Aller au contenu

benramon

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    23

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    français - anglais -neerlandais

benramon's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. benramon
    merci pour ton aide (et a Apollo pour le début ! ) merci pour tous ces conseils je vais mettre a jour la sécurité de mon ordi comme tu vien de me le conseiller, je pense que ca devrait aller J'ai édité mon post en RESOLU encore merci et bonne continuation !
  2. benramon
    trouvé la solution ! il s'agissait tout betement d'un raccourci clavier que j'avais enclenché sans faire exprès !! pour le touchpad c'est donc reglé ! les virus apparemment c'est désinfecté ! un grand merci ! quelques conseils sécurité dont tu me parlais ?
  3. benramon
    salut voila j'ai exécuté ToolsScanner sinon pour la souris, voila l'icone que je vois sur mon écran, je t'ai mis un screenshot...
  4. benramon
    pour la souris non il n'y a aucune croix ni point d'exclamation. par contre dans la barre des menus apparait un touchpad barré. voici le log du scan ESET C:\Users\Administrateur\Desktop\SECURITE ADMIN\ToolBarSD.exe probably a variant of Win32/IRCBot trojan C:\_OTM\MovedFiles\12282009_005402\C_Users\Benji\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2}\Setup.exe multiple threats
  5. benramon
    heu oui finalement j'ai accessoirement un problème en plus avec l'ordi... mon touchpad ne marche plus, ce qui fait que je n'ai plus de souris... je suis obligé de brancher une souris USB est-ce que ca peut avoir un lien avec les manipulations qu'on a faites ?? merci d'avance
  6. benramon
    voila ce qui etait dans le log, ca me parait un peu peu ... ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK est-ce normal que le log n'affiche que ca ?? apparamment il avai trouvé 2 menaces... il faut que je le refasse ?
  7. benramon
    voil
  8. benramon
    bonjour, - le pc se porte bien, mais j'ai tjs lorsque je vais sur firefox, cette page d'accueil Byteseeker.com ... - pour le scan Kaspersky, j'ai lancé le scan et laissé tourné pendant 6 heures, il est arrivé a 30%, mais je ne peux pas le laisser tourner indefiniment ! ya til pas moyen de poursuivre un scan la ou il a été terminé ? merci
  9. benramon
    Rapport OTM ========== FILES ========== c:\programdata\HDBR31 folder moved successfully. OTM by OldTimer - Version 3.1.9.0 log created on 02242010_220551 Rapport MALWARE Malwarebytes' Anti-Malware 1.42 Database version: 3424 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18882 24/02/2010 22:16:06 mbam-log-2010-02-24 (22-16-06).txt Scan type: Quick Scan Objects scanned: 110522 Time elapsed: 8 minute(s), 9 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 8 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Explorer\Bars\{b72681c0-a222-4b21-a0e2-53a5a5ca3d411} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{42c7c39f-3128-4a17-bdb7-91c46032b5b9} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b72681c0-a222-4b21-a0e2-53a5a5ca3d41} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cac89ff9-34a9-4431-8cfe-292a47f843bc} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eb4a577d-bcad-4b1c-8af2-9a74b8dd3431} (Adware.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d45817b8-3ead-4d1d-8fca-ec63a8e35de2} (Adware.DoubleD) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\{D45817B8-3EAD-4d1d-8FCA-EC63A8E35DE2} (Adware.DoubleD) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  10. benramon
    Non je ne connais pas le HDR31... pourquoi je devrais ? All processes killed ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found. Registry key HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b922d405-6d13-4a2b-ae89-08a030da4402}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\\Windows Printing Driver not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{608e2d59-156e-11df-9b9a-001f16071cdc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{608e2d59-156e-11df-9b9a-001f16071cdc}\ not found. Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc8cc062-1967-11de-9fa2-001f16071cdc}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc8cc062-1967-11de-9fa2-001f16071cdc}\ not found. ========== FILES ========== File/Folder C:\Windows\tasks\Ad-Aware Update (Daily 1).job not found. File/Folder C:\Windows\tasks\Ad-Aware Update (Daily 2).job not found. File/Folder C:\Windows\tasks\Ad-Aware Update (Daily 3).job not found. File/Folder C:\Windows\tasks\Ad-Aware Update (Daily 4).job not found. File/Folder C:\Windows\tasks\Ad-Aware Update (Weekly).job not found. C:\Program Files\pdfforge Toolbar\Res folder moved successfully. C:\Program Files\pdfforge Toolbar folder moved successfully. C:\users\Benji\AppData\Roaming\uTorrent folder moved successfully. C:\programdata\eMule folder moved successfully. C:\windows\system32\perfh00C.dat moved successfully. C:\windows\system32\perfc00C.dat moved successfully. File/Folder C:\Windows\System32\doskeys.exe not found. C:\Users\Benji\AppData\Roaming\Wuala folder moved successfully. C:\Users\Benji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk moved successfully. File/Folder C:\Program Files\eMule not found. C:\Program Files\uTorrent folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrateur ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 3263017 bytes ->Google Chrome cache emptied: 12705635 bytes User: All Users User: Benji ->Temp folder emptied: 131880 bytes ->Temporary Internet Files folder emptied: 3270737 bytes ->Java cache emptied: 26337965 bytes ->FireFox cache emptied: 89966230 bytes ->Google Chrome cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 129,00 mb OTM by OldTimer - Version 3.1.9.0 log created on 02222010_234606 Files moved on Reboot... Registry entries deleted on Reboot... --------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Logfile of random's system information tool 1.06 (written by random/random) Run by Benji at 2010-02-22 23:58:50 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 System drive C: has 14 GB (14%) free of 96 GB Total RAM: 2269 MB (60% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:59:17, on 22/02/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\notepad.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\WisKeyState.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\UsbBoost\TurboHddUsb.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wuauclt.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Benji\Desktop\RSIT.exe C:\Program Files\HijackThis\Benji.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [WisKeyState] "C:\Program Files\Launch Manager\WisKeyState.exe" O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [usbBoost] C:\Program Files\UsbBoost\TurboHddUsb.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service Google Update (gupdate1c9bf93b7a18579) (gupdate1c9bf93b7a18579) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: lxbl_device - - C:\Windows\system32\lxblcoms.