VIRUS impossible à supprimer - log hijackthis
Fermé
the_dagon
Messages postés
7
Date d'inscription
mardi 6 mai 2008
Statut
Membre
Dernière intervention
10 novembre 2009
-
6 mai 2008 à 02:13
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 - 10 mai 2008 à 14:46
Regis59 Messages postés 21143 Date d'inscription mardi 27 juin 2006 Statut Contributeur sécurité Dernière intervention 22 juin 2016 - 10 mai 2008 à 14:46
A voir également:
- VIRUS impossible à supprimer - log hijackthis
- Supprimer une page word - Guide
- Supprimer compte instagram - Guide
- Fichier impossible à supprimer - Guide
- Supprimer edge - Guide
- Supprimer bing - Guide
10 réponses
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 320
6 mai 2008 à 12:02
6 mai 2008 à 12:02
Salut
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Copie/colle un nouveau rapport HiJackThis avec.
Désactive les logiciels de protection (Antivirus, Antispywares) puis :
Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Copie/colle un nouveau rapport HiJackThis avec.
jean_louis_57
Messages postés
1351
Date d'inscription
dimanche 13 avril 2008
Statut
Membre
Dernière intervention
12 février 2020
81
6 mai 2008 à 05:18
6 mai 2008 à 05:18
bonjour
ton anti virus c'est quoi
regarde la
http://www.commentcamarche.net/forum/affich 4589985 se debarrasser de virtumonde
se-debarrasser-de-virtumonde
ton anti virus c'est quoi
regarde la
http://www.commentcamarche.net/forum/affich 4589985 se debarrasser de virtumonde
se-debarrasser-de-virtumonde
J'utilise NOD32, ça se voit sur le log ;-)
Pourtant celui-ci ne voit RIEN au scan, mis à part virtumondo quand il est en mode surveillance, qu'il détruit au fur et à mesure qu'il est régénéré (toutes les 5 mn, quoi).
Pourtant le virus/trojan est bien là.
J'ai les 4 process rundll qui réapparaissent tout seuls dans la base de registre, même si je les supprime dans l'onglet /RUN de la base de registre :
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Dagon\AppData\Local\Temp\urqRLdCU.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Dagon\AppData\Local\Temp\geBrpqnN.dll,c
O4 - HKCU\..\Run: [BMa7c7656e] Rundll32.exe "C:\Users\Dagon\AppData\Local\Temp\jjxksxgu.dll",s
O4 - HKCU\..\Run: [a4f456f2] rundll32.exe "C:\Users\Dagon\AppData\Local\Temp\hbqshafk.dll",b
Bien évidemment impossible de virer les fichiers, et tant que je n'ai pas identifié le process qui les créé, c'est peine perdue !!!
Pourtant celui-ci ne voit RIEN au scan, mis à part virtumondo quand il est en mode surveillance, qu'il détruit au fur et à mesure qu'il est régénéré (toutes les 5 mn, quoi).
Pourtant le virus/trojan est bien là.
J'ai les 4 process rundll qui réapparaissent tout seuls dans la base de registre, même si je les supprime dans l'onglet /RUN de la base de registre :
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Dagon\AppData\Local\Temp\urqRLdCU.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Dagon\AppData\Local\Temp\geBrpqnN.dll,c
O4 - HKCU\..\Run: [BMa7c7656e] Rundll32.exe "C:\Users\Dagon\AppData\Local\Temp\jjxksxgu.dll",s
O4 - HKCU\..\Run: [a4f456f2] rundll32.exe "C:\Users\Dagon\AppData\Local\Temp\hbqshafk.dll",b
Bien évidemment impossible de virer les fichiers, et tant que je n'ai pas identifié le process qui les créé, c'est peine perdue !!!
the_dagon
Messages postés
7
Date d'inscription
mardi 6 mai 2008
Statut
Membre
Dernière intervention
10 novembre 2009
6 mai 2008 à 13:33
6 mai 2008 à 13:33
Merci de ta réponse.
Bon, avant d'avoir ta réponse j'avais enlevé les 4 entrées/fichiers louches avec hijackthis, ils ne sont pas réapparus, ni sur le disk dur, ni à priori dans le registry :
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Dagon\AppData\Local\Temp\urqRLdCU.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Dagon\AppData\Local\Temp\geBrpqnN.dll,c
O4 - HKCU\..\Run: [BMa7c7656e] Rundll32.exe "C:\Users\Dagon\AppData\Local\Temp\jjxksxgu.dll",s
O4 - HKCU\..\Run: [a4f456f2] rundll32.exe "C:\Users\Dagon\AppData\Local\Temp\hbqshafk.dll",b
J'ai ensuite lancé combofix (nod32 tournait cependant et a viré un fichier eicar.txt, détecté comme un virus). Combofix m'a supprimé un fichier dans %appdata/roaming/inst.exe
(log ci joint)
J'ai ensuite lancé hijackthis.
GRAND MERCI pour ton temps et tes connaissances. A ton avis le système est-il propre maintenant ?
voici les deux logs :
COMBOFIX :
ComboFix 08-05-01.3 - Dagon 2008-05-06 13:10:52.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1151 [GMT 2:00]
Endroit: C:\Users\Dagon\Desktop\ComboFix.exe
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Dagon\AppData\Roaming\inst.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-06 to 2008-05-06 ))))))))))))))))))))))))))))))))))))
.
