Aller au contenu

alex.35

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    10

  • Inscription

  • Dernière visite

alex.35's Achievements

Junior Member

Junior Member (3/12)

0

Réputation sur la communauté

  1. alex.35
    Non, plus de soucis a priori. Plus de fenêtres qui arrivent de partout en tout cas! Merci pour tout monsieur! J'ai pas tout suivi à la manœuvre mais ça a l'air de fonctionner Merci encore!
  2. alex.35
    Et voici le RSIT! Logfile of random's system information tool 1.06 (written by random/random) Run by Alexei at 2010-03-23 18:18:11 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 16 GB (8%) free of 191 GB Total RAM: 1023 MB (68% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:18:15, on 23/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\Alexei\Bureau\RSIT.exe C:\Program Files\trend micro\Alexei.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 7794 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-09 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-11-24 2436160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-11-24 2436160] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2007-10-04 8491008] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2007-10-04 81920] "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792] "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-07 167936] "LVCOMS"=C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022] "LogitechGalleryRepair"=C:\Program Files\Logitech\ImageStudio\ISStart.exe [2002-12-10 155648] "LogitechImageStudioTray"=C:\Program Files\Logitech\ImageStudio\LogiTray.exe [2002-12-10 61440] "EPSON Stylus C66 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE [2003-11-26 99840] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-04-09 198160] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe C:\Documents and Settings\Alexei\Menu Démarrer\Programmes\Démarrage Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 "NoDriveAutoRun"=255 "HonorAutoRunSetting"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveAutoRun"= "NoDriveTypeAutoRun"= "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus" "C:\WINDOWS\system32\CIMSVR.exe"="C:\WINDOWS\system32\CIMSVR.exe:*:Enabled:Logitech IM Video Companion Server" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe"="C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" ======File associations====== .js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" ======List of files/folders created in the last 1 months====== 2010-03-22 07:42:51 ----RASHD---- C:\autorun.inf 2010-03-22 07:31:49 ----D---- C:\UsbFix 2010-03-21 22:41:41 ----D---- C:\Program Files\Conduit 2010-03-19 20:51:02 ----D---- C:\Ad-Remover 2010-03-19 19:32:22 ----D---- C:\Program Files\trend micro 2010-03-19 19:32:20 ----D---- C:\rsit 2010-03-19 17:53:40 ----D---- C:\Program Files\Avira 2010-03-19 17:53:40 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2010-03-19 16:22:37 ----D---- C:\Documents and Settings\Alexei\Application Data\Malwarebytes 2010-03-17 13:25:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-03-17 13:25:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-03-17 12:49:30 ----SHD---- C:\WINDOWS\CSC 2010-03-17 12:49:20 ----A---- C:\WINDOWS\ntbtlog.txt 2010-03-05 09:23:08 ----D---- C:\Documents and Settings\All Users\Application Data\Real 2010-03-03 21:26:18 ----D---- C:\WINDOWS\Minidump 2010-03-03 07:46:11 ----D---- C:\Program Files\iPod 2010-03-03 07:46:00 ----D---- C:\Program Files\iTunes ======List of files/folders modified in the last 1 months====== 2010-03-23 18:17:41 ----D---- C:\Program Files\Mozilla Firefox 2010-03-23 18:15:38 ----D---- C:\WINDOWS\Temp 2010-03-23 18:14:11 ----SHD---- C:\RECYCLER 2010-03-23 18:10:03 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-23 18:08:44 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-23 06:51:53 ----D---- C:\WINDOWS\Prefetch 2010-03-22 17:38:24 ----A---- C:\WINDOWS\NeroDigital.ini 2010-03-22 07:21:33 ----RD---- C:\Program Files 2010-03-21 22:43:52 ----D---- C:\WINDOWS\system32 2010-03-21 07:55:25 ----D---- C:\WINDOWS\system32\LogFiles 2010-03-19 19:42:43 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2010-03-19 19:36:00 ----D---- C:\WINDOWS 2010-03-19 19:05:12 ----A---- C:\WINDOWS\M3JPEG.INI 2010-03-19 17:53:52 ----HD---- C:\WINDOWS\inf 2010-03-19 17:53:52 ----D---- C:\WINDOWS\system32\drivers 2010-03-19 17:52:23 ----SHD---- C:\WINDOWS\Installer 2010-03-19 17:52:22 ----D---- C:\WINDOWS\WinSxS 2010-03-19 17:31:40 ----D---- C:\WINDOWS\AppPatch 2010-03-17 12:49:37 ----D---- C:\Documents and Settings 2010-03-17 12:26:59 ----D---- C:\Program Files\Bonjour 2010-03-17 12:21:40 ----D---- C:\Documents and Settings\Alexei\Application Data\Azureus 2010-03-17 12:19:26 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-17 12:13:25 ----D---- C:\Program Files\Azureus 2010-03-03 07:46:04 ----D---- C:\Program Files\Fichiers communs\Apple ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-19 40320] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-03-19 28520] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-09-15 278984] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-03-19 56816] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-09-15 25416] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800] R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-15 42496] R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-08-30 9600] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-30 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-10-04 6854464] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] S3 azyi1kju;azyi1kju; C:\WINDOWS\system32\drivers\azyi1kju.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\EVEREST Home Edition\kerneld.wnt [] S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] S3 LVBulk;LVBulk Service; C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-09-20 10382] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 PID_0960_V;Logitech ClickSmart 420(PID_0960_V); C:\WINDOWS\system32\DRIVERS\LVVIMULB.SYS [2002-09-20 163328] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 VNUSB;VN Series Device; C:\WINDOWS\System32\DRIVERS\VNUSB.sys [2006-04-07 38496] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-03-19 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-03-19 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2007-10-04 155716] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-09-13 75064] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-11-24 72704] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-01 654848] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-24 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112] S3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- Merci!