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE (file missing) O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe -- End of file - 7865 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-17 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-03-24 95536] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-01 6025216] "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-08-17 102400] "HotkeyApp"=C:\Program Files\Launch Manager\HotkeyApp.exe [2008-03-26 188416] "WisKeyState"=C:\Program Files\Launch Manager\WisKeyState.exe [2008-03-07 208896] "LMgrVolOSD"=C:\Program Files\Launch Manager\OSD.exe [2008-03-03 258048] "LMgrOSD"=C:\Program Files\Launch Manager\OSDCtrl.exe [2007-12-25 241664] "NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232] "BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-11-16 782336] "BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-02-23 69632] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "UsbBoost"=C:\Program Files\UsbBoost\TurboHddUsb.exe [2010-02-10 3788800] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2010-02-22 15:55:45 ----A---- C:\ComboFix.txt 2010-02-22 15:45:03 ----D---- C:\$RECYCLE.BIN 2010-02-22 15:24:14 ----A---- C:\Windows\zip.exe 2010-02-22 15:24:14 ----A---- C:\Windows\SWSC.exe 2010-02-22 15:24:14 ----A---- C:\Windows\SWREG.exe 2010-02-22 15:24:14 ----A---- C:\Windows\sed.exe 2010-02-22 15:24:14 ----A---- C:\Windows\PEV.exe 2010-02-22 15:24:14 ----A---- C:\Windows\NIRCMD.exe 2010-02-22 15:24:14 ----A---- C:\Windows\MBR.exe 2010-02-22 15:24:14 ----A---- C:\Windows\grep.exe 2010-02-22 15:22:18 ----A---- C:\Windows\SWXCACLS.exe 2010-02-19 00:18:13 ----D---- C:\rsit 2010-02-10 23:24:22 ----D---- C:\ProgramData\FNET 2010-02-10 23:24:18 ----D---- C:\Program Files\UsbBoost 2010-02-10 23:15:50 ----A---- C:\Windows\system32\quartz.dll 2010-02-10 23:15:50 ----A---- C:\Windows\system32\msvidc32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\tsbyuv.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\msyuv.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\msvfw32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\msrle32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\mciavi32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\iyuv_32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\avifil32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\avicap32.dll 2010-02-10 23:15:41 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-02-10 23:15:41 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-02-09 12:32:27 ----D---- C:\Windows\ERDNT 2010-02-09 11:33:58 ----D---- C:\Qoobox ======List of files/folders modified in the last 1 months====== 2010-02-22 23:58:51 ----D---- C:\Program Files\HijackThis 2010-02-22 23:58:45 ----D---- C:\Windows\Temp 2010-02-22 23:50:44 ----D---- C:\Windows\System32 2010-02-22 23:50:43 ----D---- C:\Windows\Tasks 2010-02-22 23:46:13 ----RD---- C:\Program Files 2010-02-22 23:46:13 ----D---- C:\ProgramData 2010-02-22 23:39:50 ----D---- C:\Users\Benji\AppData\Roaming\Adobe 2010-02-22 21:05:58 ----D---- C:\ProgramData\Google Updater 2010-02-22 15:55:48 ----D---- C:\Windows\system32\drivers 2010-02-22 15:45:41 ----D---- C:\Windows 2010-02-22 15:45:41 ----A---- C:\Windows\system.ini 2010-02-22 15:43:32 ----D---- C:\Windows\system32\catroot2 2010-02-22 15:32:33 ----D---- C:\Windows\AppPatch 2010-02-22 15:32:30 ----D---- C:\Program Files\Common Files 2010-02-22 14:49:52 ----D---- C:\Windows\Minidump 2010-02-21 23:59:34 ----D---- C:\Windows\system32\Tasks 2010-02-21 23:58:43 ----D---- C:\Program Files\Mozilla Firefox 2010-02-21 23:49:28 ----SD---- C:\ProgramData\Microsoft 2010-02-21 21:24:12 ----D---- C:\Windows\inf 2010-02-21 21:24:12 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-02-13 17:23:35 ----SHD---- C:\System Volume Information 2010-02-11 21:55:19 ----D---- C:\Windows\winsxs 2010-02-11 21:52:08 ----SHD---- C:\Windows\Installer 2010-02-11 21:51:57 ----D---- C:\ProgramData\Microsoft Help 2010-02-11 21:50:45 ----D---- C:\Windows\system32\catroot 2010-02-10 12:30:29 ----D---- C:\Windows\Prefetch 2010-02-02 19:03:59 ----D---- C:\Users\Benji\AppData\Roaming\FileZilla 2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe 2010-01-31 21:53:55 ----D---- C:\Windows\system32\migration 2010-01-31 21:53:53 ----D---- C:\Program Files\Internet Explorer 2010-01-31 17:26:06 ----D---- C:\Program Files\FileZilla FTP Client ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-08-21 137224] R1 FNETURPX;FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [2010-02-10 7936] R1 Hotkey;Hotkey; C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 9867] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-03-18 903680] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-04-22 3551232] R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2008-09-18 111112] R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-12-10 242184] R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2009-01-12 8832] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-01 2113624] R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-08-17 190512] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] S3 61883;Pilote d'unité 61883; C:\Windows\system32\DRIVERS\61883.sys [2008-01-21 45696] S3 Avc;Périphérique AVC; C:\Windows\system32\DRIVERS\avc.sys [2008-01-21 40448] S3 AVCSTRM;Pilote de filtre de flux AVC; C:\Windows\system32\DRIVERS\avcstrm.sys [2008-01-21 14208] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 FNETTBOH;FNETTBOH; C:\Windows\System32\drivers\FNETTBOH.SYS [2010-02-10 23680] S3 MAYA44;usb-audio.de driver for Maya44; C:\Windows\System32\Drivers\Maya44.sys [2007-06-29 337920] S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-21 52608] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTAPE;Périphérique Microsoft d’unité secondaire de bande AV/C; C:\Windows\system32\DRIVERS\mstape.sys [2008-01-21 50048] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 pgusbmme;usb-audio.de MME-Adapter; C:\Windows\system32\drivers\pgusbmm3.sys [2007-06-29 31744] S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2008-09-02 13056] S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [2009-04-14 39808] S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-09-29 308248] S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-05-19 721904] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-04-22 671744] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-10-08 413696] R2 lxbl_device;lxbl_device; C:\Windows\system32\lxblcoms.exe [2007-04-20 537520] R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288] R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2008-02-29 307200] R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-11-16 1638240] R3 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2008-01-15 118784] S2 gupdate1c9bf93b7a18579;Service Google Update (gupdate1c9bf93b7a18579); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-17 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-17 183280] S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-01 655624] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-23 382248] S3 Norman NJeeves;Norman NJeeves; C:\Program Files\Norman\Npm\bin\NJEEVES.EXE [] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-21 21504] S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872] -----------------EOF-----------------
  11. benramon
    rapport Combofix : ComboFix 10-02-21.02 - Benji 22/02/2010 15:25:35.1.2 - x86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.32.1036.18.2269.1379 [GMT 1:00] Lancé depuis: c:\users\Benji\Desktop\ComboFix.exe AV: Antivirus BitDefender *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} AV: Norman Security Suite ver. 7.00 *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1} SP: BitDefender AntiSpam *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\$recycle.bin\S-1-5-21-480425987-2913760710-3189974755-500 c:\program files\pdfforge Toolbar\SearchSettings.dll c:\windows\system32\twain_32.dll . ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-22 au 2010-02-22 )))))))))))))))))))))))))))))))))))) . 2010-02-21 18:14 . 2010-02-21 18:14 -------- d-----w- c:\users\Benji\AppData\Local\Apple Computer 2010-02-18 23:18 . 2010-02-18 23:18 -------- d-----w- C:\rsit 2010-02-10 22:32 . 2010-02-22 14:12 -------- d-----w- c:\users\Benji\AppData\Local\Wuala 2010-02-10 22:32 . 2010-02-11 22:07 -------- d-----w- c:\users\Benji\AppData\Roaming\Wuala 2010-02-10 22:24 . 2010-02-10 22:24 -------- d-----w- c:\programdata\FNET 2010-02-10 22:24 . 2010-02-10 22:24 7936 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS 2010-02-10 22:24 . 2010-02-10 22:24 23680 ----a-w- c:\windows\system32\drivers\FNETTBOH.SYS 2010-02-10 22:24 . 2010-02-10 22:24 -------- d-----w- c:\program files\UsbBoost . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-22 14:43 . 