2008-05-06 08:28 . 2008-05-06 08:28 0 --ah----- C:\ntuser.dat.LOG2
2008-05-06 08:28 . 2008-05-06 08:28 0 --ah----- C:\ntuser.dat.LOG1
2008-05-06 08:28 . 2008-05-06 08:28 0 --a------ C:\ntuser.dat
2008-05-06 01:47 . 2008-05-06 01:47 <REP> d-------- C:\VundoFix Backups
2008-05-03 11:09 . 2008-05-03 11:09 <REP> d-------- C:\Program Files\Bonjour
2008-05-03 11:05 . 2008-05-03 11:05 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-03 10:41 . 2008-05-03 10:53 <REP> d-------- C:\Program Files\Macromedia
2008-05-03 10:41 . 2008-05-03 10:53 <REP> d-------- C:\Program Files\Common Files\Macromedia
2008-05-03 10:01 . 2008-05-03 10:01 <REP> d-------- C:\Windows\Logo Design Studio Pro
2008-05-03 10:01 . 2008-05-03 10:04 <REP> d-------- C:\Program Files\Logo Design Studio Pro
2008-05-01 21:11 . 2008-05-01 21:11 <REP> d-------- C:\Windows\nvidia icons
2008-05-01 21:09 . 2008-05-01 21:09 <REP> d-------- C:\NVIDIA
2008-04-29 13:30 . 2008-04-29 13:30 <REP> d-------- C:\ProgramData\Futuremark
2008-04-29 13:26 . 2008-04-29 13:26 <REP> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-04-29 13:25 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll
2008-04-29 13:25 . 2008-03-05 15:56 1,420,824 --a------ C:\Windows\System32\D3DCompiler_37.dll
2008-04-29 13:25 . 2008-03-05 16:03 479,752 --a------ C:\Windows\System32\XAudio2_0.dll
2008-04-29 13:25 . 2008-02-05 23:07 462,864 --a------ C:\Windows\System32\d3dx10_37.dll
2008-04-29 13:25 . 2008-03-05 16:03 238,088 --a------ C:\Windows\System32\xactengine3_0.dll
2008-04-29 13:25 . 2008-03-05 16:00 25,608 --a------ C:\Windows\System32\X3DAudio1_3.dll
2008-04-21 20:27 . 2008-04-21 20:27 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-15 20:43 . 2008-04-15 20:43 <REP> d-------- C:\Users\Dagon\AppData\Roaming\Ubisoft
2008-04-13 11:31 . 2008-04-13 11:31 <REP> d-------- C:\Users\Dagon\AppData\Roaming\Thinstall
2008-04-12 10:26 . 2008-04-12 10:26 <REP> d-------- C:\Program Files\Common Files\Creative Labs Shared
2008-04-11 22:21 . 2008-05-06 13:14 54,760 --a------ C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2008-04-11 22:21 . 2008-05-06 13:14 54,760 --a------ C:\Windows\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2008-04-11 22:21 . 2008-05-06 13:14 788 --a------ C:\Windows\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2008-04-11 22:20 . 2008-04-11 22:20 87 -rah----- C:\Windows\ctfile.rfc
2008-04-06 12:50 . 2008-04-06 12:50 <REP> d-------- C:\ProgramData\vsosdk
2008-04-06 10:19 . 2004-05-04 11:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-04-06 10:19 . 2006-05-20 16:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll
2008-04-06 10:19 . 2006-05-11 19:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll
2008-04-06 10:19 . 2006-09-29 12:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-04-06 10:19 . 2006-09-29 12:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-04-06 10:19 . 2006-09-29 12:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-04-06 10:19 . 2007-03-18 20:37 65,602 --a------ C:\Windows\System32\cook3260.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 23:25 --------- d-----w C:\Program Files\LogMeIn
2008-05-03 12:39 1,786 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-05-03 09:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-01 19:14 --------- d-----w C:\ProgramData\NVIDIA
2008-04-29 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-29 11:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 11:26 --------- d-----w C:\Program Files\AGEIA Technologies
2008-04-22 06:53 27,672 ----a-r C:\Windows\system32\drivers\Entech.sys
2008-04-21 15:51 442,368 ----a-w C:\Windows\System32\nvuninst.exe
2008-04-20 12:35 --------- d-----w C:\ProgramData\Media Center Programs
2008-04-12 08:25 --------- d-----w C:\ProgramData\Creative
2008-04-11 20:22 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-04-11 20:22 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-04-10 20:16 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 21:10 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-06 11:41 --------- d-----w C:\Users\Dagon\AppData\Roaming\Vso
2008-04-06 11:41 --------- d-----w C:\Program Files\vso
2008-04-06 08:19 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-04-06 08:19 47,360 ----a-w C:\Users\Dagon\AppData\Roaming\pcouffin.sys
2008-04-06 08:13 81,920 ----a-w C:\Users\Dagon\AppData\Roaming\ezpinst.exe
2008-04-03 20:23 --------- d-----w C:\Program Files\7-Zip
2008-03-29 20:13 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-29 13:57 --------- d-----w C:\Program Files\Creative
2008-03-25 16:48 --------- d-----w C:\Program Files\Avi2Dvd
2008-03-25 14:26 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-24 21:12 --------- d---a-w C:\ProgramData\TEMP
2008-03-23 18:16 --------- d-----w C:\Program Files\SmartFTP Client
2008-03-23 18:11 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-03-23 08:50 --------- d-----w C:\Program Files\SyncBackSE
2008-03-08 14:32 --------- d-----w C:\Program Files\Java
2008-03-07 11:31 --------- d-----w C:\Program Files\EditPlus 2
2008-03-07 11:23 --------- d-----w C:\Program Files\Windows Live
2008-03-07 11:22 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-07 11:22 --------- d-----w C:\ProgramData\WLInstaller
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-25 07:41 72,728 ----a-w C:\Windows\System32\CTHWIUT.DLL
2008-02-25 07:41 566,296 ----a-w C:\Windows\System32\CTSBLFX.DLL
2008-02-25 07:41 329,240 ----a-w C:\Windows\System32\CTEDSPSY.DLL
2008-02-25 07:41 286,232 ----a-w C:\Windows\System32\CTEDSPFX.DLL
2008-02-25 07:41 174,104 ----a-w C:\Windows\System32\CTEAPSFX.DLL
2008-02-25 07:41 170,520 ----a-w C:\Windows\System32\CT20XUT.DLL
2008-02-25 07:41 134,680 ----a-w C:\Windows\System32\CTEDSPIO.DLL
2008-02-25 07:41 100,888 ----a-w C:\Windows\System32\CTERFXFX.DLL
2008-02-25 07:41 1,323,544 ----a-w C:\Windows\System32\CTEXFIFX.DLL
2008-02-25 07:40 98,328 ----a-w C:\Windows\System32\COMMONFX.DLL
2008-02-25 07:40 551,960 ----a-w C:\Windows\System32\CTAUDFX.DLL
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-02-20 19:00 43,520 ----a-w C:\Windows\System32\CTBurst.dll
2008-02-20 18:59 86,016 ----a-w C:\Windows\System32\ctcoinst.dll
2008-02-20 18:59 34,816 ----a-w C:\Windows\System32\a3d.dll
2008-02-20 18:59 27,648 ----a-w C:\Windows\System32\ac3api.dll
