exe C:\Program Files\wifi\WG511v210\Utility\WG511WLU.exe C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Startup Faster\sfAgent.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\TFNF5.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\TPWRTRAY.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\WINDOWS\system32\TDispVol.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\scan.exe C:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - D:\Dragon_Naturally_speaking_Preferred_XP_FR\Program\web_ie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [startupFaster] "C:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: StartupFaster O4 - Global Startup: StartupFaster O8 - Extra context menu item: &Clean Traces - C:\Program Files\internet\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - C:\Program Files\internet\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\internet\DAP\dapextie2.htm O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab O16 - DPF: Yahoo! Pyramids - http://download2.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199619111384 O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photostation.fr/aurigma/ImageUploader4.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...383/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{02F7DEAF-AEFB-4EF2-9C17-16F592ABB12B}: NameServer = 217.19.48.80 O17 - HKLM\System\CS1\Services\Tcpip\..\{02F7DEAF-AEFB-4EF2-9C17-16F592ABB12B}: NameServer = 217.19.48.80 O20 - AppInit_DLLs: hqnlyu.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - D:\IPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- End of file - 9035 bytes -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
ben bon ap' et si tu veux un alka selzer pour digérer .... -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
salut le sioux, je te rebalances un truc indigeste pour le petit déjeuner : 2008-09-21,10:41:26 System Repair Engineer 2.6.12.1018 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been selected: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Running Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <StartupFaster><"C:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><hqnlyu.dll> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] <WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}] <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <Carnet d'adresses 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [Microsoft Corporation] ================================== Startup Folders N/A ================================== Services [Adobe LM Service / Adobe LM Service][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems> [Apple Mobile Device / Apple Mobile Device][Running/Auto Start] <"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple, Inc.> [Gestion d'applications / AppMgmt][Stopped/Manual Start] <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A> [ASP.NET State Service / aspnet_state][Stopped/Manual Start] <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation> [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software> [avast! Antivirus / avast! Antivirus][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software> [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software> [avast! Web Scanner / avast! Web Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software> [##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## / Bonjour Service][Running/Auto Start] <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Computer, Inc.> [Canon Camera Access Library 8 / CCALib8][Running/Auto Start] <C:\Program Files\Canon\CAL\CALMAIN.exe><Canon Inc.> [DVD-RAM_Service / DVD-RAM_Service][Running/Auto Start] <C:\WINDOWS\system32\DVDRAMSV.exe><Matsushita Electric Industrial Co., Ltd.> [FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.> [Google Updater Service / gusvc][Stopped/Manual Start] <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google> [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation> [Service de l'iPod / iPod Service][Stopped/Manual Start] <D:\IPod\bin\iPodService.exe><(File is missing)> [NVIDIA Driver Helper Service / NVSvc][Running/Auto Start] <C:\WINDOWS\System32\nvsvc32.exe><NVIDIA Corporation> [Tmesbs32 / Tmesbs][Running/Auto Start] <"C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service><TOSHIBA Corporation> ================================== Drivers [Service d'installation du pilote audio Intel(r) 82801 (WDM) / ac97intc][Stopped/Manual Start] <system32\drivers\ac97intc.sys><Intel Corporation> [Ad-Watch Connect Kernel Filter / Ad-Watch Connect Filter][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\NSDriver.sys><N/A> [Atheros AR5001 Wireless Network Adapter Service / AR5211][Stopped/Manual Start] <System32\DRIVERS\ar5211.sys><Atheros Communications, Inc.> [aswFsBlk / aswFsBlk][Running/Auto Start] <system32\DRIVERS\aswFsBlk.sys><ALWIL Software> [aswRdr / aswRdr][Running/Manual Start] <\??\C:\WINDOWS\system32\drivers\aswRdr.sys><ALWIL Software> [AWINDIS5 Protocol Driver / AWINDIS5][Running/Manual Start] <\??\C:\WINDOWS\system32\AWINDIS5.SYS><AMBIT Microsystems Corporation.> [axsaki / axsaki][Running/Manual Start] <System32\DRIVERS\axsaki.sys><> [axskbus / axskbus][Running/Manual Start] <System32\DRIVERS\axskbus.sys><> [Belarc SMBios Access / BANTExt][Running/System Start] <\SystemRoot\System32\Drivers\BANTExt.sys><N/A> [catchme / catchme][Stopped/Manual Start] <\??\C:\ComboFix\catchme.sys><N/A> [Intel(R) PRO Adapter Driver / E100B][Stopped/Manual Start] <System32\DRIVERS\e100b325.sys><Intel Corporation> [Carte réseau virtuelle FreeBox USB / fbxusb][Stopped/Manual Start] <system32\DRIVERS\fbxusb32.sys><FreeBox SA> [GEAR CDRom Filter / GEARAspiWDM][Running/Manual Start] <SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.> [Logitech SetPoint HID Mouse Filter Driver / LHidKe][Running/Manual Start] <system32\DRIVERS\LHidKE.Sys><Logitech, Inc.> [Logitech SetPoint USB Receiver device driver / LHidUsbK][Running/Manual Start] <System32\Drivers\LHidUsbK.Sys><Logitech, Inc.> [Logitech SetPoint Mouse Filter Driver / LMouKE][Running/Manual Start] <system32\DRIVERS\LMouKE.Sys><Logitech, Inc.