2009-04-12 13:50 81984 ----a-w- c:\windows\system32\bdod.bin 2010-02-22 14:41 . 2009-03-12 11:55 -------- d-----w- c:\program files\pdfforge Toolbar 2010-02-21 20:24 . 2008-01-21 08:40 687408 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-21 20:24 . 2008-01-21 08:40 131240 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-21 17:41 . 2009-04-17 19:34 -------- d-----w- c:\programdata\Google Updater 2010-02-11 20:51 . 2008-06-17 11:30 -------- d-----w- c:\programdata\Microsoft Help 2010-02-10 22:39 . 2010-02-10 22:32 262008 ----a-w- c:\users\Benji\AppData\Roaming\Wuala\Wuala.exe 2010-02-09 09:59 . 2009-12-21 10:33 125560 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2010-02-02 18:03 . 2009-04-14 19:41 -------- d-----w- c:\users\Benji\AppData\Roaming\FileZilla 2010-01-31 16:26 . 2009-05-31 18:17 -------- d-----w- c:\program files\FileZilla FTP Client 2010-01-15 02:09 . 2009-02-04 09:34 125560 ----a-w- c:\users\Benji\AppData\Local\GDIPFONTCACHEV1.DAT 2010-01-13 06:02 . 2009-06-19 15:43 -------- d-----w- c:\users\Benji\AppData\Roaming\uTorrent 2010-01-06 00:28 . 2010-01-06 00:28 -------- d-----w- c:\users\Benji\AppData\Roaming\Malwarebytes 2010-01-05 23:23 . 2009-02-22 13:37 -------- d-----w- c:\programdata\eMule 2010-01-02 06:38 . 2010-01-22 11:40 916480 ----a-w- c:\windows\system32\wininet.dll 2010-01-02 06:32 . 2010-01-22 11:40 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-01-02 06:32 . 2010-01-22 11:40 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-01-02 04:57 . 2010-01-22 11:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-12-28 12:35 . 2010-02-10 22:15 11776 ----a-w- c:\windows\system32\tsbyuv.dll 2009-12-28 12:35 . 2010-02-10 22:15 1314816 ----a-w- c:\windows\system32\quartz.dll 2009-12-28 12:32 . 2010-02-10 22:15 22528 ----a-w- c:\windows\system32\msyuv.dll 2009-12-28 12:32 . 2010-02-10 22:15 31744 ----a-w- c:\windows\system32\msvidc32.dll 2009-12-28 12:32 . 2010-02-10 22:15 123904 ----a-w- c:\windows\system32\msvfw32.dll 2009-12-28 12:32 . 2010-02-10 22:15 13312 ----a-w- c:\windows\system32\msrle32.dll 2009-12-28 12:31 . 2010-02-10 22:15 82944 ----a-w- c:\windows\system32\mciavi32.dll 2009-12-28 12:31 . 2010-02-10 22:15 50176 ----a-w- c:\windows\system32\iyuv_32.dll 2009-12-28 12:28 . 2010-02-10 22:15 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-12-28 12:28 . 2010-02-10 22:15 65024 ----a-w- c:\windows\system32\avicap32.dll 2009-12-25 12:42 . 2009-02-04 09:36 -------- d-----w- c:\programdata\HDBR31 2009-12-25 12:20 . 2009-12-18 00:30 -------- d-----w- c:\programdata\Lavasoft 2009-12-25 12:12 . 2008-06-17 11:17 -------- d-----w- c:\program files\Common Files\Adobe 2009-12-24 15:21 . 2009-12-24 15:21 -------- d-----w- c:\users\Administrateur\AppData\Roaming\Malwarebytes 2010-01-04 16:48 . 2009-09-17 10:37 65536 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] 2009-01-30 14:12 650752 ----a-w- c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files\pdfforge Toolbar\WidgiToolbarIE.dll" [2009-01-30 650752] [HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "RtHDVCpl"="RtHDVCpl.exe" [2008-04-01 6025216] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2008-03-26 188416] "WisKeyState"="c:\program files\Launch Manager\WisKeyState.exe" [2008-03-07 208896] "LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2008-03-03 258048] "LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2007-12-25 241664] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-11-16 782336] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "UsbBoost"="c:\program files\UsbBoost\TurboHddUsb.exe" [2010-02-10 3788800] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 533264] c:\users\Benji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Wuala.lnk - c:\users\Benji\AppData\Roaming\Wuala\Wuala.exe [2010-2-10 262008] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-6 110592] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" R1 FNETURPX;FNETURPX;c:\windows\System32\drivers\FNETURPX.SYS [10/02/2010 23:24 7936] R2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe -service --> c:\windows\system32\lxblcoms.exe -service [?] R3 bdfm;BDFM;c:\windows\System32\drivers\bdfm.sys [18/09/2008 11:09 111112] R3 JMCR;JMCR;c:\windows\System32\drivers\jmcr.sys [17/06/2008 12:13 84240] S2 gupdate1c9bf93b7a18579;Service Google Update (gupdate1c9bf93b7a18579);c:\program files\Google\Update\GoogleUpdate.exe [17/04/2009 20:35 133104] S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [20/01/2009 18:16 172032] S3 FNETTBOH;FNETTBOH;c:\windows\System32\drivers\FNETTBOH.SYS [10/02/2010 23:24 23680] S3 MAYA44;usb-audio.de driver for Maya44;c:\windows\System32\drivers\Maya44.sys [19/03/2009 22:59 337920] S3 pgusbmme;usb-audio.de MME-Adapter;c:\windows\System32\drivers\pgusbmm3.sys [12/12/2007 21:30 31744] S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [17/06/2008 12:14 118784] S4 sptd;sptd;c:\windows\System32\drivers\sptd.sys [19/05/2009 14:35 721904] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contenu du dossier 'Tâches planifiées' 2010-02-22 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-17 19:34] 2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 19:35] 2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 19:35] . . ------- Examen supplémentaire ------- . mWindow Title = uInternet Settings,ProxyOverride = *.local IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Benji\AppData\Roaming\Mozilla\Firefox\Profiles\rtsz012w.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|http://www.google.com/ig/redirectdomain?brand=FUJD&bmod=FUJD FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - c:\program files\pdfforge Toolbar\SearchSettings.dll HKLM-Run-FSCRecovery - :c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe HKLM-Run-NPCTray - c:\program files\Norman\npc\bin\npc_tray.exe HKLM-Run-QuickTime Task - :c:\program files\QuickTime\QTTask.exe HKLM-Run-FSCRecoveryCleanUp - :c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryCleanUp.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-22 15:45 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\S-1-5-21-3129462344-82161637-264651210-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð] @Class="Shell" @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-3129462344-82161637-264651210-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ð\OpenWithList] @Class="Shell" . ------------------------ Autres processus actifs ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\lxblcoms.exe c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe c:\windows\system32\conime.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Heure de fin: 2010-02-22 15:55:43 - La machine a redémarré ComboFix-quarantined-files.txt 2010-02-22 14:55 Avant-CF: 13.300.027.392 octets libres Après-CF: 14.503.927.808 octets libres - - End Of File - - F5F1E5A3007FE35914B04D2B1347B602 rapport RSIT Logfile of random's system information tool 1.06 (written by random/random) Run by Benji at 2010-02-22 16:11:55 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 System drive C: has 14 GB (14%) free of 96 GB Total RAM: 2269 MB (60% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:12:26, on 22/02/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\WisKeyState.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\mobsync.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\wuauclt.exe C:\Users\Benji\Desktop\RSIT.exe C:\Program Files\HijackThis\Benji.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [WisKeyState] "C:\Program Files\Launch Manager\WisKeyState.exe" O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [usbBoost] C:\Program Files\UsbBoost\TurboHddUsb.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'Default user') O4 - Startup: Wuala.lnk = C:\Users\Benji\AppData\Roaming\Wuala\Wuala.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service Google Update (gupdate1c9bf93b7a18579) (gupdate1c9bf93b7a18579) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: lxbl_device - - C:\Windows\system32\lxblcoms.