  3. alex.35
    Alors! Voilà le log USBfix après vaccination. ############################## | UsbFix V6.100 | User : Alexei (Administrateurs) # ALEX Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8 Start at: 18:15:41 | 23/03/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Pentium® 4 CPU 3.06GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2 Internet Explorer 6.0.2900.2180 Windows Firewall Status : Enabled AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ] C:\ -> Disque fixe local # 186,3 Go (15,52 Go free) # NTFS E:\ -> Disque amovible F:\ -> Disque amovible G:\ -> Disque amovible H:\ -> Disque fixe local # 465,65 Go (283,19 Go free) [DISK EXTERN] # FAT32 ################## | Vaccination | # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). # H:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). ################## | ! Fin du rapport # UsbFix V6.100 ! |
  4. alex.35
    UP!
  5. alex.35
    Et le second! ############################## | UsbFix V6.100 | User : Alexei (Administrateurs) # ALEX Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8 Start at: 07:38:46 | 22/03/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Pentium® 4 CPU 3.06GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2 Internet Explorer 6.0.2900.2180 Windows Firewall Status : Enabled AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ] C:\ -> Disque fixe local # 186,3 Go (15,72 Go free) # NTFS E:\ -> Disque amovible F:\ -> Disque amovible G:\ -> Disque amovible ################## | Elements infectieux | Supprimé ! C:\Recycler\S-1-5-21-1417001333-1979792683-682003330-1003 Supprimé ! C:\Recycler\S-1-5-21-1417001333-1979792683-682003330-500 ################## | Registre | ################## | Mountpoints2 | Supprimé ! HKCU\...\Explorer\MountPoints2\{078b3cd5-9aa1-11dc-b9d5-0013d3f2cb13}\Shell\Auto\Command Supprimé ! HKCU\...\Explorer\MountPoints2\{987b18bf-adc9-11dd-8e87-0013d3f2cb13}\Shell\Auto\Command ################## | Listing des fichiers présent | [19/11/2007 00:11|--a------|0] C:\AUTOEXEC.BAT [20/01/2008 14:08|-rahs----|212] C:\boot.ini [30/08/2002 13:00|-rahs----|4952] C:\Bootfont.bin [19/11/2007 00:11|--a------|0] C:\CONFIG.SYS [19/11/2007 00:11|-rahs----|0] C:\IO.SYS [21/09/2008 16:05|--a------|183] C:\LogiSetup.log [19/11/2007 00:11|-rahs----|0] C:\MSDOS.SYS [20/01/2008 14:04|-rahs----|47564] C:\NTDETECT.COM [20/01/2008 14:04|-rahs----|251712] C:\ntldr [?|?|?] C:\pagefile.sys [22/03/2010 07:42|--a------|1649] C:\UsbFix.txt ################## | Vaccination | # C:\autorun.inf -> Dossier créé par UsbFix (El Desaparecido). ################## | Upload | Veuillez envoyer le fichier : C:\UsbFix_Upload_Me_ALEX.zip : http://chiquitine.changelog.fr/Sample/Upload.php Merci pour votre contribution . ################## | ! Fin du rapport # UsbFix V6.100 ! | Merci!