> [Driver for MagicISO SCSI Host Controller / mcdbus][Stopped/Manual Start] <system32\DRIVERS\mcdbus.sys><N/A> [meiudf / meiudf][Running/System Start] <System32\Drivers\meiudf.sys><Matsushita Electric Industrial Co.,Ltd.> [nv / nv][Running/Manual Start] <System32\DRIVERS\nv4_mini.sys><NVIDIA Corporation> [pciSd / pciSd][Stopped/Manual Start] <System32\DRIVERS\tossdpci.sys><TOSHIBA> [NETGEAR WG511 Wireless LAN Driver / PRISM_ICB][Running/Manual Start] <System32\DRIVERS\WG511ICB.sys><GlobespanVirata, Inc.> [StarForce Protection Environment Driver v6 / prodrv06][Running/System Start] <\SystemRoot\System32\drivers\prodrv06.sys><StarForce Technologies, Inc.> [StarForce Protection Helper Driver v2 / prohlp02][Running/Boot Start] <\SystemRoot\System32\drivers\prohlp02.sys><StarForce Technologies, Inc.> [StarForce Protection Synchronization Driver v1 / prosync1][Running/Boot Start] <\SystemRoot\System32\drivers\prosync1.sys><StarForce Technologies, Inc.> [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\system32\DRIVERS\PxHelp20.sys><Sonic Solutions> [Secdrv / Secdrv][Running/Auto Start] <System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.> [StarForce Protection Helper Driver / sfhlp01][Running/Boot Start] <\SystemRoot\System32\drivers\sfhlp01.sys><StarForce Technologies, Inc.> [SMC IrCC Miniport Device Driver / SMCIRDA][Running/Manual Start] <System32\DRIVERS\smcirda.sys><SMC> [ColorVision Spyder2 / Spyder2][Stopped/Manual Start] <system32\DRIVERS\Spyder2.sys><> [Spy Emergency Driver / SpyEmrg][Stopped/System Start] <System32\Drivers\spyemrg.sys><N/A> [Synaptics TouchPad Driver / SynTP][Running/Manual Start] <System32\DRIVERS\SynTP.sys><Synaptics, Inc.> [D-Link WLAN USB Boot Device / TIAcxubt][Stopped/Manual Start] <System32\Drivers\tiacxubt.sys><Texas Instruments> [D-Link AirPlus DWL-120+ Wireless USB Adapter / TIACXUSB][Stopped/Manual Start] <System32\Drivers\tiacxusb.sys><D-Link> [TOSHIBA Software Modem / TOSHIBASoftModem][Running/Manual Start] <System32\DRIVERS\LTSM.sys><LT> [Bluetooth Port Driver from Toshiba / tosporte][Running/Manual Start] <System32\DRIVERS\tosporte.sys><TOSHIBA Corporation> [Bluetooth RFBUS from TOSHIBA / Tosrfbd][Stopped/Manual Start] <System32\Drivers\tosrfbd.sys><TOSHIBA CORPORATION> [Bluetooth RFCOMM from TOSHIBA / Tosrfcom][Running/System Start] <System32\Drivers\tosrfcom.sys><TOSHIBA Corporation> [Bluetooth ACPI from TOSHIBA / tosrfec][Running/Manual Start] <System32\DRIVERS\tosrfec.sys><TOSHIBA Corporation> [Bluetooth RFHID from TOSHIBA / Tosrfhid][Stopped/Manual Start] <System32\DRIVERS\Tosrfhid.sys><TOSHIBA Corporation.> [Bluetooth USB Controller / Tosrfusb][Stopped/Manual Start] <System32\Drivers\tosrfusb.sys><TOSHIBA CORPORATION> [TOSHIBA SD Card Host Controller Driver / tsdhd][Running/Manual Start] <System32\DRIVERS\tsdhd.sys><TOSHIBA Corporation> [Toshiba ACPI-Based Value Added Logical Device Driver / TVALD][Running/Boot Start] <\SystemRoot\System32\DRIVERS\TVALD.SYS><Toshiba Corporation> [Toshiba ACPI-Based Value Added Logical Device Extension Driver / TVALDX][Running/Boot Start] <\SystemRoot\System32\DRIVERS\TVALDX.SYS><Toshiba Corporation> [Toshiba Value Added Logical and General Purpose Device Driver / TVALG][Running/Boot Start] <\SystemRoot\System32\DRIVERS\TVALG.SYS><TOSHIBA Corporation> [YAMAHA AC-XG Audio Device / WDM_YAMAHAAC97][Running/Manual Start] <system32\drivers\yacxgc.sys><YAMAHA CORPORATION> ================================== Browser Add-ons [] {243B17DE-77C7-46BF-B94B-0B5F309A0E64} <C:\Program Files\Microsoft Money\System\mnyside.dll, Microsoft Corporation> [DgnWebIE] {2843DAC1-05EF-11D2-95BA-0060083493D6} <D:\Dragon_Naturally_speaking_Preferred_XP_FR\Program\web_ie.dll, Dragon Systems> [Spybot-S&D IE Protection] {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited> [Google Toolbar Helper] {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.> [] {85d1f590-48f4-11d9-9669-0800200c9a66} <%windir%\bdoscandel.exe, N/A> [Spybot-S&D IE Protection] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited> [] {E023F504-0C5A-4750-A1E7-A9046DEA8A21} <C:\Program Files\Microsoft Money\System\mnyside.dll, Microsoft Corporation> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation> [&Google] {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.> [Image Uploader 3.0 Control] {1F83CD9E-505E-4F87-BECE-0832A763E36F} <C:\WINDOWS\Downloaded Program Files\MypixUploader.ocx, (Signed) Fotovista SA> [BDSCANONLINE Control] {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\DOWNLO~1\oscan8.ocx, SOFTWIN> [MUWebControl Class] {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation> [] {80DD2229-B8E4-4C77-B72F-F22972D723EA} <, > [] {9F1C11AA-197B-4942-BA54-47A8489BB47F} <, > [F-Secure Online Scanner 3.3] {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} <C:\WINDOWS\Downloaded Program Files\fscax.dll, F-Secure Corporation> [Zylom Games Player] {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} <C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll, (Signed) Zylom Games> [PB_Uploader Class] {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} <C:\WINDOWS\Downloaded Program Files\uploader_uni.ocx, Lateral Arts Limited> [get_atlcom Class] {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} <C:\WINDOWS\Downloaded Program Files\gp.ocx, (Signed) NOS Microsystems Ltd.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.> [Image Uploader Control] {EDFCB7CB-942C-4822-AF14-F0B687409848} <C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx, (Signed) Aurigma, Inc.> [McFreeScan Class] {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} <C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll, (Signed) McAfee, Inc.> [] {00000000-0000-0000-0000-000000000000} <, > [Microsoft Outlook 8.0 Object Library] {0006F033-0000-0000-C000-000000000046} <, > [Microsoft Outlook] {0006F03A-0000-0000-C000-000000000046} <, > [Google Script Object] {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.> [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.