2008-02-20 18:59 163,840 ----a-w C:\Windows\System32\ctdvinst.dll
2008-02-20 18:55 969,216 ----a-w C:\Windows\System32\CTxfispi.exe
2008-02-20 18:55 43,520 ----a-w C:\Windows\System32\Ctxfireg.exe
2008-02-20 18:55 10,752 ----a-w C:\Windows\System32\Ct20xspi.dll
2008-02-20 18:49 110,080 ----a-w C:\Windows\System32\ctemupia.dll
2008-02-20 18:47 49,152 ----a-w C:\Windows\System32\ctdproxy.dll
2008-02-20 18:47 46,592 ----a-w C:\Windows\System32\ctasio.dll
2008-02-20 18:47 174,592 ----a-w C:\Windows\System32\ct_oal.dll
2008-02-20 18:47 17,920 ----a-w C:\Windows\System32\ctedasio.dll
2008-02-20 18:46 69,120 ----a-w C:\Windows\System32\ctosuser.dll
2008-02-20 18:46 64,512 ----a-w C:\Windows\System32\piaproxy.dll
2008-02-20 18:46 6,144 ----a-w C:\Windows\System32\sfman32.dll
2008-02-20 18:46 13,312 ----a-w C:\Windows\System32\regplib.exe
2008-02-20 18:46 104,448 ----a-w C:\Windows\System32\sfms32.dll
2008-02-20 18:44 5,120 ----a-w C:\Windows\System32\ENLOCSTR.EXE
2008-02-20 18:44 10,240 ----a-w C:\Windows\System32\KILLAPPS.EXE
2008-02-20 18:43 32,768 ----a-w C:\Windows\System32\devreg.dll
2008-02-20 18:43 28,672 ----a-w C:\Windows\System32\MIDIDEF.EXE
2008-02-16 17:54 174 --sha-w C:\Program Files\desktop.ini
2008-02-16 17:28 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-02-16 17:28 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-02-16 17:08 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-02-16 17:08 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2007-06-16 15:41 495,041,289 ----a-w C:\Users\Public\setup_fbi_faces3.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:29 220544]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 17:09 171464]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 11:42 53341]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184]
"Ai Remote Help"="C:\Program Files\ASUS\AI Remote\AiRc.exe" [2007-01-19 14:24 3347456]
"ASUS ASAP USB"="C:\Program Files\ASUS\ASAP\asapusb.exe" [2007-01-10 11:55 384512]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 17:22 1132056]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 19:45 1169776]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 19:57 1945960]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 19:49 149024]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-26 16:54 774168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 17:48 275800]
"VX1000"="C:\Windows\vVX1000.exe" [2006-12-05 15:38 707360]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-08-10 08:16 151552]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 01:00 90112]
"CTXFIREG"="CTxfiReg.exe" [2008-02-20 20:55 43520 C:\Windows\System32\Ctxfireg.exe]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 18:10 180224]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 16:05 1410304]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 11:20 63048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\Windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\Windows\System32\Ctxfihlp.exe]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-04-23 10:41 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-04-23 10:41 92704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="C:\Windows\system32\READREG /SILENT /FAIL=1" [ ]
"CtxfiReg"="CTXFIREG.exe" [2008-02-20 20:55 43520 C:\Windows\System32\Ctxfireg.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.I420"= vdrcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{78E3D726-34C9-46D8-832B-B952ACB2DBAC}C:\\program files\\globalscape\\cuteftp\\cutftp32.exe"= UDP:C:\program files\globalscape\cuteftp\cutftp32.exe:Winsock FTP Client
"UDP Query User{ED419FC9-423B-4E8B-9D1F-FDC3394E4960}C:\\program files\\globalscape\\cuteftp\\cutftp32.exe"= TCP:C:\program files\globalscape\cuteftp\cutftp32.exe:Winsock FTP Client
"TCP Query User{509F58A8-74E2-4EFC-A43C-509B3F992F5E}D:\\programs\\btrl demo\\fs2_open_3_6_9.exe"= UDP:D:\programs\btrl demo\fs2_open_3_6_9.exe:FreeSpace
"UDP Query User{25E091C3-FF44-4D32-BD17-C6E355588A7B}D:\\programs\\btrl demo\\fs2_open_3_6_9.exe"= TCP:D:\programs\btrl demo\fs2_open_3_6_9.exe:FreeSpace
"TCP Query User{8DC7CFE1-D7EE-409F-BEA0-101CAEB49446}C:\\users\\dagon\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\dagon\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{CE8618BF-0817-4828-8292-CBB84A8EA625}C:\\users\\dagon\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\dagon\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"{35A7BCEB-B46D-4478-87BD-57D9DE800A67}"= D:\Programs\Command & Conquer 3\RetailExe\1.3\cnc3game.dat:Command & Conquer 3 Les guerres du Tiberium™
"TCP Query User{0E5322A3-E068-49DC-B9D3-085765435E64}D:\\programs\\defcon\\defcon.exe"= UDP:D:\programs\defcon\defcon.exe:Defcon
"UDP Query User{3D1D15D8-C4F1-4D58-9B8B-9E8CC4369039}D:\\programs\\defcon\\defcon.exe"= TCP:D:\programs\defcon\defcon.exe:Defcon
"TCP Query User{2DC4C4A6-080A-435D-8859-1E6795A3A405}D:\\programs\\company of heroes\\reliccoh.exe"= UDP:D:\programs\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{FD354DCB-640A-48C6-B291-4CD2CDD771C1}D:\\programs\\company of heroes\\reliccoh.exe"= TCP:D:\programs\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{609456EF-4087-48A1-A322-A8EE13837B84}C:\\users\\dagon\\desktop\\vlc-0.8.4a-crazy\\vlc.exe"= UDP:C:\users\dagon\desktop\vlc-0.8.4a-crazy\vlc.exe:vlc.exe
"UDP Query User{30771ED8-6138-40B5-9678-E4E58B100A9C}C:\\users\\dagon\\desktop\\vlc-0.8.4a-crazy\\vlc.exe"= TCP:C:\users\dagon\desktop\vlc-0.8.4a-crazy\vlc.exe:vlc.exe