  6. alex.35
    Alors, voilà le premier rapport : ############################## | UsbFix V6.100 | User : Alexei (Administrateurs) # ALEX Update on 18/03/2010 by El Desaparecido , C_XX & Chimay8 Start at: 07:33:08 | 22/03/2010 Website : http://pagesperso-orange.fr/NosTools/index.html Contact : FindyKill.Contact@gmail.com Intel® Pentium® 4 CPU 3.06GHz Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 2 Internet Explorer 6.0.2900.2180 Windows Firewall Status : Enabled AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ] C:\ -> Disque fixe local # 186,3 Go (15,75 Go free) # NTFS D:\ -> Disque CD-ROM E:\ -> Disque amovible F:\ -> Disque amovible G:\ -> Disque amovible ################## | Elements infectieux | ################## | Registre | ################## | Mountpoints2 | HKCU\..\..\Explorer\MountPoints2\{078b3cd5-9aa1-11dc-b9d5-0013d3f2cb13} Shell\Auto\command =AdobeR.exe e Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e HKCU\..\..\Explorer\MountPoints2\{987b18bf-adc9-11dd-8e87-0013d3f2cb13} Shell\Auto\command =cmd /C launch.bat Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat ################## | Vaccin | (!) Cet ordinateur n'est pas vacciné ! ################## | ! Fin du rapport # UsbFix V6.100 ! |
  7. alex.35
    Voici le nouveau log! Logfile of random's system information tool 1.06 (written by random/random) Run by Alexei at 2010-03-21 07:59:19 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 16 GB (8%) free of 191 GB Total RAM: 1023 MB (65% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:59:25, on 21/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Alexei\Bureau\RSIT.exe C:\Program Files\trend micro\Alexei.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 8691 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-09 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-11-24 2436160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-11-24 2436160] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2007-10-04 8491008] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2007-10-04 81920] "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792] "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-07 167936] "LVCOMS"=C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022] "LogitechGalleryRepair"=C:\Program Files\Logitech\ImageStudio\ISStart.exe [2002-12-10 155648] "LogitechImageStudioTray"=C:\Program Files\Logitech\ImageStudio\LogiTray.exe [2002-12-10 61440] "EPSON Stylus C66 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE [2003-11-26 99840] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-04-09 198160] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe C:\Documents and Settings\Alexei\Menu Démarrer\Programmes\Démarrage Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus" "C:\WINDOWS\system32\CIMSVR.exe"="C:\WINDOWS\system32\CIMSVR.exe:*:Enabled:Logitech IM Video Companion Server" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe"="C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{078b3cd5-9aa1-11dc-b9d5-0013d3f2cb13}] shell\Auto\command - AdobeR.exe e shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{987b18bf-adc9-11dd-8e87-0013d3f2cb13}] shell\Auto\command - cmd /C launch.bat shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat ======File associations====== .js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" ======List of files/folders created in the last 1 months====== 2010-03-19 23:09:03 ----A---- C:\Ad-Report-CLEAN[2].txt 2010-03-19 22:36:51 ----A---- C:\Ad-Report-CLEAN[1].txt 2010-03-19 20:51:12 ----A---- C:\Ad-Report-SCAN[1].txt 2010-03-19 20:51:02 ----D---- C:\Ad-Remover 2010-03-19 19:32:22 ----D---- C:\Program Files\trend micro 2010-03-19 19:32:20 ----D---- C:\rsit 2010-03-19 17:53:40 ----D---- C:\Program Files\Avira 2010-03-19 17:53:40 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2010-03-19 16:22:37 ----D---- C:\Documents and Settings\Alexei\Application Data\Malwarebytes 2010-03-17 13:25:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-03-17 13:25:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-03-17 12:49:30 ----SHD---- C:\WINDOWS\CSC 2010-03-17 12:49:20 ----A---- C:\WINDOWS\ntbtlog.txt 2010-03-05 09:23:08 ----D---- C:\Documents and Settings\All Users\Application Data\Real 2010-03-03 21:26:18 ----D---- C:\WINDOWS\Minidump 2010-03-03 07:46:11 ----D---- C:\Program Files\iPod 2010-03-03 07:46:00 ----D---- C:\Program Files\iTunes ======List of files/folders modified in the last 1 months====== 2010-03-21 07:57:09 ----D---- C:\WINDOWS\Prefetch 2010-03-21 07:55:30 ----D---- C:\WINDOWS\Temp 2010-03-21 07:55:29 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-21 07:55:25 ----D---- C:\WINDOWS\system32\LogFiles 2010-03-20 13:49:58 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-20 13:12:51 ----D---- C:\Program Files\Mozilla Firefox 2010-03-19 22:41:58 ----RD---- C:\Program Files 2010-03-19 19:42:43 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2010-03-19 19:36:00 ----D---- C:\WINDOWS 2010-03-19 19:05:12 ----A---- C:\WINDOWS\M3JPEG.INI 2010-03-19 17:53:52 ----HD---- C:\WINDOWS\inf 2010-03-19 17:53:52 ----D---- C:\WINDOWS\system32\drivers 2010-03-19 17:52:23 ----SHD---- C:\WINDOWS\Installer 2010-03-19 17:52:22 ----D---- C:\WINDOWS\WinSxS 2010-03-19 17:49:54 ----D---- C:\WINDOWS\system32 2010-03-19 17:31:40 ----D---- C:\WINDOWS\AppPatch 2010-03-17 14:26:49 ----SHD---- C:\RECYCLER 2010-03-17 12:49:37 ----D---- C:\Documents and Settings 2010-03-17 12:26:59 ----D---- C:\Program Files\Bonjour 2010-03-17 12:21:40 ----D---- C:\Documents and Settings\Alexei\Application Data\Azureus 2010-03-17 12:19:26 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-17 12:13:25 ----D---- C:\Program Files\Azureus 2010-03-03 07:46:04 ----D---- C:\Program Files\Fichiers communs\Apple 2010-02-25 10:50:05 ----A---- C:\WINDOWS\NeroDigital.