> [Adobe PDF Reader Link Helper] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated> [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\System32\msjava.dll, Microsoft Corporation> [] {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <, > [Shockwave ActiveX Control] {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\system32\Macromed\Director\SwDir.dll, Macromedia, Inc.> [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation> [] {1928D47B-892D-41BB-849B-9B36CA6540BF} <, > [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation> [&Google] {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.> [] {23BBF25F-58D4-4117-9459-FFC87611046C} <, > [] {243B17DE-77C7-46BF-B94B-0B5F309A0E64} <C:\Program Files\Microsoft Money\System\mnyside.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation> [DgnWebIE] {2843DAC1-05EF-11D2-95BA-0060083493D6} <D:\Dragon_Naturally_speaking_Preferred_XP_FR\Program\web_ie.dll, Dragon Systems> [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [DHTML Edit Control Safe for Scripting for IE5] {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation> [] {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <, > [] {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <, > [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation> [QuickTime Object] {4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.> [Microsoft Terminal Services Client Control (redist)] {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A> [Microsoft Terminal Services Client Control (redist)] {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A> [Spybot-S&D IE Protection] {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, (Signed) Safer Networking Limited> [] {5BEE1A76-9B63-474D-B159-DAFF9A203AB1} <, > [] {5D3DC08D-381D-42CE-8562-5F627626C2D9} <, > [BDSCANONLINE Control] {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} <C:\WINDOWS\DOWNLO~1\oscan8.ocx, SOFTWIN> [] {6117669B-8C2D-41FA-A6D9-9E484B999CF0} <, > [DAP Bar] {62999427-33FC-4BAF-9C9C-BCE6BD127F08} <C:\Program Files\internet\DAP\DAPIEBar.dll, N/A> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation> [] {669695BC-A811-4A9D-8CDF-BA8C795F261C} <, > [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation> [MUWebControl Class] {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation> [Microsoft Terminal Services Client Control (redist)] {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A> [Microsoft Terminal Services Client Control (redist)] {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A> [] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, > [] {80DD2229-B8E4-4C77-B72F-F22972D723EA} <, > [] {85D1F590-48F4-11D9-9669-0800200C9A66} <, > [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation> [XML DOM Document 4.0] {88D969C0-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation> [Free Threaded XML DOM Document 4.0] {88D969C1-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation> [XSL Template 4.0] {88D969C3-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation> [XML HTTP 4.0] {88D969C5-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation> [XML DOM Document 6.0] {88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation> [Free Threaded XML DOM Document 6.0] {88D96A06-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation> [XSL Template 6.0] {88D96A08-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation> [XML HTTP 6.0] {88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation> [] {8AD9C840-044E-11D1-B3E9-00805F499D93} <, > [Microsoft Terminal Services Client Control (redist)] {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A> [] {96B631E1-A83B-4FE0-9F71-CD6655076269} <, > [] {986C28D7-7DF4-48AA-8F79-31E29308A8CB} <, > [Skype Detection Object] {9E385F0A-0BA2-430C-96AA-4399C5E40F6C} <, > [Google Toolbar Helper] {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, (Signed) Google Inc.> [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Fichiers communs\System\msadc\msadco.dll, (Signed) Microsoft Corporation> [F-Secure Online Scanner 3.3] {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} <C:\WINDOWS\Downloaded Program Files\fscax.dll, F-Secure Corporation> [Zylom Games Player] {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} <C:\WINDOWS\Downloaded Program Files\zylomgamesplayer.dll, (Signed) Zylom Games> [Adobe PDF Reader] {CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.> [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation> [PB_Uploader Class] {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} <C:\WINDOWS\Downloaded Program Files\uploader_uni.ocx, Lateral Arts Limited> [get_atlcom Class] {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} <C:\WINDOWS\Downloaded Program Files\gp.ocx, (Signed) NOS Microsystems Ltd.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.> [iTunesDetector Class] {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <D:\IPod\iTunes\ITDetector.ocx, (Signed) Apple Computer, Inc.> [QuickTimeCheck Class] {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, (Signed) Apple Inc.> [] {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} <, > [] {E023F504-0C5A-4750-A1E7-A9046DEA8A21} <, > [] {E54BCA66-F468-48E9-8CAD-696DB6759A63} <, > [WebViewFolderIcon Class] {E5DF9D10-3B52-11D1-83E8-00A0C90DC849} <C:\WINDOWS\System32\webvw.dll, (Signed) Microsoft Corporation> [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [Image Uploader Control] {EDFCB7CB-942C-4822-AF14-F0B687409848} <C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx, (Signed) Aurigma, Inc.> [] {EE503C07-4B3D-4EE6-B4EC-F4BA2D27DCF4} <, > [McFreeScan Class] {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} <C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll, (Signed) McAfee, Inc.