"TCP Query User{31DB9D20-3DD1-478C-8723-56F0EAA66153}D:\\programs\\command & conquer 3\\retailexe\\1.4\\cnc3game.dat"= UDP:D:\programs\command & conquer 3\retailexe\1.4\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{CEDE86E0-A543-4C38-BA2D-EA8E053CF003}D:\\programs\\command & conquer 3\\retailexe\\1.4\\cnc3game.dat"= TCP:D:\programs\command & conquer 3\retailexe\1.4\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"{43AC3EF9-8D5F-44EC-B9C4-69272B8160C9}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{9FD296F2-2F49-4D33-88BB-6648D5BDA86A}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{697FA4CF-94C9-4B4A-8567-E852439C17FD}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{D26A9EB6-185F-4756-BC69-9326612B3331}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{D168018F-D776-41CF-A48E-E202DFBDB9F8}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{CD77D913-EF2C-4E18-8429-8FE0907ECA06}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{165C482C-7DAE-4DAD-978A-EF6382CE8BC0}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"{49603F64-5249-423B-AA2D-74E60721C39F}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"{F287C935-AB6A-4A74-9223-EAB4069DD8D3}"= UDP:D:\Programs\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{CD82428E-6EAC-4044-B330-0B83C3D66729}"= TCP:D:\Programs\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{C4F02E5A-F246-426B-A847-7F686457D838}"= UDP:D:\Programs\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{28F24696-EB59-4580-B891-136736A2D70F}"= TCP:D:\Programs\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{8DE54A15-06E6-4571-8816-4468E5DDD204}"= UDP:D:\Programs\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{3D5F4718-56AF-426A-8957-376193C48CA7}"= TCP:D:\Programs\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{C78FF5C6-E921-4835-9D35-C95D43ACE433}"= UDP:D:\Programs\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{814928EC-2E5D-4847-A1DC-79DF9A68DDD1}"= TCP:D:\Programs\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{C8CAA159-730D-4564-A4FA-90DEBAF66EF4}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{D73D28BB-23CE-4D60-8D0A-AEED018FBADE}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{646DF6D6-F4EA-4F1A-9965-CF146E533C9F}D:\\programs\\star trek legacy\\legacy.exe"= UDP:D:\programs\star trek legacy\legacy.exe:Star Trek Legacy
"UDP Query User{D3A965E4-E8B8-4B95-AAEF-A4158CBAE3BA}D:\\programs\\star trek legacy\\legacy.exe"= TCP:D:\programs\star trek legacy\legacy.exe:Star Trek Legacy
"{6D792524-29E0-4678-AC43-8FD0DA98E1BE}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{07A7F200-6192-4BF0-8F09-93B54B053229}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{B386B480-67AB-4B95-BFD8-D2A329180C27}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{6A3F322C-52B3-4F79-B9A0-9C7550E7AF90}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{3A5A4E16-63F5-4AC4-B116-A3EBA115D747}C:\\program files\\xi\\netxfer\\nettransport.exe"= UDP:C:\program files\xi\netxfer\nettransport.exe:NetXfer Download Manager
"UDP Query User{F4DE6B96-FEB4-416E-A9C1-BFB501B8805D}C:\\program files\\xi\\netxfer\\nettransport.exe"= TCP:C:\program files\xi\netxfer\nettransport.exe:NetXfer Download Manager
"TCP Query User{5054E55A-C352-4F61-87A0-1EBA7872CAAD}D:\\programs\\ultima online kingdom reborn\\uokr.exe"= UDP:D:\programs\ultima online kingdom reborn\uokr.exe:UOKR
"UDP Query User{DC96CF59-9691-4602-ACB1-5264BFA6902A}D:\\programs\\ultima online kingdom reborn\\uokr.exe"= TCP:D:\programs\ultima online kingdom reborn\uokr.exe:UOKR
"TCP Query User{66156255-BE65-4E48-9C0C-4FA9EA791514}C:\\program files\\homeplayer1.5.1.2\\homeplayer.exe"= UDP:C:\program files\homeplayer1.5.1.2\homeplayer.exe:HomePlayer
"UDP Query User{27973476-644E-4678-931E-3439FEAB77D0}C:\\program files\\homeplayer1.5.1.2\\homeplayer.exe"= TCP:C:\program files\homeplayer1.5.1.2\homeplayer.exe:HomePlayer
"TCP Query User{C30ADD88-0CD3-4BB3-80CB-64B61BB62F23}D:\\programs\\le seigneur des anneaux online\\lotroclient.exe"= UDP:D:\programs\le seigneur des anneaux online\lotroclient.exe:lotroclient.exe
"UDP Query User{6F554C8B-7FE1-4056-B462-5A9DE2DBE970}D:\\programs\\le seigneur des anneaux online\\lotroclient.exe"= TCP:D:\programs\le seigneur des anneaux online\lotroclient.exe:lotroclient.exe
"TCP Query User{6C280CEE-07BE-4714-AB50-1EE6596E54C5}D:\\programs\\command & conquer 3\\retailexe\\1.5\\cnc3game.dat"= UDP:D:\programs\command & conquer 3\retailexe\1.5\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{16C22C09-8DEF-47A8-83B9-87A62B0F0321}D:\\programs\\command & conquer 3\\retailexe\\1.5\\cnc3game.dat"= TCP:D:\programs\command & conquer 3\retailexe\1.5\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"{04CA52D7-32B4-4788-A804-01E8C8230FB7}"= UDP:443:ooVoo TCP port 443
"{52D888F6-1A22-4954-87F5-684A09015593}"= Disabled:TCP:443:UDP port 443 ooVoo
"{BDDBCF8D-AAE4-4311-9FB4-D87A8BC15B63}"= Disabled:UDP:37674:TCP port 37674 ooVoo
"{FADAF416-1708-4E22-9537-DB015E33696E}"= Disabled:TCP:37674:UDP port 37674 ooVoo
"{439D1568-F8E2-47E7-90B7-6B61344F1EE9}"= Disabled:TCP:37675:UDP port 37675 ooVoo
"TCP Query User{B04F39AD-CB13-4FCD-89D7-2F9C5F141BAD}C:\\program files\\oovoo\\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{9AF15683-54FD-4EA1-82F3-C12F35D0D9D0}C:\\program files\\oovoo\\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe:ooVoo
"TCP Query User{1ACCD41C-C5ED-47B4-991F-AFB5475A0C3A}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{16E4A98B-FB84-41B5-82C9-D03A877C2687}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{0A082EDD-8240-4619-90E9-7E81AF3D7D3A}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{AE4E957C-2564-4736-B9D7-925DE1960DBF}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{C21A5AF2-C400-4F24-90AB-CF8C58FE9B88}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8010115E-C7BF-4027-8336-BD4CEB9C81C7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{2EDE8E70-A373-42B7-BD43-A130BCA0A485}C:\\users\\dagon\\desktop\\emule0.48a\\emule0.48a\\emule.exe"= UDP:C:\users\dagon\desktop\emule0.48a\emule0.48a\emule.exe:emule.exe
"UDP Query User{FEAB418B-6E4B-4D98-BF68-136FD71F3462}C:\\users\\dagon\\desktop\\emule0.48a\\emule0.48a\\emule.exe"= TCP:C:\users\dagon\desktop\emule0.48a\emule0.48a\emule.exe:emule.exe
"{FAFB319D-21A3-4DBD-8B8D-416E57101A10}"= UDP:D:\Programs\Neverwinter 2\nwn2main.exe:Neverwinter Nights 2 Main
"{96635206-F455-444D-BA4C-A849E2E6678D}"= TCP:D:\Programs\Neverwinter 2\nwn2main.exe:Neverwinter Nights 2 Main
"{2E7BF82F-3E1D-4D7B-ACD3-1A88A5EB6E0C}"= UDP:D:\Programs\Neverwinter 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{ABFA8DA8-4155-4EC9-A497-DF889A37E40B}"= TCP:D:\Programs\Neverwinter 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{A9940AA3-E75F-410B-9A7E-803DA8BF52BB}"= UDP:D:\Programs\Neverwinter 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{583282F8-4FC6-4C30-8E44-9B26A121D40B}"= TCP:D:\Programs\Neverwinter 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{63A20BEB-9B1D-4950-B001-4AD78BCB0068}"= UDP:D:\Programs\Neverwinter 2\nwn2server.exe:Neverwinter Nights 2 Server