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE (file missing) O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe -- End of file - 7968 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-17 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752] {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-03-24 95536] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-01 6025216] "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-08-17 102400] "HotkeyApp"=C:\Program Files\Launch Manager\HotkeyApp.exe [2008-03-26 188416] "WisKeyState"=C:\Program Files\Launch Manager\WisKeyState.exe [2008-03-07 208896] "LMgrVolOSD"=C:\Program Files\Launch Manager\OSD.exe [2008-03-03 258048] "LMgrOSD"=C:\Program Files\Launch Manager\OSDCtrl.exe [2007-12-25 241664] "NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232] "BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-11-16 782336] "BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-02-23 69632] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "UsbBoost"=C:\Program Files\UsbBoost\TurboHddUsb.exe [2010-02-10 3788800] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Users\Benji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Wuala.lnk - C:\Users\Benji\AppData\Roaming\Wuala\Wuala.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDrives"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 ======List of files/folders created in the last 1 months====== 2010-02-22 15:55:45 ----A---- C:\ComboFix.txt 2010-02-22 15:45:03 ----D---- C:\$RECYCLE.BIN 2010-02-22 15:24:14 ----A---- C:\Windows\zip.exe 2010-02-22 15:24:14 ----A---- C:\Windows\SWSC.exe 2010-02-22 15:24:14 ----A---- C:\Windows\SWREG.exe 2010-02-22 15:24:14 ----A---- C:\Windows\sed.exe 2010-02-22 15:24:14 ----A---- C:\Windows\PEV.exe 2010-02-22 15:24:14 ----A---- C:\Windows\NIRCMD.exe 2010-02-22 15:24:14 ----A---- C:\Windows\MBR.exe 2010-02-22 15:24:14 ----A---- C:\Windows\grep.exe 2010-02-22 15:22:18 ----A---- C:\Windows\SWXCACLS.exe 2010-02-19 00:18:13 ----D---- C:\rsit 2010-02-10 23:32:53 ----D---- C:\Users\Benji\AppData\Roaming\Wuala 2010-02-10 23:24:22 ----D---- C:\ProgramData\FNET 2010-02-10 23:24:18 ----D---- C:\Program Files\UsbBoost 2010-02-10 23:15:50 ----A---- C:\Windows\system32\quartz.dll 2010-02-10 23:15:50 ----A---- C:\Windows\system32\msvidc32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\tsbyuv.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\msyuv.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\msvfw32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\msrle32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\mciavi32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\iyuv_32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\avifil32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\avicap32.dll 2010-02-10 23:15:41 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-02-10 23:15:41 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-02-09 12:32:27 ----D---- C:\Windows\ERDNT 2010-02-09 11:33:58 ----D---- C:\Qoobox ======List of files/folders modified in the last 1 months====== 2010-02-22 16:11:56 ----D---- C:\Program Files\HijackThis 2010-02-22 16:11:47 ----D---- C:\Windows\Temp 2010-02-22 16:08:24 ----D---- C:\Windows\System32 2010-02-22 16:08:04 ----D---- C:\Windows\Tasks 2010-02-22 15:55:48 ----D---- C:\Windows\system32\drivers 2010-02-22 15:45:41 ----D---- C:\Windows 2010-02-22 15:45:41 ----A---- C:\Windows\system.ini 2010-02-22 15:43:32 ----D---- C:\Windows\system32\catroot2 2010-02-22 15:41:20 ----D---- C:\Program Files\pdfforge Toolbar 2010-02-22 15:32:33 ----D---- C:\Windows\AppPatch 2010-02-22 15:32:30 ----D---- C:\Program Files\Common Files 2010-02-22 14:49:52 ----D---- C:\Windows\Minidump 2010-02-21 23:59:34 ----D---- C:\Windows\system32\Tasks 2010-02-21 23:58:43 ----D---- C:\Program Files\Mozilla Firefox 2010-02-21 23:49:28 ----SD---- C:\ProgramData\Microsoft 2010-02-21 21:24:12 ----D---- C:\Windows\inf 2010-02-21 21:24:12 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-02-21 18:41:44 ----D---- C:\ProgramData\Google Updater 2010-02-13 17:23:35 ----SHD---- C:\System Volume Information 2010-02-11 21:55:19 ----D---- C:\Windows\winsxs 2010-02-11 21:52:08 ----SHD---- C:\Windows\Installer 2010-02-11 21:51:57 ----D---- C:\ProgramData\Microsoft Help 2010-02-11 21:50:45 ----D---- C:\Windows\system32\catroot 2010-02-10 23:24:22 ----D---- C:\ProgramData 2010-02-10 23:24:18 ----RD---- C:\Program Files 2010-02-10 12:30:29 ----D---- C:\Windows\Prefetch 2010-02-08 20:47:04 ----D---- C:\Users\Benji\AppData\Roaming\Adobe 2010-02-02 19:03:59 ----D---- C:\Users\Benji\AppData\Roaming\FileZilla 2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe 2010-01-31 21:53:55 ----D---- C:\Windows\system32\migration 2010-01-31 21:53:53 ----D---- C:\Program Files\Internet Explorer 2010-01-31 17:26:06 ----D---- C:\Program Files\FileZilla FTP Client ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-08-21 137224] R1 FNETURPX;FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [2010-02-10 7936] R1 Hotkey;Hotkey; C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 9867] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-03-18 903680] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-04-22 3551232] R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2008-09-18 111112] R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-12-10 242184] R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2009-01-12 8832] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-01 2113624] R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-08-17 190512] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] S3 61883;Pilote d'unité 61883; C:\Windows\system32\DRIVERS\61883.sys [2008-01-21 45696] S3 Avc;Périphérique AVC; C:\Windows\system32\DRIVERS\avc.sys [2008-01-21 40448] S3 AVCSTRM;Pilote de filtre de flux AVC; C:\Windows\system32\DRIVERS\avcstrm.sys [2008-01-21 14208] S3 catchme;catchme; \??\C:\ComboFix\catchme.sys [] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 FNETTBOH;FNETTBOH; C:\Windows\System32\drivers\FNETTBOH.SYS [2010-02-10 23680] S3 MAYA44;usb-audio.de driver for Maya44; C:\Windows\System32\Drivers\Maya44.sys [2007-06-29 337920] S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-21 52608] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTAPE;Périphérique Microsoft d’unité secondaire de bande AV/C; C:\Windows\system32\DRIVERS\mstape.sys [2008-01-21 50048] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 pgusbmme;usb-audio.de MME-Adapter; C:\Windows\system32\drivers\pgusbmm3.sys [2007-06-29 31744] S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2008-09-02 13056] S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [2009-04-14 39808] S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-09-29 308248] S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-05-19 721904] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-04-22 671744] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-10-08 413696] R2 lxbl_device;lxbl_device; C:\Windows\system32\lxblcoms.exe [2007-04-20 537520] R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288] R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2008-02-29 307200] R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-11-16 1638240] R3 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2008-01-15 118784] S2 gupdate1c9bf93b7a18579;Service Google Update (gupdate1c9bf93b7a18579); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-17 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-17 183280] S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-01 655624] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-23 382248] S3 Norman NJeeves;Norman NJeeves; C:\Program Files\Norman\Npm\bin\NJEEVES.EXE [] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-21 21504] S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872] -----------------EOF-----------------