> [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A> [] {FB5F1910-F110-11D2-BB9E-00C04F795683} <, > [&Clean Traces] <C:\Program Files\internet\DAP\Privacy Package\dapcleanerie.htm, N/A> [&Download with &DAP] <C:\Program Files\internet\DAP\dapextie.htm, N/A> [Download &all with DAP] <C:\Program Files\internet\DAP\dapextie2.htm, N/A> ================================== Running Processes [PID: 560 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 632 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 660 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.5.0540.0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 704 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [PID: 716 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)] [PID: 872 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 940 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [PID: 1036 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.2.6001.784 (winmain_oob/wu_wsuswlc(wmbla).080718-1904)] [PID: 1112 / SERVICE RÉSEAU][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 1292 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)] [PID: 1736 / charly][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.3.0 12Mar03] [C:\WINDOWS\system32\TDispVol.dll] [N/A, ] [C:\Program Files\Microsoft Money\System\mnyside.dll] [Microsoft Corporation, 11.00.0716] [C:\Program Files\Microsoft Money\System\misstub.dll] [Microsoft Corporation, 11.00.0716] [C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 6, 0, 12] [C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\WinRAR\rarext.dll] [N/A, ] [C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll] [Malwarebytes Corporation, 1, 1, 0, 0] [C:\Program Files\compresseurs\WinAce111\win\arcext.dll] [e-merge GmbH, 2.0.0.0] [C:\Program Files\compresseurs\WinAce111\win\ace.dll] [ACE Compression Software, 2.0.1.0] [C:\PROGRA~1\internet\DAP\PRIVAC~1\DAPCTX~1.DLL] [Speedbit Ltd., 8, 5, 0, 1] [C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 8, 1227, 0] [PID: 1748 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1227, 0] [PID: 1808 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1201, 0] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\AhResJs.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [PID: 444 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [C:\WINDOWS\system32\tbtmon.dll] [Toshiba America Business Solutions, Inc., 1.14] [C:\WINDOWS\system32\tbtmon98Language.dll] [Toshiba, 1, 0, 0, 1] [C:\WINDOWS\system32\TosBtAPI.dll] [TOSHIBA CORPORATION., 2.03.3404a.0] [C:\WINDOWS\system32\TosBdAPI.dll] [TOSHIBA CORPORATION., 1, 0, 3, 0] [C:\WINDOWS\system32\TosBtHcrpAPI.dll] [N/A, ] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPDy2.DLL] [CANON INC., 1.40.2.0] [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [PID: 1960 / charly][C:\WINDOWS\system32\RAMASST.exe] [Matsushita Electric Industrial Co., Ltd., 1, 0, 8, 0] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [PID: 1972 / SYSTEM][C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe] [Apple, Inc., 1, 14, 0, 0] [PID: 1996 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe] [Apple Computer, Inc., 1,0,3,1] [PID: 1216 / SYSTEM][C:\WINDOWS\system32\DVDRAMSV.exe] [Matsushita Electric Industrial Co., Ltd., 2, 0, 5, 0] [PID: 536 / SYSTEM][C:\WINDOWS\System32\nvsvc32.exe] [NVIDIA Corporation, 6.14.01.4336] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [PID: 1008 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)] [PID: 1180 / SYSTEM][C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe] [TOSHIBA Corporation, 2, 1, 1, 11] [C:\WINDOWS\system32\THCI.dll] [Toshiba, 1.0.0.0] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [PID: 1700 / SYSTEM][C:\Program Files\Canon\CAL\CALMAIN.exe] [Canon Inc., 8, 1, 0, 14] [PID: 1844 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1201, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 8, 1201, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 8, 1201, 0] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [PID: 2028 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 8, 1229, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1201, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 8, 1227, 0] [PID: 2384 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)] [PID: 2484 / charly][C:\WINDOWS\System32\00THotkey.exe] [TOSHIBA Corp., 1, 0, 0, 20] [C:\WINDOWS\System32\Tdevdsp.dll] [N/A, ] [C:\WINDOWS\system32\TSCI.DLL] [Toshiba, 1.0.0.0] [C:\WINDOWS\system32\THCI.DLL] [Toshiba, 1.0.0.0] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\WINDOWS\System32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2516 / charly][C:\Program Files\wifi\WG511v210\Utility\WG511WLU.exe] [, 2, 9, 3, 1] [C:\WINDOWS\system32\AW32N50.dll] [AMBIT Microsystems Corporation., 5.00.13.50] [C:\Program Files\wifi\WG511v210\Utility\UIResource.dll] [, 2, 4, 1, 1] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\WINDOWS\system32\TDispVol.dll] [N/A, ] [PID: 2528 / charly][C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE] [TOSHIBA Corporation, 2, 1, 1, 11] [C:\WINDOWS\system32\THCI.dll] [Toshiba, 1.0.0.0] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [PID: 2556 / charly][C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe] [Synaptics, Inc, 2.1.4 21Apr03] [PID: 3316 / charly][C:\Program Files\DNA\btdna.exe] [BitTorrent, Inc., 2.0.2.12223] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [PID: 3352 / charly][C:\Program Files\Startup Faster\sfAgent.exe] [URSoft,Inc, 3.0.4] [C:\Program Files\Startup Faster\rtl70.bpl] [Borland Software Corporation, 7.0.8.1] [C:\Program Files\Startup Faster\vcl70.bpl] [Borland Software Corporation, 7.0.8.1] [C:\Program Files\Startup Faster\vclx70.bpl] [Borland Software Corporation, 7.0.4.453] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [PID: 3512 / charly][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 8, 1227, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 8, 1201, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 8, 1201, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 8, 1227, 0] [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 8, 1227, 0] [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 8, 1227, 0] [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 8, 1227, 0] [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 8, 1227, 0] [c:\program files\alwil software\avast4\ahruijs.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [PID: 3696 / charly][C:\WINDOWS\system32\TFNF5.exe] [TOSHIBA Corp., 2, 1, 0, 0] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [PID: 3916 / charly][C:\WINDOWS\system32\TPWRTRAY.EXE] [TOSHIBA Corporation, 4. 