"{D523DDC2-5774-4686-8587-FAAB59EECB7D}"= TCP:D:\Programs\Neverwinter 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{3E118099-98BB-4722-9183-D5C9D369E40E}C:\\users\\dagon\\appdata\\local\\temp\\temp1_wakeonlanmonitor.zip\\wakeonlanmonitor.exe"= UDP:C:\users\dagon\appdata\local\temp\temp1_wakeonlanmonitor.zip\wakeonlanmonitor.exe:wakeonlanmonitor.exe
"UDP Query User{0FF48EFE-4374-4C90-8769-82B7B540EEFB}C:\\users\\dagon\\appdata\\local\\temp\\temp1_wakeonlanmonitor.zip\\wakeonlanmonitor.exe"= TCP:C:\users\dagon\appdata\local\temp\temp1_wakeonlanmonitor.zip\wakeonlanmonitor.exe:wakeonlanmonitor.exe
"TCP Query User{51DABAB3-6D4D-4F1A-92C1-536C61B49AE7}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C846E717-6187-4AE5-9242-17EB6DD8E118}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{7C4031E8-C316-4B5B-B8CD-D0CEC4B0A8FC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2D65652B-CC18-4DAA-BAB1-F19CFC63A688}D:\\programs\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= UDP:D:\programs\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{BD1002EC-B0D4-4D8A-9396-7FCDA5F424DC}D:\\programs\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= TCP:D:\programs\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"TCP Query User{DFE755A7-BD8F-4215-AFCA-3A6B65CFD968}C:\\users\\dagon\\desktop\\wakeonlanmonitor\\wakeonlanmonitor.exe"= UDP:C:\users\dagon\desktop\wakeonlanmonitor\wakeonlanmonitor.exe:wakeonlanmonitor.exe
"UDP Query User{585408B9-4AEC-4546-A420-2A2E71BE6BAA}C:\\users\\dagon\\desktop\\wakeonlanmonitor\\wakeonlanmonitor.exe"= TCP:C:\users\dagon\desktop\wakeonlanmonitor\wakeonlanmonitor.exe:wakeonlanmonitor.exe
"TCP Query User{F960351A-053E-4B58-AB7A-19594A28C6F1}C:\\users\\dagon\\desktop\\aocp20080410.exe"= UDP:C:\users\dagon\desktop\aocp20080410.exe:aocp20080410.exe
"UDP Query User{8893F83E-6A4D-4884-927A-9DB4CE15ED05}C:\\users\\dagon\\desktop\\aocp20080410.exe"= TCP:C:\users\dagon\desktop\aocp20080410.exe:aocp20080410.exe
"{E2458890-CF74-4EDE-8867-1858EAC70117}"= UDP:D:\Programs\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{368B0BE1-531A-4A9C-AE16-057E4111C0DF}"= TCP:D:\Programs\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{70C3F2F1-4A0D-4A77-ACB2-639FC6533DCD}"= UDP:D:\Programs\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{75A73E70-5C26-461D-A858-3E24FA28E12F}"= TCP:D:\Programs\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{97FCF7AD-3E69-4258-8A37-875E785DAF5C}"= UDP:D:\Programs\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{6B353752-F9C2-47E2-89AA-9FB139482854}"= TCP:D:\Programs\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2007-11-14 16:06]
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-09-12 11:21]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-09-12 11:20]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 14:13]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 00:33]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2006-11-15 16:24]
R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2008-02-25 09:44]
R3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2006-12-05 15:39]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;"C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" []
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;"C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe" [2008-04-12 10:26]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\Windows\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 13:18]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\Windows\system32\DRIVERS\se2End5.sys [2006-05-01 13:15]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\SE2Eobex.sys [2006-05-01 13:18]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\Windows\system32\DRIVERS\se2Eunic.sys [2006-05-01 13:15]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2007-12-23 18:07]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82f0dc1e-ca9d-11db-a77d-806e6f6e6963}]
\shell\AutoRun\command - F:\autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-25 15:15:59 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-05-05 23:35:25 C:\Windows\Tasks\User_Feed_Synchronization-{9AC6BA22-0B14-4BFB-BB4F-B6FF187594CA}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 13:15:47
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
C:\Windows\System32\PSIService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\RAXCO\PerfectDisk\PDEngine.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Windows\System32\CTxfispi.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ASUS\AI Remote\AiRemote.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-06 13:22:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-06 11:21:54
Pre-Run: 42,294,087,680 octets libres
Post-Run: 44,043,112,448 octets libres
352 --- E O F --- 2008-05-02 09:30:43
--------------------
HIJACKTHIS :
---------------------
Logfile of HijackThis v1.99.1
Scan saved at 13:28:13, on 06/05/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\AI Remote\AiRc.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\vVX1000.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\CtHelper.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ASUS\AI Remote\AiRemote.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\Dagon\Desktop\hijackthis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Ai Remote Help] "C:\Program Files\ASUS\AI Remote\AiRc.exe"
O4 - HKLM\..\Run: [ASUS ASAP USB] C:\Program Files\ASUS\ASAP\asapusb.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Bon, avant d'avoir ta réponse j'avais enlevé les 4 entrées/fichiers louches avec hijackthis, ils ne sont pas réapparus, ni sur le disk dur, ni à priori dans le registry :
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Dagon\AppData\Local\Temp\urqRLdCU.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Dagon\AppData\Local\Temp\geBrpqnN.dll,c
O4 - HKCU\..\Run: [BMa7c7656e] Rundll32.exe "C:\Users\Dagon\AppData\Local\Temp\jjxksxgu.dll",s
O4 - HKCU\..\Run: [a4f456f2] rundll32.exe "C:\Users\Dagon\AppData\Local\Temp\hbqshafk.dll",b
J'ai ensuite lancé combofix (nod32 tournait cependant et a viré un fichier eicar.txt, détecté comme un virus). Combofix m'a supprimé un fichier dans %appdata/roaming/inst.exe
(log ci joint)
J'ai ensuite lancé hijackthis.