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-19 40320] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-03-19 28520] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-09-15 278984] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-03-19 56816] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-09-15 25416] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800] R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-15 42496] R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-08-30 9600] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-30 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-10-04 6854464] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] S3 ah2b619i;ah2b619i; C:\WINDOWS\system32\drivers\ah2b619i.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\EVEREST Home Edition\kerneld.wnt [] S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] S3 LVBulk;LVBulk Service; C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-09-20 10382] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 PID_0960_V;Logitech ClickSmart 420(PID_0960_V); C:\WINDOWS\system32\DRIVERS\LVVIMULB.SYS [2002-09-20 163328] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 VNUSB;VN Series Device; C:\WINDOWS\System32\DRIVERS\VNUSB.sys [2006-04-07 38496] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-03-19 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-03-19 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2007-10-04 155716] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-09-13 75064] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576] R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-11-24 72704] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-01 654848] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-24 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF-----------------
  8. alex.35
    Alors, j'ai téléchargé le programme avec ton deuxième lien. J'ai scanné, et j'obtiens ce rapport : ======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 19/03/10 à 18:00 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 20:51:03 le 19/03/2010 | Mode normal | Option: SCAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft® Windows XP™ Service Pack 2 - X86 Nom du PC: ALEX | Utilisateur actuel: Alexei (Administrateur) . ============== ÉLÉMENT(S) TROUVÉ(S) ============== . Service: *ASKService* Service: *ASKUpgrade* . C:\Documents and Settings\Alexei\Application Data\Mozilla\FireFox\Profiles\s6e7mygm.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Poker C:\Program Files\AskBarDis C:\Program Files\Everest Poker . HKCU\Software\AppDataLow\AskBarDis HKCU\Software\AskBarDis HKCU\Software\Grand Virtual HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98} HKLM\Software\AppDataLow\AskBarDis HKLM\Software\AskBarDis HKLM\Software\Classes\AskIBar.PopSwatterBarButton HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1 HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1 HKLM\Software\Classes\AskToolBar.SettingsPlugin HKLM\Software\Classes\AskToolBar.SettingsPlugin.1 HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f} HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2} HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E} HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed} HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98} HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60} HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf} HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b} HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362} HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA} HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9} HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742} HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150} HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker HKLM\Software\Trymedia Systems HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98} HKLM\Software\Microsoft\Internet Explorer\Toolbar|{3041D03E-FD4B-44E0-B742-2D9B88305F98} . ============== SCAN ADDITIONNEL ============== . * Mozilla FireFox Version 3.5.8 (fr) * . C:\Documents and Settings\Alexei\..\s6e7mygm.default\prefs.js - browser.download.dir: C:\\Documents and Settings\\Alexei\\Bureau C:\Documents and Settings\Alexei\..\s6e7mygm.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Alexei\\Bureau C:\Documents and Settings\Alexei\..\s6e7mygm.default\prefs.js - browser.startup.homepage: hxxp://www.google.fr/ C:\Documents and Settings\Alexei\..\s6e7mygm.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.8 C:\Documents and Settings\Administrateur\..\8587gube.default\prefs.js - browser.download.dir: C:\\Documents and Settings\\Administrateur\\Bureau C:\Documents and Settings\Administrateur\..\8587gube.