0. 0. 0] [C:\WINDOWS\system32\TPwrReg.dll] [TOSHIBA Corporation, 6.00.9] [C:\WINDOWS\system32\Tdevdetect.dll] [TOSHIBA Corporation, 6.00.21] [C:\WINDOWS\system32\TSCI.DLL] [Toshiba, 1.0.0.0] [C:\WINDOWS\system32\THCI.DLL] [Toshiba, 1.0.0.0] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [PID: 1316 / charly][C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] [Synaptics, Inc., 7.3.0 12Mar03] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.3.0 12Mar03] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [PID: 1024 / charly][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] [Synaptics, Inc., 7.3.0 12Mar03] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\WINDOWS\system32\SynTPAPI.dll] [Synaptics, Inc., 7.3.0 12Mar03] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.3.0 12Mar03] [PID: 1272 / charly][C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe] [Adobe Systems Incorporated, 3.0.0.66984] [C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdboot.dll] [Adobe Systems Incorporated, 3.0.0.66984] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.3.0 12Mar03] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\WINDOWS\system32\TDispVol.dll] [N/A, ] [PID: 1304 / charly][C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe] [TOSHIBA CORPORATION, 2, 1, 0, 1] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.3.0 12Mar03] [PID: 2252 / charly][C:\WINDOWS\system32\TDispVol.exe] [TOSHIBA Corporation, 1, 0, 0, 0] [C:\WINDOWS\system32\TCtrlCommon.dll] [TOSHIBA Corporation, 2.05.00] [C:\WINDOWS\system32\TDispVol.dll] [N/A, ] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.3.0 12Mar03] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2260 / charly][C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe] [Microsoft® Corporation, 7.00.0617.0] [C:\WINDOWS\system32\MSVCR70.dll] [Microsoft Corporation, 7.00.9466.0] [PID: 2572 / charly][C:\Program Files\TOSHIBA\TouchED\TouchED.Exe] [TOSHIBA Corporation, 2, 5, 0, 0] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.3.0 12Mar03] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [PID: 2740 / charly][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.3.0 12Mar03] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [PID: 2964 / charly][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)] [C:\WINDOWS\system32\IEFRAME.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.3.0 12Mar03] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\WINDOWS\system32\TDispVol.dll] [N/A, ] [C:\WINDOWS\system32\IEUI.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)] [C:\WINDOWS\system32\xmllite.dll] [Microsoft Corporation, 1.00.1018.0] [C:\Program Files\Microsoft Office\Office10\msohev.dll] [Microsoft Corporation, 10.0.2609] [C:\Program Files\Internet Explorer\ieproxy.dll] [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\Program Files\Microsoft Money\System\mnyside.dll] [Microsoft Corporation, 11.00.0716] [C:\Program Files\Microsoft Money\System\misstub.dll] [Microsoft Corporation, 11.00.0716] [D:\Dragon_Naturally_speaking_Preferred_XP_FR\Program\DMFC6.DLL] [Dragon Systems, Inc., 0.00.000.012] [C:\WINDOWS\Speech\Dragon\dnstk10.dll] [Dragon Systems, Inc., 5.00.400.067] [C:\PROGRA~1\SPYBOT~1\SDHelper.dll] [Safer Networking Limited, 1, 6, 0, 12] [c:\program files\google\googletoolbar2.dll] [Google Inc., 4, 0, 1601, 4978] [C:\PROGRA~1\internet\DAP\DAPIE.DLL] [Speedbit Ltd., 8, 6, 7, 0] [C:\PROGRA~1\internet\DAP\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0] [C:\Program Files\internet\DAP\DAPIEEngine.dll] [Speedbit Ltd., 8, 6, 7, 0] [C:\Program Files\internet\DAP\DAPIEMonitor.dll] [Speedbit Ltd., 8, 6, 7, 0] [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [C:\WINDOWS\system32\ieapfltr.dll] [Microsoft Corporation, 7.0.6000.16461] [C:\WINDOWS\system32\msfeeds.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)] [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINDOWS\system32\mscoree.dll] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorie.dll] [Microsoft Corporation, 1.1.4322.2407] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorld.dll] [Microsoft Corporation, 1.1.4322.2407] [PID: 3924 / charly][C:\Program Files\internet\DAP\DAP.EXE] [Speedbit Ltd., 8, 7, 0, 5] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)] [C:\Program Files\internet\DAP\zlib.dll] [, 1.1.4.0] [C:\Program Files\internet\DAP\dbghelp.dll] [Microsoft Corporation, 6.2.0013.1 (DbgBuild.030619-2209)] [C:\Program Files\internet\DAP\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.3.0 12Mar03] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\Program Files\internet\DAP\dapres32.dll] [SpeedBit Ltd., 8, 7, 0, 0] [C:\Program Files\internet\DAP\MCMgr.dll] [SpeedBit Ltd., 8, 6, 7, 0] [C:\WINDOWS\system32\TDispVol.dll] [N/A, ] [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)] [C:\Program Files\internet\DAP\DAPIEEngine.dll] [Speedbit Ltd., 8, 6, 7, 0] [C:\Program Files\internet\DAP\DAPIEMonitor.dll] [Speedbit Ltd., 8, 6, 7, 0] [C:\Program Files\internet\DAP\dapm_Context_search.dll] [Speedbit Ltd., 8, 6, 7, 0] [C:\Program Files\internet\DAP\dapm_ftp.dll] [Speedbit Ltd., 8, 6, 7, 0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0] [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Macromedia, Inc., 8.5.1r102] [PID: 3188 / charly][C:\Program Files\internet\GrabIt\GrabIt.exe] [, 1.7.1.960] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.3.0 12Mar03] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\WINDOWS\system32\TDispVol.dll] [N/A, ] [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [PID: 3280 / charly][C:\Documents and Settings\charly\Bureau\SREngLdr.EXE] [Smallfrogs Studio, 2.6.12.1018] [PID: 2736 / charly][C:\Documents and Settings\charly\Bureau\SRE47a7c8ab.EXE] [Smallfrogs Studio, 2.6.12.1018] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)] [C:\WINDOWS\system32\SynTPFcs.dll] [Synaptics, Inc., 7.3.0 12Mar03] [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll] [ALWIL Software, 4, 8, 1227, 0] [C:\WINDOWS\system32\TDispVol.dll] [N/A, ] [C:\Documents and Settings\charly\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] [C:\Program Files\Bonjour\mdnsNSP.dll] [Apple Computer, Inc., 1,0,3,1] [C:\PROGRA~1\MICROS~4\Office10\MCPS.DLL] [Microsoft Corporation, 10.0.6313] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf N/A ================================== HOSTS File 127.0.0.1 localhost ================================== Process Privileges Scan Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1960, C:\WINDOWS\SYSTEM32\RAMASST.