GRAND MERCI pour ton temps et tes connaissances. A ton avis le système est-il propre maintenant ?
voici les deux logs :
COMBOFIX :
ComboFix 08-05-01.3 - Dagon 2008-05-06 13:10:52.1 - NTFSx86
Microsoft® Windows Vista™ Édition Intégrale 6.0.6001.1.1252.1.1036.18.1151 [GMT 2:00]
Endroit: C:\Users\Dagon\Desktop\ComboFix.exe
* Resident AV is active
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Dagon\AppData\Roaming\inst.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-06 to 2008-05-06 ))))))))))))))))))))))))))))))))))))
.
2008-05-06 08:28 . 2008-05-06 08:28 0 --ah----- C:\ntuser.dat.LOG2
2008-05-06 08:28 . 2008-05-06 08:28 0 --ah----- C:\ntuser.dat.LOG1
2008-05-06 08:28 . 2008-05-06 08:28 0 --a------ C:\ntuser.dat
2008-05-06 01:47 . 2008-05-06 01:47 <REP> d-------- C:\VundoFix Backups
2008-05-03 11:09 . 2008-05-03 11:09 <REP> d-------- C:\Program Files\Bonjour
2008-05-03 11:05 . 2008-05-03 11:05 <REP> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-05-03 10:41 . 2008-05-03 10:53 <REP> d-------- C:\Program Files\Macromedia
2008-05-03 10:41 . 2008-05-03 10:53 <REP> d-------- C:\Program Files\Common Files\Macromedia
2008-05-03 10:01 . 2008-05-03 10:01 <REP> d-------- C:\Windows\Logo Design Studio Pro
2008-05-03 10:01 . 2008-05-03 10:04 <REP> d-------- C:\Program Files\Logo Design Studio Pro
2008-05-01 21:11 . 2008-05-01 21:11 <REP> d-------- C:\Windows\nvidia icons
2008-05-01 21:09 . 2008-05-01 21:09 <REP> d-------- C:\NVIDIA
2008-04-29 13:30 . 2008-04-29 13:30 <REP> d-------- C:\ProgramData\Futuremark
2008-04-29 13:26 . 2008-04-29 13:26 <REP> d-------- C:\Program Files\Common Files\Futuremark Shared
2008-04-29 13:25 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll
2008-04-29 13:25 . 2008-03-05 15:56 1,420,824 --a------ C:\Windows\System32\D3DCompiler_37.dll
2008-04-29 13:25 . 2008-03-05 16:03 479,752 --a------ C:\Windows\System32\XAudio2_0.dll
2008-04-29 13:25 . 2008-02-05 23:07 462,864 --a------ C:\Windows\System32\d3dx10_37.dll
2008-04-29 13:25 . 2008-03-05 16:03 238,088 --a------ C:\Windows\System32\xactengine3_0.dll
2008-04-29 13:25 . 2008-03-05 16:00 25,608 --a------ C:\Windows\System32\X3DAudio1_3.dll
2008-04-21 20:27 . 2008-04-21 20:27 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-15 20:43 . 2008-04-15 20:43 <REP> d-------- C:\Users\Dagon\AppData\Roaming\Ubisoft
2008-04-13 11:31 . 2008-04-13 11:31 <REP> d-------- C:\Users\Dagon\AppData\Roaming\Thinstall
2008-04-12 10:26 . 2008-04-12 10:26 <REP> d-------- C:\Program Files\Common Files\Creative Labs Shared
2008-04-11 22:21 . 2008-05-06 13:14 54,760 --a------ C:\Windows\System32\BMXStateBkp-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2008-04-11 22:21 . 2008-05-06 13:14 54,760 --a------ C:\Windows\System32\BMXState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2008-04-11 22:21 . 2008-05-06 13:14 788 --a------ C:\Windows\System32\DVCState-{00000005-00000000-00000002-00001102-00000005-00311102}.rfx
2008-04-11 22:20 . 2008-04-11 22:20 87 -rah----- C:\Windows\ctfile.rfc
2008-04-06 12:50 . 2008-04-06 12:50 <REP> d-------- C:\ProgramData\vsosdk
2008-04-06 10:19 . 2004-05-04 11:53 1,645,320 --a------ C:\Windows\gdiplus.dll
2008-04-06 10:19 . 2006-05-20 16:16 1,184,984 --a------ C:\Windows\System32\wvc1dmod.dll
2008-04-06 10:19 . 2006-05-11 19:21 626,688 --a------ C:\Windows\System32\vp7vfw.dll
2008-04-06 10:19 . 2006-09-29 12:24 217,127 --a------ C:\Windows\System32\drv43260.dll
2008-04-06 10:19 . 2006-09-29 12:25 208,935 --a------ C:\Windows\System32\drv33260.dll
2008-04-06 10:19 . 2006-09-29 12:26 176,165 --a------ C:\Windows\System32\drv23260.dll
2008-04-06 10:19 . 2007-03-18 20:37 65,602 --a------ C:\Windows\System32\cook3260.dll
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 23:25 --------- d-----w C:\Program Files\LogMeIn
2008-05-03 12:39 1,786 --sha-w C:\Windows\System32\KGyGaAvL.sys
2008-05-03 09:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-01 19:14 --------- d-----w C:\ProgramData\NVIDIA
2008-04-29 11:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-29 11:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 11:26 --------- d-----w C:\Program Files\AGEIA Technologies
2008-04-22 06:53 27,672 ----a-r C:\Windows\system32\drivers\Entech.sys
2008-04-21 15:51 442,368 ----a-w C:\Windows\System32\nvuninst.exe
2008-04-20 12:35 --------- d-----w C:\ProgramData\Media Center Programs
2008-04-12 08:25 --------- d-----w C:\ProgramData\Creative
2008-04-11 20:22 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-04-11 20:22 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-04-10 20:16 --------- d-----w C:\Program Files\Windows Mail
2008-04-09 21:10 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-06 11:41 --------- d-----w C:\Users\Dagon\AppData\Roaming\Vso
2008-04-06 11:41 --------- d-----w C:\Program Files\vso
2008-04-06 08:19 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-04-06 08:19 47,360 ----a-w C:\Users\Dagon\AppData\Roaming\pcouffin.sys
2008-04-06 08:13 81,920 ----a-w C:\Users\Dagon\AppData\Roaming\ezpinst.exe