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.8 . . * Internet Explorer Version 6.0.2900.2180 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://www.google.com/ie Search Page: hxxp://www.google.com Show_ToolBar: yes Start Page: hxxp://www.google.fr/ Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://recherche.neuf.fr/ Delete_Temp_Files_On_Exit: yes Local Page: %SystemRoot%\system32\blank.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Blank: res://mshtml.dll/blank.htm . ============== SUSPECT(S) ============== . C:\Documents and Settings\Alexei\Application Data\Azureus\torrents\Adobe After Effects CS3 Professional 2008 PC + Crack [mininova].torrent C:\Documents and Settings\Alexei\Application Data\Azureus\torrents\Assassins Creed Game PC multilanguage - With Crack [mininova].torrent C:\Documents and Settings\Alexei\Application Data\Azureus\torrents\[isoHunt] [PC] Sims 2 multilingual serialz crack cheats.torrent C:\Documents and Settings\Alexei\Application Data\Azureus\torrents\[www.seedpeer.com] Pc Game Assassins Creed Full Crack.SEEDPEER.torrent C:\Documents and Settings\Alexei\Bureau\Programmes base\Macromedia Studio 8 Fr (Dreamweaver 8 - Fireworks 8 - Flash -Fr-Cracké-Vérifié.zip C:\Documents and Settings\Alexei\Favoris\Liens\VIRUS\CrackzPlanet.com .url C:\Documents and Settings\Alexei\Local Settings\Temp\HouseCall\bspatch.exe C:\Documents and Settings\Alexei\Mes documents\Azureus Downloads\Assassins Creed Game PC multilanguage - With Crack\Assassins Creed Crack\AssassinsCreed_Dx10.exe C:\Documents and Settings\Alexei\Mes documents\Azureus Downloads\Assassins Creed Game PC multilanguage - With Crack\Assassins Creed Crack\AssassinsCreed_Dx9.exe C:\Documents and Settings\Alexei\Mes documents\Azureus Downloads\Assassins Creed Game PC multilanguage - With Crack\Assassins Creed Crack\AssassinsCreed_Launcher.exe C:\Documents and Settings\Alexei\Mes documents\Azureus Downloads\Assassins Creed Game PC multilanguage - With Crack\Crack\AssassinsCreed_Dx10.exe C:\Documents and Settings\Alexei\Mes documents\Azureus Downloads\Assassins Creed Game PC multilanguage - With Crack\Crack\AssassinsCreed_Dx9.exe C:\Documents and Settings\Alexei\Mes documents\Azureus Downloads\Assassins Creed Game PC multilanguage - With Crack\Crack\reloaded.nfo C:\Documents and Settings\Alexei\Mes documents\Azureus Downloads\Assassins Creed Game PC multilanguage - With Crack\reloaded.nfo . ======================================== . C:\DOCUME~1\Alexei\LOCALS~1\Temp: 1496 Fichier(s), 179 Dossier(s) C:\WINDOWS\temp: 75 Fichier(s), 28 Dossier(s) Temporary Internet Files: 26 Fichier(s), 18 Dossier(s) . C:\Ad-Remover\Quarantine: 0 Fichier(s) C:\Ad-Remover\Backup: 1 Fichier(s) . C:\Ad-Report-SCAN[1].txt - 6961 Octet(s) . Fin à: 20:58:03, 19/03/2010 . ============== E.O.F - SCAN[1] ============== Ensuite, j'ai nettoyé, et il m'a demandé de redémarrer à la fin pour que ce soit complet. C'est fait, et voilà le rapport! ======= RAPPORT D'AD-REMOVER 2.0.0.0,B | UNIQUEMENT XP/VISTA/7 ======= . Mis à jour par C_XX le 19/03/10 à 18:00 Contact: AdRemover.contact@gmail.com Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html . Lancé à: 22:36:44 le 19/03/2010 | Mode normal | Option: CLEAN Exécuté de: C:\Ad-Remover\ADR.exe SE: Microsoft® Windows XP™ Service Pack 2 - X86 Nom du PC: ALEX | Utilisateur actuel: Alexei (Administrateur) . ============== ÉLÉMENT(S) NEUTRALISÉ(S) ============== . Service: *ASKService* Service: *ASKUpgrade* . C:\Documents and Settings\Alexei\Application Data\Mozilla\FireFox\Profiles\s6e7mygm.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Everest Poker C:\Program Files\AskBarDis C:\Program Files\Everest Poker (!) -- Fichiers temporaires supprimés. . HKCU\Software\AppDataLow\AskBarDis HKCU\Software\AskBarDis HKCU\Software\Grand Virtual HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201f27d4-3704-41d6-89c1-aa35e39143ed} HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041d03e-fd4b-44e0-b742-2d9b88305f98} HKLM\Software\AppDataLow\AskBarDis HKLM\Software\AskBarDis HKLM\Software\Classes\AskIBar.PopSwatterBarButton HKLM\Software\Classes\AskIBar.PopSwatterBarButton.1 HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl HKLM\Software\Classes\AskIBar.PopSwatterSettingsControl.1 HKLM\Software\Classes\AskToolBar.SettingsPlugin HKLM\Software\Classes\AskToolBar.SettingsPlugin.1 HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f} HKLM\Software\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2} HKLM\Software\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E} HKLM\Software\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed} HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98} HKLM\Software\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60} HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf} HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b} HKLM\Software\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362} HKLM\Software\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA} HKLM\Software\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9} HKLM\Software\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742} HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150} HKLM\Software\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed} HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Everest Poker HKLM\Software\Trymedia Systems HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{3041D03E-FD4B-44E0-B742-2D9B88305F98} HKLM\Software\Microsoft\Internet Explorer\Toolbar|{3041D03E-FD4B-44E0-B742-2D9B88305F98} . ============== SCAN ADDITIONNEL ============== . * Mozilla FireFox Version 3.5.8 (fr) * . C:\Documents and Settings\Alexei\..