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1972, C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2484, C:\WINDOWS\SYSTEM32\00THOTKEY.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2516, C:\PROGRAM FILES\WIFI\WG511V210\UTILITY\WG511WLU.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2528, C:\PROGRAM FILES\TOSHIBA\TME3\TMESBS32.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2556, C:\PROGRAM FILES\SYNAPTICS\SYNTP\CPAD\ALARMWATCHER.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3696, C:\WINDOWS\SYSTEM32\TFNF5.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3916, C:\WINDOWS\SYSTEM32\TPWRTRAY.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1272, C:\PROGRAM FILES\ADOBE\ADOBE PHOTOSHOP LIGHTROOM 1.1\APDPROXY.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1304, C:\PROGRAM FILES\TOSHIBA\WIRELESS HOTKEY\TOSHKCW.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2252, C:\WINDOWS\SYSTEM32\TDISPVOL.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2260, C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\WORKS SHARED\WKUFIND.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2572, C:\PROGRAM FILES\TOSHIBA\TOUCHED\TOUCHED.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3188, C:\PROGRAM FILES\INTERNET\GRABIT\GRABIT.EXE] Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3280, C:\DOCUMENTS AND SETTINGS\CHARLY\BUREAU\SRENGLDR.EXE] ================================== API HOOK N/A ================================== Hidden Process N/A ================================== -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
bon j'ai viré ad aware pour mwb, keseko d'avast, tu me proposes un autre programme ? en freeware si possible j'avais dejà CCleaner et spybot un autres truc à mettre en route ? merci de tes conseils -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
voili, voilà le rapport demandé : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:32:27, on 20/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\System32\00THotkey.exe C:\Program Files\wifi\WG511v210\Utility\WG511WLU.exe C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Startup Faster\sfAgent.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\TFNF5.exe C:\WINDOWS\system32\TPWRTRAY.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\WINDOWS\system32\TDispVol.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\scan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - D:\Dragon_Naturally_speaking_Preferred_XP_FR\Program\web_ie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [startupFaster] "C:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: StartupFaster O4 - Global Startup: StartupFaster O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab O16 - DPF: Yahoo! Pyramids - http://download2.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199619111384 O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photostation.fr/aurigma/ImageUploader4.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...383/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{02F7DEAF-AEFB-4EF2-9C17-16F592ABB12B}: NameServer = 217.19.48.80 O17 - HKLM\System\CS1\Services\Tcpip\..\{02F7DEAF-AEFB-4EF2-9C17-16F592ABB12B}: NameServer = 217.19.48.80 O20 - AppInit_DLLs: hqnlyu.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - D:\IPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- End of file - 8714 bytes -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
c'est que ça m'a l'air pas mal tout ça !! -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
la fin du scan : Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1179 Windows 5.1.2600 Service Pack 3 20/09/2008 00:35:30 mbam-log-2008-09-20 (00-35-30).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 118718 Temps écoulé: 1 hour(s), 1 minute(s), 14 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté) -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
tu penses que je peux lui envoyer autrement ? -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
bon, c'est en train de travailler mais impossible d'envoyer le fichier au programmeur; le seul truc c'est que je ne l'ai pas zippé mais raré (j'aime bien inventer des verbes .-) ) tu crois que c'est cela ? et puis j'ai compressé tout le dossier (environ 11 Mo), c'est ce qu'il fallait faire? pour l'analyse malware, j'ai pas fais gaffe, j'ai lancé une analyse rapide dont je t'envoie le rapport (car il a trouvé qlq chose) , l'analyse complete est en cours. Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1179 Windows 5.1.2600 Service Pack 3 19/09/2008 23:33:13 mbam-log-2008-09-19 (23-33-13).txt Type de recherche: Examen rapide Eléments examinés: 48908 Temps écoulé: 4 minute(s), 0 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Documents and Settings\charly\Bureau\OAD.exe (Adware.Agent) -> Quarantined and deleted successfully. comme tu dis si bien : @ suivre encore une fois merci de ton aide -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