2008-04-03 20:23 --------- d-----w C:\Program Files\7-Zip
2008-03-29 20:13 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-03-29 13:57 --------- d-----w C:\Program Files\Creative
2008-03-25 16:48 --------- d-----w C:\Program Files\Avi2Dvd
2008-03-25 14:26 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-24 21:12 --------- d---a-w C:\ProgramData\TEMP
2008-03-23 18:16 --------- d-----w C:\Program Files\SmartFTP Client
2008-03-23 18:11 --------- d-----w C:\Program Files\SmartFTP Client 3.0 Setup Files
2008-03-23 08:50 --------- d-----w C:\Program Files\SyncBackSE
2008-03-08 14:32 --------- d-----w C:\Program Files\Java
2008-03-07 11:31 --------- d-----w C:\Program Files\EditPlus 2
2008-03-07 11:23 --------- d-----w C:\Program Files\Windows Live
2008-03-07 11:22 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-07 11:22 --------- d-----w C:\ProgramData\WLInstaller
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-25 07:41 72,728 ----a-w C:\Windows\System32\CTHWIUT.DLL
2008-02-25 07:41 566,296 ----a-w C:\Windows\System32\CTSBLFX.DLL
2008-02-25 07:41 329,240 ----a-w C:\Windows\System32\CTEDSPSY.DLL
2008-02-25 07:41 286,232 ----a-w C:\Windows\System32\CTEDSPFX.DLL
2008-02-25 07:41 174,104 ----a-w C:\Windows\System32\CTEAPSFX.DLL
2008-02-25 07:41 170,520 ----a-w C:\Windows\System32\CT20XUT.DLL
2008-02-25 07:41 134,680 ----a-w C:\Windows\System32\CTEDSPIO.DLL
2008-02-25 07:41 100,888 ----a-w C:\Windows\System32\CTERFXFX.DLL
2008-02-25 07:41 1,323,544 ----a-w C:\Windows\System32\CTEXFIFX.DLL
2008-02-25 07:40 98,328 ----a-w C:\Windows\System32\COMMONFX.DLL
2008-02-25 07:40 551,960 ----a-w C:\Windows\System32\CTAUDFX.DLL
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-02-20 19:00 43,520 ----a-w C:\Windows\System32\CTBurst.dll
2008-02-20 18:59 86,016 ----a-w C:\Windows\System32\ctcoinst.dll
2008-02-20 18:59 34,816 ----a-w C:\Windows\System32\a3d.dll
2008-02-20 18:59 27,648 ----a-w C:\Windows\System32\ac3api.dll
2008-02-20 18:59 163,840 ----a-w C:\Windows\System32\ctdvinst.dll
2008-02-20 18:55 969,216 ----a-w C:\Windows\System32\CTxfispi.exe
2008-02-20 18:55 43,520 ----a-w C:\Windows\System32\Ctxfireg.exe
2008-02-20 18:55 10,752 ----a-w C:\Windows\System32\Ct20xspi.dll
2008-02-20 18:49 110,080 ----a-w C:\Windows\System32\ctemupia.dll
2008-02-20 18:47 49,152 ----a-w C:\Windows\System32\ctdproxy.dll
2008-02-20 18:47 46,592 ----a-w C:\Windows\System32\ctasio.dll
2008-02-20 18:47 174,592 ----a-w C:\Windows\System32\ct_oal.dll
2008-02-20 18:47 17,920 ----a-w C:\Windows\System32\ctedasio.dll
2008-02-20 18:46 69,120 ----a-w C:\Windows\System32\ctosuser.dll
2008-02-20 18:46 64,512 ----a-w C:\Windows\System32\piaproxy.dll
2008-02-20 18:46 6,144 ----a-w C:\Windows\System32\sfman32.dll
2008-02-20 18:46 13,312 ----a-w C:\Windows\System32\regplib.exe
2008-02-20 18:46 104,448 ----a-w C:\Windows\System32\sfms32.dll
2008-02-20 18:44 5,120 ----a-w C:\Windows\System32\ENLOCSTR.EXE
2008-02-20 18:44 10,240 ----a-w C:\Windows\System32\KILLAPPS.EXE
2008-02-20 18:43 32,768 ----a-w C:\Windows\System32\devreg.dll
2008-02-20 18:43 28,672 ----a-w C:\Windows\System32\MIDIDEF.EXE
2008-02-16 17:54 174 --sha-w C:\Program Files\desktop.ini
2008-02-16 17:28 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-02-16 17:28 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-02-16 17:08 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-02-16 17:08 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2007-06-16 15:41 495,041,289 ----a-w C:\Users\Public\setup_fbi_faces3.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 00:33 125952]
"LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 15:41 145496]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 12:29 220544]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-08-29 17:09 171464]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 11:42 53341]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 00:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 00:38 1008184]
"Ai Remote Help"="C:\Program Files\ASUS\AI Remote\AiRc.exe" [2007-01-19 14:24 3347456]
"ASUS ASAP USB"="C:\Program Files\ASUS\ASAP\asapusb.exe" [2007-01-10 11:55 384512]
"Launch LGDCore"="C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" [2007-04-26 17:22 1132056]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-02-16 19:45 1169776]
"AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-02-16 19:57 1945960]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-02-16 19:49 149024]
"Launch LCDMon"="C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe" [2007-04-26 16:54 774168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 17:48 275800]
"VX1000"="C:\Windows\vVX1000.exe" [2006-12-05 15:38 707360]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-08-10 08:16 151552]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 01:00 90112]