\s6e7mygm.default\prefs.js - browser.download.dir: C:\\Documents and Settings\\Alexei\\Bureau C:\Documents and Settings\Alexei\..\s6e7mygm.default\prefs.js - browser.download.lastDir: C:\\Documents and Settings\\Alexei\\Bureau C:\Documents and Settings\Alexei\..\s6e7mygm.default\prefs.js - browser.startup.homepage: hxxp://www.google.fr/ C:\Documents and Settings\Alexei\..\s6e7mygm.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.8 C:\Documents and Settings\Administrateur\..\8587gube.default\prefs.js - browser.download.dir: C:\\Documents and Settings\\Administrateur\\Bureau C:\Documents and Settings\Administrateur\..\8587gube.default\prefs.js - browser.startup.homepage_override.mstone: rv:1.9.1.8 . . * Internet Explorer Version 6.0.2900.2180 * . [HKCU\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Do404Search: 0x01000000 Enable Browser Extensions: yes Local Page: C:\WINDOWS\system32\blank.htm Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896 Show_ToolBar: yes Start Page: hxxp://fr.msn.com/ Use Search Asst: no . [HKLM\Software\Microsoft\Internet Explorer\Main] . Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Delete_Temp_Files_On_Exit: yes Local Page: %SystemRoot%\system32\blank.htm Search bar: hxxp://search.msn.com/spbasic.htm Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Start Page: hxxp://fr.msn.com/ . [HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS] . Tabs: res://ieframe.dll/tabswelcome.htm Blank: res://mshtml.dll/blank.htm . ============== SUSPECT(S) ============== . C:\Documents and Settings\Alexei\Application Data\Azureus\torrents\Adobe After Effects CS3 Professional 2008 PC + Crack [mininova].torrent C:\Documents and Settings\Alexei\Application Data\Azureus\torrents\Assassins Creed Game PC multilanguage - With Crack [mininova].torrent C:\Documents and Settings\Alexei\Application Data\Azureus\torrents\[isoHunt] [PC] Sims 2 multilingual serialz crack cheats.torrent C:\Documents and Settings\Alexei\Application Data\Azureus\torrents\[www.seedpeer.com] Pc Game Assassins Creed Full Crack.SEEDPEER.torrent C:\Documents and Settings\Alexei\Bureau\Programmes base\Macromedia Studio 8 Fr (Dreamweaver 8 - Fireworks 8 - Flash -Fr-Cracké-Vérifié.zip C:\Documents and Settings\Alexei\Favoris\Liens\VIRUS\CrackzPlanet.com .url C:\Documents and Settings\Alexei\Mes documents\Azureus Downloads\Assassins Creed Game PC multilanguage - With Crack\Assassins Creed Crack\AssassinsCreed_Dx10.exe C:\Documents and Settings\Alexei\Mes documents\Azureus Downloads\Assassins Creed Game PC multilanguage - With Crack\Assassins Creed Crack\AssassinsCreed_Dx9.exe C:\Documents and Settings\Alexei\Mes documents\Azureus Downloads\Assassins Creed Game PC multilanguage - With Crack\Assassins Creed Crack\AssassinsCreed_Launcher.exe C:\Documents and Settings\Alexei\Mes documents\Azureus Downloads\Assassins Creed Game PC multilanguage - With Crack\Crack\AssassinsCreed_Dx10.exe C:\Documents and Settings\Alexei\Mes documents\Azureus Downloads\Assassins Creed Game PC multilanguage - With Crack\Crack\AssassinsCreed_Dx9.exe C:\Documents and Settings\Alexei\Mes documents\Azureus Downloads\Assassins Creed Game PC multilanguage - With Crack\Crack\reloaded.nfo C:\Documents and Settings\Alexei\Mes documents\Azureus Downloads\Assassins Creed Game PC multilanguage - With Crack\reloaded.nfo . ======================================== . C:\DOCUME~1\Alexei\LOCALS~1\Temp: 0 Fichier(s), 179 Dossier(s) C:\WINDOWS\temp: 2 Fichier(s), 28 Dossier(s) Temporary Internet Files: 2 Fichier(s), 18 Dossier(s) . C:\Ad-Remover\Quarantine: 0 Fichier(s) C:\Ad-Remover\Backup: 14 Fichier(s) . C:\Ad-Report-CLEAN[1].txt - 7119 Octet(s) C:\Ad-Report-SCAN[1].txt - 7085 Octet(s) . Fin à: 22:42:48, 19/03/2010 . ============== E.O.F - CLEAN[1] ============== Depuis l'utilisation de Malwares, je n'ai pas eu de nouvelles manifestation en tout cas! C'est un bon début! Bonne soirée, Alex
  9. alex.35
    Voici la partie "log", mais j'ai fermé la partie "info" et impossible de la ravoir, meme en relancant le programme... Logfile of random's system information tool 1.06 (written by random/random) Run by Alex at 2010-03-19 19:38:14 Microsoft Windows XP Professionnel Service Pack 2 System drive C: has 9 GB (5%) free of 191 GB Total RAM: 1023 MB (55% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:38:15, on 19/03/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE C:\Program Files\Logitech\ImageStudio\LogiTray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\AskBarDis\bar\bin\AskService.exe C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Alexei\Bureau\RSIT.exe C:\Program Files\trend micro\Alexei.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://recherche.neuf.