  12. benramon
    j'ai mis un mois a repondre pcq j'etais parti al'etranger et puis fort occupé j'ai essayé de continuer sur le meme post mais personne ne m'a répondu voila pourquoi j'ai lancé ce nouveau post..! merci pour ton aide
  13. benramon
    bonjour, l'utilisation de Combofix m'a été conseillé par Apollo , comme stipulé dans le lien que j'ai mis. quoi qu'il en soit , voici le rapport demandé, merci d'avance Logfile of random's system information tool 1.06 (written by random/random) Run by Benji at 2010-02-19 00:18:13 Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1 System drive C: has 13 GB (14%) free of 96 GB Total RAM: 2269 MB (57% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:18:33, on 19/02/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18882) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\WisKeyState.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\UsbBoost\TurboHddUsb.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Users\Benji\AppData\Roaming\Wuala\Wuala.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wuauclt.exe C:\Windows\System32\mobsync.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Benji\Desktop\RSIT.exe C:\Program Files\HijackThis\Benji.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [startCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [WisKeyState] "C:\Program Files\Launch Manager\WisKeyState.exe" O4 - HKLM\..\Run: [LMgrVolOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [FSCRecovery] :c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe O4 - HKLM\..\Run: [NPCTray] C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe" O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe" O4 - HKLM\..\Run: [QuickTime Task] :"C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [FSCRecoveryCleanUp] :c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryCleanUp.exe O4 - HKLM\..\Run: [combofix] "C:\ComboFix\CF32452.cfxxe" /c "C:\ComboFix\C.bat" O4 - HKLM\..\Run: [usbBoost] C:\Program Files\UsbBoost\TurboHddUsb.exe O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] doskeys.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'Default user') O4 - Startup: Wuala.lnk = C:\Users\Benji\AppData\Roaming\Wuala\Wuala.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Service Google Update (gupdate1c9bf93b7a18579) (gupdate1c9bf93b7a18579) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: lxbl_device - - C:\Windows\system32\lxblcoms.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE (file missing) O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe -- End of file - 9875 bytes ======Scheduled tasks folder====== C:\Windows\tasks\Ad-Aware Update (Daily 1).job C:\Windows\tasks\Ad-Aware Update (Daily 2).job C:\Windows\tasks\Ad-Aware Update (Daily 3).job C:\Windows\tasks\Ad-Aware Update (Daily 4).job C:\Windows\tasks\Ad-Aware Update (Weekly).job C:\Windows\tasks\Google Software Updater.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-17 668656] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}] pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll [2009-01-30 650752] {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll [2009-03-24 95536] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184] "StartCCC"=c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-01 6025216] "SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2007-08-17 102400] "HotkeyApp"=C:\Program Files\Launch Manager\HotkeyApp.exe [2008-03-26 188416] "WisKeyState"=C:\Program Files\Launch Manager\WisKeyState.exe [2008-03-07 208896] "LMgrVolOSD"=C:\Program Files\Launch Manager\OSD.exe [2008-03-03 258048] "LMgrOSD"=C:\Program Files\Launch Manager\OSDCtrl.exe [2007-12-25 241664] "NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136] "FSCRecovery"=:c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe [] "NPCTray"=C:\Program Files\Norman\npc\bin\npc_tray.exe /LOAD [] "GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232] "BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-11-16 782336] "BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2009-02-23 69632] "QuickTime Task"=:C:\Program Files\QuickTime\QTTask.exe -atboottime [] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288] "FSCRecoveryCleanUp"=:c:\Program Files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryCleanUp.exe [] "combofix"=C:\ComboFix\CF32452.cfxxe /c C:\ComboFix\C.bat [] "UsbBoost"=C:\Program Files\UsbBoost\TurboHddUsb.exe [2010-02-10 3788800] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952] "msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] "Windows Printing Driver"=doskeys.exe [] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Users\Benji\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Wuala.lnk - C:\Users\Benji\AppData\Roaming\Wuala\Wuala.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{608e2d59-156e-11df-9b9a-001f16071cdc}] shell\Shell00\command - F:\Start.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{739c2672-c4ec-11de-9cac-001f16071cdc}] shell\AutoRun\command - G:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc8cc062-1967-11de-9fa2-001f16071cdc}] shell\Setup\command - setup.exe ======File associations====== .js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1" ======List of files/folders created in the last 1 months====== 2010-02-19 00:18:13 ----D---- C:\rsit 2010-02-10 23:32:53 ----D---- C:\Users\Benji\AppData\Roaming\Wuala 2010-02-10 23:24:22 ----D---- C:\ProgramData\FNET 2010-02-10 23:24:18 ----D---- C:\Program Files\UsbBoost 2010-02-10 23:15:50 ----A---- C:\Windows\system32\quartz.dll 2010-02-10 23:15:50 ----A---- C:\Windows\system32\msvidc32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\tsbyuv.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\msyuv.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\msvfw32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\msrle32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\mciavi32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\iyuv_32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\avifil32.dll 2010-02-10 23:15:49 ----A---- C:\Windows\system32\avicap32.dll 2010-02-10 23:15:41 ----A---- C:\Windows\system32\ntoskrnl.exe 2010-02-10 23:15:41 ----A---- C:\Windows\system32\ntkrnlpa.exe 2010-02-09 12:32:27 ----D---- C:\Windows\ERDNT 2010-02-09 12:28:47 ----SD---- C:\ComboFix 2010-02-09 11:33:58 ----D---- C:\Qoobox 2010-01-22 12:40:35 ----A---- C:\Windows\system32\mshtml.dll 2010-01-22 12:40:34 ----A---- C:\Windows\system32\ieframe.dll 2010-01-22 12:40:33 ----A---- C:\Windows\system32\iertutil.dll 2010-01-22 12:40:32 ----A---- C:\Windows\system32\wininet.dll 2010-01-22 12:40:32 ----A---- C:\Windows\system32\urlmon.dll 2010-01-22 12:40:32 ----A---- C:\Windows\system32\occache.dll 2010-01-22 12:40:32 ----A---- C:\Windows\system32\msfeeds.dll 2010-01-22 12:40:32 ----A---- C:\Windows\system32\iedkcs32.dll 2010-01-22 12:40:31 ----A---- C:\Windows\system32\msfeedssync.exe 2010-01-22 12:40:31 ----A---- C:\Windows\system32\msfeedsbs.dll 2010-01-22 12:40:31 ----A---- C:\Windows\system32\jsproxy.dll 2010-01-22 12:40:31 ----A---- C:\Windows\system32\ieUnatt.exe 2010-01-22 12:40:31 ----A---- C:\Windows\system32\ieui.dll 2010-01-22 12:40:31 ----A---- C:\Windows\system32\iesysprep.dll 2010-01-22 12:40:31 ----A---- C:\Windows\system32\iesetup.dll 2010-01-22 12:40:31 ----A---- C:\Windows\system32\iepeers.dll 2010-01-22 12:40:31 ----A---- C:\Windows\system32\ie4uinit.exe 2010-01-22 12:40:30 ----A---- C:\Windows\system32\iernonce.dll ======List of files/folders modified in the last 1 months====== 2010-02-19 00:18:14 ----D---- C:\Program Files\HijackThis 2010-02-19 00:17:52 ----D---- C:\Windows\Temp 2010-02-18 23:55:31 ----D---- C:\Windows\System32 2010-02-18 23:32:40 ----A---- C:\Windows\system32\PerfStringBackup.INI 2010-02-18 23:32:39 ----D---- C:\Windows\inf 2010-02-18 23:27:52 ----D---- C:\Windows\Tasks 2010-02-18 23:27:48 ----D---- C:\ProgramData\Google Updater 2010-02-13 17:23:35 ----SHD---- C:\System Volume Information 2010-02-12 01:15:51 ----D---- C:\Windows\system32\drivers 2010-02-11 21:55:19 ----D---- C:\Windows\winsxs 2010-02-11 21:52:08 ----SHD---- C:\Windows\Installer 2010-02-11 21:51:57 ----D---- C:\ProgramData\Microsoft Help 2010-02-11 21:50:45 ----D---- C:\Windows\system32\catroot 2010-02-10 23:24:22 ----HD---- C:\ProgramData 2010-02-10 23:24:18 ----RD---- C:\Program Files 2010-02-10 23:15:01 ----D---- C:\Windows\system32\catroot2 2010-02-10 12:30:29 ----D---- C:\Windows\Prefetch 2010-02-09 12:33:08 ----D---- C:\Windows 2010-02-09 11:12:42 ----D---- C:\Program Files\Mozilla Firefox 2010-02-08 20:47:04 ----D---- C:\Users\Benji\AppData\Roaming\Adobe 2010-02-02 19:03:59 ----D---- C:\Users\Benji\AppData\Roaming\FileZilla 2010-02-01 20:26:20 ----A---- C:\Windows\system32\mrt.exe 2010-01-31 21:53:55 ----D---- C:\Windows\system32\migration 2010-01-31 21:53:53 ----D---- C:\Program Files\Internet Explorer 2010-01-31 17:26:06 ----D---- C:\Program Files\FileZilla FTP Client ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys [2009-08-21 137224] R1 FNETURPX;FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [2010-02-10 7936] R1 Hotkey;Hotkey; C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 9867] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-03-18 903680] R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2008-04-22 3551232] R3 bdfm;BDFM; C:\Windows\system32\drivers\bdfm.sys [2008-09-18 111112] R3 bdfsfltr;bdfsfltr; C:\Windows\system32\DRIVERS\bdfsfltr.sys [2008-12-10 242184] R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys [2009-01-12 8832] R3 CmBatt;Pilote pour Batterie à méthode de contrôle ACPI Microsoft; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208] R3 HdAudAddService;Pilote de fonction UAA 1.1 Microsoft pour le service High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-01 2113624] R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240] R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-02-14 118784] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-08-17 190512] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264] S3 61883;Pilote d'unité 61883; C:\Windows\system32\DRIVERS\61883.sys [2008-01-21 45696] S3 Avc;Périphérique AVC; C:\Windows\system32\DRIVERS\avc.sys [2008-01-21 40448] S3 AVCSTRM;Pilote de filtre de flux AVC; C:\Windows\system32\DRIVERS\avcstrm.sys [2008-01-21 14208] S3 drmkaud;Filtre de décodeur DRM (Noyau Microsoft); C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632] S3 FNETTBOH;FNETTBOH; C:\Windows\System32\drivers\FNETTBOH.SYS [2010-02-10 23680] S3 MAYA44;usb-audio.de driver for Maya44; C:\Windows\System32\Drivers\Maya44.sys [2008-09-05 351744] S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2008-01-21 52608] S3 MSKSSRV;Proxy de service de répartition Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192] S3 MSPCLOCK;Proxy d'horloge de répartition Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888] S3 MSPQM;Proxy de gestion de qualité de répartition Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504] S3 MSTAPE;Périphérique Microsoft d’unité secondaire de bande AV/C; C:\Windows\system32\DRIVERS\mstape.sys [2008-01-21 50048] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016] S3 pgusbmme;usb-audio.de MME-Adapter; C:\Windows\system32\drivers\pgusbmm3.sys [2008-09-05 33792] S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys [2008-09-02 13056] S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys [2009-04-14 39808] S3 usbaudio;Pilote USB audio (WDM); C:\Windows\system32\drivers\usbaudio.sys [2008-01-21 73088] S3 usbscan;Pilote de scanneur USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328] S3 usbvideo;Périphérique vidéo USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-21 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328] S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656] S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys [2007-09-29 308248] S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2008-04-03 76688] S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576] S4 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-05-19 721904] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2008-04-22 671744] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-10-08 413696] R2 lxbl_device;lxbl_device; C:\Windows\system32\lxblcoms.exe [2007-04-20 537520] R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337] R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-09-20 853288] R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [2008-02-29 307200] R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-11-16 1638240] R3 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2008-01-15 118784] S2 gupdate1c9bf93b7a18579;Service Google Update (gupdate1c9bf93b7a18579); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-04-17 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-17 183280] S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2009-01-20 172032] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-01 655624] S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888] S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112] S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-10-23 382248] S3 Norman NJeeves;Norman NJeeves; C:\Program Files\Norman\Npm\bin\NJEEVES.EXE [] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 scan;BitDefender Threat Scanner; C:\Windows\System32\svchost.exe [2008-01-21 21504] S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872] -----------------EOF----------------- info.txt logfile of random's system information tool 1.06 2010-02-19 00:18:37 ======Uninstall list====== -->C:\Program Files\Nero\Nero8\\nero\uninstall\UNNERO.exe /UNINSTALL -->C:\Windows\UNNeroBackItUp.exe /UNINSTALL -->C:\Windows\UNNeroMediaHome.exe /UNINSTALL -->C:\Windows\UNNeroShowTime.exe /UNINSTALL -->C:\Windows\UNNeroVision.exe /UNINSTALL -->C:\Windows\UNRecode.exe /UNINSTALL Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95} Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61} Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394} Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23} Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E} Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C} Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191} Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E} Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1} Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F} Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A} Adobe Creative Suite 3 Web Premium-->MsiExec.exe /I{69B6B4A5-1C4D-4F16-BB11-A4EB9A439116} Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683} Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD} Adobe Dreamweaver CS3-->MsiExec.exe /I{4BDB76C6-902E-41D5-9064-68768E02886B} Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2} Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3} Adobe Flash CS3-->MsiExec.exe /I{80FD3971-8482-49C8-BA8C-B6464A15882F} Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794} Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245} Adobe Illustrator 10-->"C:\Program Files\InstallShield Installation Information\{412033BC-44CF-48D9-B813-4B835101F4D3}\setup.exe" Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078} Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77} Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353} Adobe Photoshop CS3-->MsiExec.exe /I{C1FA4B3B-1625-4922-9C9D-780E8FCE161A} Adobe Reader 9.