le voici : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:32:14, on 19/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\RAMASST.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\System32\00THotkey.exe C:\Program Files\wifi\WG511v210\Utility\WG511WLU.exe C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Startup Faster\sfAgent.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\TFNF5.exe C:\WINDOWS\system32\TPWRTRAY.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\WINDOWS\system32\TDispVol.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\HijackThis\scan.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: DgnWebIE - {2843DAC1-05EF-11D2-95BA-0060083493D6} - D:\Dragon_Naturally_speaking_Preferred_XP_FR\Program\web_ie.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [startupFaster] "C:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: StartupFaster O4 - Global Startup: StartupFaster O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/ O16 - DPF: Yahoo! Backgammon - http://download2.games.yahoo.com/games/clients/y/at1_x.cab O16 - DPF: Yahoo! Dominoes - http://download2.games.yahoo.com/games/clients/y/dot9_x.cab O16 - DPF: Yahoo! Pyramids - http://download2.games.yahoo.com/games/clients/y/pyt1_x.cab O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/importer/MypixUploader.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1199619111384 O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.photostation.fr/aurigma/ImageUploader4.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...383/mcfscan.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{02F7DEAF-AEFB-4EF2-9C17-16F592ABB12B}: NameServer = 217.19.48.80 O17 - HKLM\System\CS1\Services\Tcpip\..\{02F7DEAF-AEFB-4EF2-9C17-16F592ABB12B}: NameServer = 217.19.48.80 O20 - AppInit_DLLs: hqnlyu.dll O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - D:\IPod\bin\iPodService.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Tmesbs32 (Tmesbs) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- End of file - 8849 bytes -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
voici la reponse en sachant que j'ai eu un message d'erreur : Erreur TouchED / l'extractio de "THotkey" a echoué Code erreur - 0x00031402, 0x000000002 c'est grave doc ? ComboFix 08-09-15.02 - charly 2008-09-18 21:02:36.2 - FAT32x86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.285 [GMT 2:00] Lancé depuis: C:\Documents and Settings\charly\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\charly\Bureau\CFScript.txt * Un nouveau point de restauration a été créé AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !! . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\005576_.tmp . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WINIK -------\Service_WinIK ((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-18 au 2008-09-18 )))))))))))))))))))))))))))))))))))) . 2008-09-18 20:55 . 2008-09-18 20:55 <REP> d-------- C:\WINDOWS\LastGood.Tmp 2008-09-15 22:23 . 2008-09-15 22:23 <REP> d-------- C:\Program Files\Trend Micro 2008-09-15 21:49 . 2008-09-15 21:49 <REP> d-------- C:\Documents and Settings\charly\Application Data\Malwarebytes 2008-09-15 21:48 . 2008-09-15 21:48 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-15 21:48 . 2008-09-15 21:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-15 21:48 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-15 21:48 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-14 21:43 . 2008-09-14 21:43 <REP> d-------- C:\WINDOWS\avxoscan 2008-09-14 21:17 . 2008-09-14 21:17 <REP> d-------- C:\WINDOWS\McAfee.com 2008-09-14 20:33 . 2008-09-14 20:33 <REP> d-------- C:\fsaua.data 2008-09-14 12:38 . 2008-09-14 12:38 <REP> d--hs---- C:\FOUND.014 2008-09-13 15:55 . 2008-09-13 15:55 <REP> d-------- C:\Program Files\Neat Image 2008-09-05 22:46 . 2008-09-05 22:46 <REP> d-------- C:\Program Files\MagicDisc 2008-09-05 22:46 . 2008-07-28 17:19 116,736 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys 2008-08-23 19:04 . 2008-08-23 19:04 <REP> d-------- C:\Program Files\SpamBayes 2008-08-23 19:04 . 2008-08-23 19:04 <REP> d-------- C:\Documents and Settings\charly\Application Data\SpamBayes 2008-08-23 00:24 . 2008-08-23 00:24 <REP> d-------- C:\WINDOWS\system32\fr 2008-08-23 00:24 . 2008-08-23 00:24 <REP> d-------- C:\WINDOWS\l2schemas 2008-08-21 21:16 . 2008-04-14 04:33 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll 2008-08-21 21:16 . 2008-04-14 04:33 1,306,624 --------- C:\WINDOWS\system32\dllcache\msxml6.dll 2008-08-21 21:16 . 2008-04-14 04:33 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll 2008-08-21 21:16 . 2008-04-14 04:33 651,264 --------- C:\WINDOWS\system32\dot3ui.dll 2008-08-21 21:16 . 2008-04-14 04:33 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll 2008-08-21 21:14 . 2008-04-14 04:33 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll 2008-08-21 21:14 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdpash.dll 2008-08-21 21:14 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll 2008-08-21 21:14 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll 2008-08-21 21:14 . 2008-04-14 04:31 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll 2008-08-21 21:13 . 2008-04-14 04:10 2,524 --------- C:\WINDOWS\system32\pid.inf . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-16 21:26 73,112 ----a-w C:\Documents and Settings\charly\Application Data\GDIPFONTCACHEV1.DAT 2008-08-22 22:42 2,396 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP 2008-08-17 19:02 --------- d-----w C:\Documents and Settings\charly\Application Data\URSoft 2008-08-17 19:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-17 19:01 --------- d-----w C:\Program Files\Startup Faster 2008-07-29 00:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-29 00:01 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard 2008-07-20 08:51 --------- d-----w C:\Documents and Settings\charly\Application Data\SPAMfighter 2008-07-19 20:54 --------- d-----w C:\Program Files\Bonjour 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-09 03:05 129,520 ------w C:\WINDOWS\system32\pxafs.dll 2008-07-09 03:05 120,568 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-07-09 03:05 118,256 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-07 20:28 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll 2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-24 16:44 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll 2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll 2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll 2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe 2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe 2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll 2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 17:47 247,808 ------w C:\WINDOWS\system32\dllcache\mswsock.dll 2008-06-20 17:47 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys 2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys 2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys 1998-04-27 22:00 570,128 ----a-w C:\Program Files\dao350.dll . ((((((((((((((((((((((((((((( snapshot@2008-09-16_23.08.54.20 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE + 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll + 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll + 2008-09-18 19:07:54 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_62c.