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe -- End of file - 9151 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-09 312928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-11-24 2436160] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-11-24 2436160] {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2004-02-10 339968] {3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2009-04-02 333192] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2007-10-04 8491008] "nwiz"=nwiz.exe /install [] "NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2007-10-04 81920] "High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2005-01-07 61952] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-10-10 39792] "NeroFilterCheck"=C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe [2007-03-01 153136] "PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2008-07-07 167936] "LVCOMS"=C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE [2002-12-10 127022] "LogitechGalleryRepair"=C:\Program Files\Logitech\ImageStudio\ISStart.exe [2002-12-10 155648] "LogitechImageStudioTray"=C:\Program Files\Logitech\ImageStudio\LogiTray.exe [2002-12-10 61440] "EPSON Stylus C66 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE [2003-11-26 99840] "TkBellExe"=C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe [2009-04-09 198160] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-11-10 417792] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-02-15 141608] "KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k [] "avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-19 15360] "DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Device Detector 3.lnk - C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe C:\Documents and Settings\Alexei\Menu Démarrer\Programmes\Démarrage Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook" "C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus" "C:\WINDOWS\system32\CIMSVR.exe"="C:\WINDOWS\system32\CIMSVR.exe:*:Enabled:Logitech IM Video Companion Server" "C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice" "C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger" "C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer" "C:\Program Files\Wolfenstein - Enemy Territory\ET.exe"="C:\Program Files\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe"="C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{078b3cd5-9aa1-11dc-b9d5-0013d3f2cb13}] shell\Auto\command - AdobeR.exe e shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{987b18bf-adc9-11dd-8e87-0013d3f2cb13}] shell\Auto\command - cmd /C launch.bat shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat ======File associations====== .js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" ======List of files/folders created in the last 1 months====== 2010-03-19 19:32:22 ----D---- C:\Program Files\trend micro 2010-03-19 19:32:20 ----D---- C:\rsit 2010-03-19 17:53:40 ----D---- C:\Program Files\Avira 2010-03-19 17:53:40 ----D---- C:\Documents and Settings\All Users\Application Data\Avira 2010-03-19 16:22:37 ----D---- C:\Documents and Settings\Alexei\Application Data\Malwarebytes 2010-03-17 13:25:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2010-03-17 13:25:31 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2010-03-17 12:49:30 ----SHD---- C:\WINDOWS\CSC 2010-03-17 12:49:20 ----A---- C:\WINDOWS\ntbtlog.txt 2010-03-05 09:23:08 ----D---- C:\Documents and Settings\All Users\Application Data\Real 2010-03-03 21:26:18 ----D---- C:\WINDOWS\Minidump 2010-03-03 07:46:11 ----D---- C:\Program Files\iPod 2010-03-03 07:46:00 ----D---- C:\Program Files\iTunes ======List of files/folders modified in the last 1 months====== 2010-03-19 19:37:08 ----D---- C:\Program Files\Mozilla Firefox 2010-03-19 19:36:07 ----D---- C:\WINDOWS\Temp 2010-03-19 19:36:06 ----D---- C:\WINDOWS\system32\CatRoot2 2010-03-19 19:36:00 ----D---- C:\WINDOWS 2010-03-19 19:34:25 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-03-19 19:32:22 ----RD---- C:\Program Files 2010-03-19 19:05:12 ----A---- C:\WINDOWS\M3JPEG.INI 2010-03-19 17:54:24 ----D---- C:\WINDOWS\Prefetch 2010-03-19 17:53:52 ----HD---- C:\WINDOWS\inf 2010-03-19 17:53:52 ----D---- C:\WINDOWS\system32\drivers 2010-03-19 17:52:23 ----SHD---- C:\WINDOWS\Installer 2010-03-19 17:52:22 ----D---- C:\WINDOWS\WinSxS 2010-03-19 17:49:54 ----D---- C:\WINDOWS\system32 2010-03-19 17:31:40 ----D---- C:\WINDOWS\AppPatch 2010-03-17 14:26:49 ----SHD---- C:\RECYCLER 2010-03-17 12:49:37 ----D---- C:\Documents and Settings 2010-03-17 12:26:59 ----D---- C:\Program Files\Bonjour 2010-03-17 12:21:40 ----D---- C:\Documents and Settings\Alexei\Application Data\Azureus 2010-03-17 12:19:26 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-03-17 12:13:25 ----D---- C:\Program Files\Azureus 2010-03-14 12:02:00 ----A---- C:\WINDOWS\system32\PnkBstrB.exe 2010-03-03 07:46:04 ----D---- C:\Program Files\Fichiers communs\Apple 2010-02-25 10:50:05 ----A---- C:\WINDOWS\NeroDigital.ini ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2004-08-19 40320] R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-07-07 56108] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-03-19 28520] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-09-15 278984] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-03-19 56816] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-09-15 25416] R3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800] R3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\System32\DRIVERS\fetnd5b.sys [2004-04-15 42496] R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\HdAudio.sys [2005-01-07 145920] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752] R3 hidusb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2002-08-30 9600] R3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-30 12288] R3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824] R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2007-10-04 6854464] R3 usbehci;Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2004-08-03 26624] R3 usbhub;Concentrateur USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-03 57600] R3 usbstor;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-03 20480] S3 ak7mytzw;ak7mytzw; C:\WINDOWS\system32\drivers\ak7mytzw.