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A92000000001} Adobe Setup-->MsiExec.exe /I{BE136F60-5D0F-4663-8B32-938A3EFD3FCB} Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183} Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230} Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8} Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5} Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE} Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6} Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923} AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4} AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD} Ajouter ou supprimer Adobe Creative Suite 3 Web Premium-->C:\Program Files\Common Files\Adobe\Installers\e7f691c6f2bf7b70c25ea19f3d73b6e\Setup.exe Apple Application Support-->MsiExec.exe /I{0C34B801-6AEC-4667-B053-03A67E2D0415} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} BitDefender Antivirus 2009-->MsiExec.exe /X{A1FA92EE-84A3-447D-A6C6-4514B5936DC2} Blender (remove only)-->"C:\Program Files\Blender\uninstall.exe" Catalyst Control Center - Branding-->MsiExec.exe /I{CA45B622-88F9-4836-A529-DBF14698498D} Creative Jukebox Driver-->C:\Program Files\Creative\Jukebox 3 Drivers\DrvUnins.exe /s DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC FileZilla Client 3.3.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe FreeMind-->"C:\Program Files\FreeMind\unins000.exe" Fujitsu Siemens Computers Recovery-->MsiExec.exe /I{F58B763E-9FB9-4629-AF3C-CC9744BC4BA7} Google Chrome-->"C:\Program Files\Google\Chrome\Application\4.0.249.89\Installer\setup.exe" --uninstall --system-level Google Gmail Notifier-->"C:\Program Files\Google\Gmail Notifier\UninstallGmail.exe" Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Earth-->MsiExec.exe /X{2EAF7E61-068E-11DF-953C-005056806466} HijackThis 2.0.2-->"C:\Program Files\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{46ABBC54-1872-4AA3-95E2-F2C063A63F31} Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} JMicron JMB38X Flash Media Controller-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{26604C7E-A313-4D12-867F-7C6E7820BE4C}\SETUP.exe" -l0x40c -removeonly K-Lite Codec Pack 5.0.5 (Basic)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Launch Manager V1.5.3-->C:\Program Files\InstallShield Installation Information\{D0846526-66DD-4DC9-A02C-98F9A2806812}\SETUP.exe -runfromtemp -l0x040c -removeonly Lexmark Z700-P700 Series-->C:\Program Files\Lexmark Z700-P700 Series\Install\x86\Uninst.exe Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Maya44 USB ASIO driver-->C:\Windows\usb-audio.deMaya44\Setup.exe /l1 Micro Application - CV et Lettres de motivation 98-->C:\Windows\IsUn040c.exe -f"C:\Program Files\Micro Application\CV et Lettres de motivation 98\Uninst.isu" Microsoft .NET Framework 3.5 SP1-->C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E} Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E} Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE} Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE} Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE} Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE} Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE} Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787} Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9} Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)-->MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ Run Time Lib Setup-->MsiExec.exe /I{AAF4238F-7C29-451D-9925-C753271A5728} Microsoft Works-->MsiExec.exe /I{0214A441-A4AB-43A8-8DEF-2F73C5364673} Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE} Mozilla Firefox (3.5.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} Nero 8 Essentials-->MsiExec.exe /X{96AFCF8B-3C53-49A2-8456-E637021B1036} neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B} NovaMindEditor-3_0_22-->"C:\Program Files\NovaMind\unins000.exe" Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9} PDFCreator-->C:\Program Files\PDFCreator\unins000.exe pdfforge Toolbar v1.0-->MsiExec.exe /X{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B} Python 2.6.1-->MsiExec.exe /I{9CC89170-000B-457D-91F1-53691F85B223} QuickTime DirectShow Filter for WMP-->"C:\Windows\QuickTime DirectShow Filter for WMP Uninstaller.exe" QuickTime-->MsiExec.exe /I{A429C2AE-EBF1-4F81-A221-1C115CAADDAD} Realtek High Definition Audio Driver-->RtlUpd.exe -r -m -nrg2709 Reason-->MsiExec.exe /X{E52BFE61-E0FF-11D6-9D69-00065BABCB42} SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe" /P="SecondLife" Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08} Security Update for 2007 Microsoft Office System (KB973704)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {E626DC89-A787-4553-9BB3-DC2EC7E1593F} Security Update for Microsoft Office Excel 2007 (KB973593)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7D6255E3-3423-4D8B-A328-F6F8D28DD5FE} Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0} Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D} Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E} Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF} Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C} Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC} Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D} Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050} Sony Media Manager 2.2-->MsiExec.exe /X{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D} Sony Vegas 7.0-->MsiExec.exe /X{251C3815-7A55-4607-A82D-C3B98F0FBAB8} SoulSeek Client 156c-->"C:\Program Files\Soulseek\uninstall.exe" SoulSeek Client 157 test 8-->"C:\Program Files\Soulseek-Test\uninstall.exe" Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe" Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall SystemDiagnostics-->MsiExec.exe /X{C87BC0B7-2BB8-49D1-8CE0-EB0410EF0938} Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Microsoft Office InfoPath 2007 (KB976416)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {432C5EE4-8096-4FF1-95E1-65219365DFF7} Update for Outlook 2007 Junk Email Filter (kb977719)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C0C92202-5215-4EFA-B0B9-B3A0DEABCDF1} UsbBoost-->C:\Program Files\UsbBoost\Uninstall.exe VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027} Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27} Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT="" VLC 0.9.8-->"C:\Program Files\VLC\unins000.exe" VLC media player 0.9.8a-->C:\Program Files\VLC\uninstall.exe Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe" Windows 7 Upgrade Advisor Beta-->MsiExec.exe /I{4394DC3A-5DAC-4C80-A86E-FF462D0AD653} Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Messenger-->MsiExec.exe /X{770F1BEC-2871-4E70-B837-FB8525FFA3B1} ======Security center information====== AV: Antivirus BitDefender AV: Norman Security Suite ver. 7.00 (disabled) AS: BitDefender AntiSpam AS: Windows Defender ======System event log====== Computer Name: ramon Event Code: 6008 Message: L'arrêt système précédant à 1:14:55 le 17/02/2010 n'était pas prévu. Record Number: 139806 Source Name: EventLog Time Written: 20100218222519.000000-000 Event Type: Erreur User: Computer Name: ramon Event Code: 10000 Message: Le module d’extensibilité WLAN n’a pas pu démarrer. Chemin d’accès du module : C:\Windows\system32\athihvs.dll Code d’erreur : 126 Record Number: 139815 Source Name: Microsoft-Windows-WLAN-AutoConfig Time Written: 20100218222522.119758-000 Event Type: Erreur User: AUTORITE NT\SYSTEM Computer Name: ramon Event Code: 15016 Message: Impossible d’initialiser le package de sécurité Kerberos pour l’authentification côté serveur. Le champ de données contient le numéro de l’erreur. Record Number: 139816 Source Name: Microsoft-Windows-HttpEvent Time Written: 20100218222522.699758-000 Event Type: Erreur User: Computer Name: ramon Event Code: 72 Message: Windows n'a pas pu initialiser l'imprimante Lexmark Z700-P700 Series,1 car le processeur d'impression Lexmark Z700-P700 Series Print Processor est introuvable. Veuillez obtenir et installer une nouvelle version du pilote fournie par le fabricant (si disponible), ou choisissez un autre pilote qui fonctionne avec ce périphérique d'impression. Record Number: 139821 Source Name: Microsoft-Windows-PrintSpooler Time Written: 20100218222543.000000-000 