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartupFaster"="C:\Program Files\Startup Faster\startuploader.exe" [2008-03-22 1393888] "Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [2007-06-26 61440] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 385024] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=hqnlyu.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "MSACM.CEGSM"= mobilev.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\RealVNC\\WinVNC\\winvnc.exe"= "D:\\internet\\emule\\emule.exe"= "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "C:\\Program Files\\adslTV\\adslTV.exe"= "C:\\Program Files\\adslTV\\vlc.exe"= "C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"= "D:\\PSP\\UMD_DAX_DUMPER_v0.2_BETA_FR_By_Guilouz\\PC\\nethostfs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\TFPTools3_0\\TFPTools.exe"= "C:\\Program Files\\HomePlayer1.5.1.2\\HomePlayer.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "D:\\IPod\\iTunes\\iTunes.exe"= "C:\\WINDOWS\\System32\\ftp.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\internet\\BitTorrent\\bittorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4662:TCP"= 4662:TCP:emule : TCP entrant "4672:UDP"= 4672:UDP:UDP R0 TVALDX;Toshiba ACPI-Based Value Added Logical Device Extension Driver;C:\WINDOWS\system32\DRIVERS\TVALDX.SYS [2001-08-17 6082] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys [2003-02-19 6144] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 Tmesbs;Tmesbs32;C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe [2002-08-09 57344] R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\system32\AWINDIS5.SYS [2002-04-11 16194] R3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [2003-03-30 102624] R3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [2003-03-28 8640] S1 SpyEmrg;Spy Emergency Driver;C:\WINDOWS\system32\Drivers\spyemrg.sys [ ] S3 camvid20;Philips ToUcam Camera; Video;C:\WINDOWS\system32\DRIVERS\camdrv21.sys [ ] S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344] S3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\WG511ICB.sys [2003-12-05 379488] S3 Spyder2;ColorVision Spyder2;C:\WINDOWS\system32\DRIVERS\Spyder2.sys [2007-01-17 12288] S3 TIAcxubt;D-Link WLAN USB Boot Device;C:\WINDOWS\system32\Drivers\tiacxubt.sys [2003-03-18 17536] S3 TIACXUSB;D-Link AirPlus DWL-120+ Wireless USB Adapter;C:\WINDOWS\system32\Drivers\tiacxusb.sys [2003-06-29 178048] . - - - - ORPHELINS SUPPRIMES - - - - HKLM-RunOnce-AppInit_DLLs - (no file) ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-18 21:08:24 Windows 5.1.2600 Service Pack 3 FAT NTAPI Recherche de processus cach‚s ... Recherche d'‚l‚ments en d‚marrage automatique cach‚s ... Recherche de fichiers cach‚s ... Scan termin‚ avec succŠs Fichiers cach‚s: 0 ************************************************************************** . --------------------- DLLs charg‚es dans les processus actifs --------------------- PROCESSUS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\system32\TDispVol.dll . ------------------------ Autres processus actifs ------------------------ . C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE C:\WINDOWS\SYSTEM32\DVDRAMSV.EXE C:\WINDOWS\SYSTEM32\NVSVC32.EXE C:\Program Files\Canon\CAL\CALMAIN.exe C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE C:\WINDOWS\SYSTEM32\TDISPVOL.EXE C:\PROGRAM FILES\STARTUP FASTER\SFAGENT.EXE C:\PROGRAM FILES\WIFI\WG511V210\UTILITY\WG511WLU.EXE C:\PROGRAM FILES\TOSHIBA\TOUCHED\TOUCHED.EXE C:\WINDOWS\SYSTEM32\TPWRTRAY.EXE C:\WINDOWS\system32\TFNF5.exe C:\WINDOWS\system32\RAMASST.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\ColorVision\Utility\ColorVisionStartup.exe C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\00THotkey.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\MagicDisc\MagicDisc.exe . ************************************************************************** . Heure de fin: 2008-09-18 21:12:11 - La machine a red‚marr‚ ComboFix-quarantined-files.txt 2008-09-18 19:12:02 ComboFix2.txt 2008-09-16 21:09:36 Avant-CF: 3,947,053,056 octets libres AprŠs-CF: 3,893,444,608 octets libres 211 --- E O F --- 2008-09-10 19:19:29 -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
ça a pas marché pour le message d'erreur svphawon.dll ... je ne crois pas m'etre planté dans ta manip' et il m'a bien demandé si je voulais changer le registre mais même message quand je rallume ... désolé. questions annexes (je sais bien qu'en général les informaticiens n'aiment pas regler 2 problemes à lafois mais je tente ma chance ) - comment je fais pour que certains programmes ne se lancent pas automatiquement lors du démarrage de windows (genre quicktime, le telechargeur de photo Adobe,...) - dans le 1e rapport que j'ai posté, il y avait un paquet de ligne sur DAP; ce logiciel pose un probleme, je dois le virer ? merci, @ + -
[resolu]attaque en force dans le windows/system 32
doc charly a répondu à un(e) sujet de doc charly dans Analyses et éradication malwares
hello: j'ai essayé d'installer la console de recuperation mais je tombe sur ce message, que je partes du CD ou du disque dur (bizarre non du disque dur ??) Le programme d'installation ne peut pas poursuivre car la version de Windows installée sur votre ordinateur est plus récente que la version qui se trouve sur le CD-ROM. Avertissement : Si vous décidez de supprimer la version la plus récente de Windows qui est actuellement installée sur votre ordinateur, les fichiers et les paramètres ne pourront pas être récupérés. j'essaie le reste et te reviens le + vite merci (et peut etre bonne nuit si tu recuperes !)