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\EVEREST Home Edition\kerneld.wnt [] S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600] S3 LVBulk;LVBulk Service; C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-09-20 10382] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880] S3 PID_0960_V;Logitech ClickSmart 420(PID_0960_V); C:\WINDOWS\system32\DRIVERS\LVVIMULB.SYS [2002-09-20 163328] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360] S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\System32\DRIVERS\TVICHW32.SYS [] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448] S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-03 59264] S3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-03 15104] S3 VNUSB;VN Series Device; C:\WINDOWS\System32\DRIVERS\VNUSB.sys [2006-04-07 38496] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328] S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys [] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planificateur; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-03-19 108289] R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-03-19 185089] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672] R2 ASKService;ASKService; C:\Program Files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264] R2 ASKUpgrade;ASKUpgrade; C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888] R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2007-10-04 155716] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-09-13 75064] R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-03-14 214816] R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912] R3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576] R3 NMIndexingService;NMIndexingService; C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-11-24 72704] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-06-01 654848] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-24 138168] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-09-02 191656] S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF-----------------
  10. alex.35
    Bonjour à tous, Comme beaucoup en ce moment, vu les messages que j'ai pu lire sur le forum, j'ai été attaqué par le virus PC Security Center... Mais comme le traitement semble changer à chaque fois, je préfère créer un nouveau sujet. Pour information, je suis sous Windows XP, je peux accéder à Internet mais l'ordi est très lent, certaines fonctions semblent désactivées, et surtout, j'ai des fenêtres incessantes d'alertes virus... Merci d'avance pour votre aide! J'ai cru comprendre qu'il fallait télécharger Malwarebytes Anti malwares. C'est fait. J'ai lancé un "examen complet". J'ai tenté de supprimer la sélection. Mais le programme m'a précisé que certains ne pouvaient être supprimés qu'au redémarrage. Depuis, je n'ai plus d'alerte, mais j'aimerais être sur! Voici le log obtenu (avant redémarrage) : Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3885 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 19/03/2010 17:29:38 mbam-log-2010-03-19 (17-29-38).txt Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|) Eléments examinés: 251257 Temps écoulé: 1 hour(s), 2 minute(s), 7 second(s) Processus mémoire infecté(s): 2 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 5 Elément(s) de données du Registre infecté(s): 4 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 6 Processus mémoire infecté(s): C:\Documents and Settings\Alexei\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Unloaded process successfully. C:\WINDOWS\system32\wuaucldt.exe (Trojan.Agent) -> Unloaded process successfully. Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\syncman (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Intern) Good: (iexplore.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (secfile) Good: (exefile) -> Quarantined and deleted successfully. Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): c:\WINDOWS\system32\wuaucldt.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully. C:\Documents and Settings\Alexei\Local Settings\Application Data\av.exe (ROGUE.Win7Antispyware2010) -> Quarantined and deleted successfully. C:\Documents and Settings\Alexei\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully. C:\Documents and Settings\Administrateur\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Documents and Settings\Alexei\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully. C:\Documents and Settings\Alexei\Menu Démarrer\Programmes\Démarrage\monnwb32.exe (Trojan.Agent) -> Delete on reboot. Voilà messieurs, à vot' bon coeur!
×
×
  • Créer...