Event Type: Erreur User: AUTORITE NT\SYSTEM Computer Name: ramon Event Code: 23 Message: L'imprimante Lexmark Z700-P700 Series,1 n'a pas pu s'initialiser car aucun pilote Lexmark Z700-P700 Series adéquat n'a été trouvé. Les paramètres spécifiés pour la nouvelle imprimante n'ont pas pris effet. Installez ou réinstallez le pilote d'imprimante. Vous devrez peut-être contacter le fournisseur pour obtenir la mise à jour du pilote. Record Number: 139822 Source Name: Microsoft-Windows-PrintSpooler Time Written: 20100218222543.000000-000 Event Type: Erreur User: AUTORITE NT\SYSTEM =====Application event log===== Computer Name: ramon Event Code: 1530 Message: Windows a détecté que votre fichier de Registre est toujours utilisé par d'autres applications ou services. Le fichier va être déchargé. Les applications ou services qui ont accès à votre Registre risquent de ne pas fonctionner correctement après cela. DÉTAIL - 2 user registry handles leaked from \Registry\User\S-1-5-21-3129462344-82161637-264651210-1000: Process 1576 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3129462344-82161637-264651210-1000\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings Process 1576 (\Device\HarddiskVolume2\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3129462344-82161637-264651210-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings Record Number: 37493 Source Name: Microsoft-Windows-User Profiles Service Time Written: 20100215220026.000000-000 Event Type: Avertissement User: AUTORITE NT\SYSTEM Computer Name: ramon Event Code: 19011 Message: Record Number: 37504 Source Name: MSSQL$SONY_MEDIAMGR Time Written: 20100216234010.000000-000 Event Type: Avertissement User: Computer Name: ramon Event Code: 10 Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. Record Number: 37512 Source Name: Microsoft-Windows-WMI Time Written: 20100216234142.000000-000 Event Type: Erreur User: Computer Name: ramon Event Code: 19011 Message: Record Number: 37528 Source Name: MSSQL$SONY_MEDIAMGR Time Written: 20100218222525.000000-000 Event Type: Avertissement User: Computer Name: ramon Event Code: 10 Message: Le filtre d’événement avec la requête « SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99 » n’a pas pu être réactivé dans l’espace de noms « //./root/CIMV2 » à cause de l’erreur 0x80041003. Les événements ne peuvent pas être délivrés à travers ce filtre tant que le problème ne sera pas corrigé. Record Number: 37536 Source Name: Microsoft-Windows-WMI Time Written: 20100218222656.000000-000 Event Type: Erreur User: =====Security event log===== Computer Name: ramon Event Code: 4634 Message: Fermeture de session d’un compte. Sujet : ID de sécurité : S-1-5-7 Nom du compte : ANONYMOUS LOGON Domaine du compte : AUTORITE NT ID du compte : 0x3a499 Type d’ouverture de session : 3 Cet événement est généré lorsqu’une session ouverte est supprimée. Il peut être associé à un événement d’ouverture de session en utilisant la valeur ID d’ouverture de session. Les ID d’ouverture de session ne sont uniques qu’entre les redémarrages sur un même ordinateur. Record Number: 30176 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090916041943.563000-000 Event Type: Succès de l'audit User: Computer Name: ramon Event Code: 1100 Message: Le service d’enregistrement des événements a été arrêté. Record Number: 30177 Source Name: Microsoft-Windows-Eventlog Time Written: 20090916041946.137000-000 Event Type: Succès de l'audit User: Computer Name: ramon Event Code: 4608 Message: Windows démarre. Cet événement est journalisé lorsque LSASS.EXE démarre et que le sous-système d’audit est initialisé. Record Number: 30178 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090916161332.619348-000 Event Type: Succès de l'audit User: Computer Name: ramon Event Code: 4624 Message: L’ouverture de session d’un compte s’est correctement déroulée. Sujet : ID de sécurité : S-1-0-0 Nom du compte : - Domaine du compte : - ID d’ouverture de session : 0x0 Type d’ouverture de session : 0 Nouvelle ouverture de session : ID de sécurité : S-1-5-18 Nom du compte : SYSTEM Domaine du compte : AUTORITE NT ID d’ouverture de session : 0x3e7 GUID d’ouverture de session : {00000000-0000-0000-0000-000000000000} Informations sur le processus : ID du processus : 0x4 Nom du processus : Informations sur le réseau : Nom de la station de travail : - Adresse du réseau source : - Port source : - Informations détaillées sur l’authentification : Processus d’ouverture de session : - Package d’authentification : - Services en transit : - Nom du package (NTLM uniquement) : - Longueur de la clé : 0 Cet événement est généré lors de la création d’une ouverture de session. Il est généré sur l’ordinateur sur lequel l’ouverture de session a été effectuée. Le champ Objet indique le compte sur le système local qui a demandé l’ouverture de session. Il s’agit le plus souvent d’un service, comme le service Serveur, ou un processus local tel que Winlogon.exe ou Services.exe. Le champ Type d’ouverture de session indique le type d’ouverture de session qui s’est produit. Les types les plus courants sont 2 (interactif) et 3 (réseau). Le champ Nouvelle ouverture de session indique le compte pour lequel la nouvelle ouverture de session a été créée, par exemple, le compte qui s’est connecté. Les champs relatifs au réseau indiquent la provenance d’une demande d’ouverture de session à distance. Le nom de la station de travail n’étant pas toujours disponible, peut être laissé vide dans certains cas. Les champs relatifs aux informations d’authentification fournissent des détails sur cette demande d’ouverture de session spécifique. - Le GUID d’ouverture de session est un identificateur unique pouvant servir à associer cet événement à un événement KDC . - Les services en transit indiquent les services intermédiaires qui ont participé à cette demande d’ouverture de session. - Nom du package indique quel est le sous-protocole qui a été utilisé parmi les protocoles NTLM. - La longueur de la clé indique la longueur de la clé de session générée. Elle a la valeur 0 si aucune clé de session n’a été demandée. Record Number: 30179 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090916161332.619348-000 Event Type: Succès de l'audit User: Computer Name: ramon Event Code: 4902 Message: La table de stratégie d’audit par utilisateur a été créée. Nombre d’éléments : 0 ID de la stratégie : 0x11207 Record Number: 30180 Source Name: Microsoft-Windows-Security-Auditing Time Written: 20090916161332.884549-000 Event Type: Succès de l'audit User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Program Files\ATI Technologies\ATI.ACE\Core-Static;%NpmLib%;C:\Program Files\Microsoft SQL Server\80\Tools\Binn\;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=17 "PROCESSOR_IDENTIFIER"=x86 Family 17 Model 3 Stepping 1, AuthenticAMD "PROCESSOR_REVISION"=0301 "NUMBER_OF_PROCESSORS"=2 "TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat "DFSTRACINGON"=FALSE "NpmLib"=C:\Program Files\Norman\Npm\Bin "CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip -----------------EOF-----------------
  14. benramon
    bonjour, dans un ancien post (http://forum.zebulon.fr/rapport-hijack-et-otm-pub-gameztar-t172299.html&p=1453213#entry1453213) Apollo m'a conseillé d'utiliser Combofix, mais j'ai essayé plusieurs fois de lancer Combofix, mais il m'indique le message d'erreur suivant : "!!Warning !! CD-emulation drivers are running on this machine.Combofix needs to temporarily disable them" je clique ensuite sur ok, mais il redémarre mon ordinateur sans effectuer de scan... une petite idée de ce qui cloche ? merci d'avance
  15. benramon
    bonjour, j'ai essayé plusieurs fois de lancer Combofix, mais il m'indique le message d'erreur suivant : "!!Warning !! CD-emulation drivers are running on this machine.Combofix needs to temporarily disable them" je clique ensuite sur ok, mais il redémarre mon ordinateur sans effectuer de scan...
×
×
  • Créer...