"CTXFIREG"="CTxfiReg.exe" [2008-02-20 20:55 43520 C:\Windows\System32\Ctxfireg.exe]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 18:10 180224]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 10:51 1836328]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-11-14 16:05 1410304]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 11:20 63048]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\Windows\KHALMNPR.Exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"CTHelper"="CTHELPER.EXE" [2008-02-20 20:58 19456 C:\Windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-02-20 20:58 19968 C:\Windows\System32\Ctxfihlp.exe]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-04-23 10:41 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-04-23 10:41 92704]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="C:\Windows\system32\READREG /SILENT /FAIL=1" [ ]
"CtxfiReg"="CTXFIREG.exe" [2008-02-20 20:55 43520 C:\Windows\System32\Ctxfireg.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.I420"= vdrcodec.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{78E3D726-34C9-46D8-832B-B952ACB2DBAC}C:\\program files\\globalscape\\cuteftp\\cutftp32.exe"= UDP:C:\program files\globalscape\cuteftp\cutftp32.exe:Winsock FTP Client
"UDP Query User{ED419FC9-423B-4E8B-9D1F-FDC3394E4960}C:\\program files\\globalscape\\cuteftp\\cutftp32.exe"= TCP:C:\program files\globalscape\cuteftp\cutftp32.exe:Winsock FTP Client
"TCP Query User{509F58A8-74E2-4EFC-A43C-509B3F992F5E}D:\\programs\\btrl demo\\fs2_open_3_6_9.exe"= UDP:D:\programs\btrl demo\fs2_open_3_6_9.exe:FreeSpace
"UDP Query User{25E091C3-FF44-4D32-BD17-C6E355588A7B}D:\\programs\\btrl demo\\fs2_open_3_6_9.exe"= TCP:D:\programs\btrl demo\fs2_open_3_6_9.exe:FreeSpace
"TCP Query User{8DC7CFE1-D7EE-409F-BEA0-101CAEB49446}C:\\users\\dagon\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= UDP:C:\users\dagon\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"UDP Query User{CE8618BF-0817-4828-8292-CBB84A8EA625}C:\\users\\dagon\\appdata\\local\\temp\\electronicarts_patcher_000.exe"= TCP:C:\users\dagon\appdata\local\temp\electronicarts_patcher_000.exe:electronicarts_patcher_000.exe
"{35A7BCEB-B46D-4478-87BD-57D9DE800A67}"= D:\Programs\Command & Conquer 3\RetailExe\1.3\cnc3game.dat:Command & Conquer 3 Les guerres du Tiberium™
"TCP Query User{0E5322A3-E068-49DC-B9D3-085765435E64}D:\\programs\\defcon\\defcon.exe"= UDP:D:\programs\defcon\defcon.exe:Defcon
"UDP Query User{3D1D15D8-C4F1-4D58-9B8B-9E8CC4369039}D:\\programs\\defcon\\defcon.exe"= TCP:D:\programs\defcon\defcon.exe:Defcon
"TCP Query User{2DC4C4A6-080A-435D-8859-1E6795A3A405}D:\\programs\\company of heroes\\reliccoh.exe"= UDP:D:\programs\company of heroes\reliccoh.exe:RelicCOH
"UDP Query User{FD354DCB-640A-48C6-B291-4CD2CDD771C1}D:\\programs\\company of heroes\\reliccoh.exe"= TCP:D:\programs\company of heroes\reliccoh.exe:RelicCOH
"TCP Query User{609456EF-4087-48A1-A322-A8EE13837B84}C:\\users\\dagon\\desktop\\vlc-0.8.4a-crazy\\vlc.exe"= UDP:C:\users\dagon\desktop\vlc-0.8.4a-crazy\vlc.exe:vlc.exe
"UDP Query User{30771ED8-6138-40B5-9678-E4E58B100A9C}C:\\users\\dagon\\desktop\\vlc-0.8.4a-crazy\\vlc.exe"= TCP:C:\users\dagon\desktop\vlc-0.8.4a-crazy\vlc.exe:vlc.exe
"TCP Query User{31DB9D20-3DD1-478C-8723-56F0EAA66153}D:\\programs\\command & conquer 3\\retailexe\\1.4\\cnc3game.dat"= UDP:D:\programs\command & conquer 3\retailexe\1.4\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{CEDE86E0-A543-4C38-BA2D-EA8E053CF003}D:\\programs\\command & conquer 3\\retailexe\\1.4\\cnc3game.dat"= TCP:D:\programs\command & conquer 3\retailexe\1.4\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"{43AC3EF9-8D5F-44EC-B9C4-69272B8160C9}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{9FD296F2-2F49-4D33-88BB-6648D5BDA86A}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{697FA4CF-94C9-4B4A-8567-E852439C17FD}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{D26A9EB6-185F-4756-BC69-9326612B3331}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{D168018F-D776-41CF-A48E-E202DFBDB9F8}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{CD77D913-EF2C-4E18-8429-8FE0907ECA06}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{165C482C-7DAE-4DAD-978A-EF6382CE8BC0}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"{49603F64-5249-423B-AA2D-74E60721C39F}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi
"{F287C935-AB6A-4A74-9223-EAB4069DD8D3}"= UDP:D:\Programs\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{CD82428E-6EAC-4044-B330-0B83C3D66729}"= TCP:D:\Programs\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main
"{C4F02E5A-F246-426B-A847-7F686457D838}"= UDP:D:\Programs\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{28F24696-EB59-4580-B891-136736A2D70F}"= TCP:D:\Programs\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{8DE54A15-06E6-4571-8816-4468E5DDD204}"= UDP:D:\Programs\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{3D5F4718-56AF-426A-8957-376193C48CA7}"= TCP:D:\Programs\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{C78FF5C6-E921-4835-9D35-C95D43ACE433}"= UDP:D:\Programs\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"{814928EC-2E5D-4847-A1DC-79DF9A68DDD1}"= TCP:D:\Programs\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{C8CAA159-730D-4564-A4FA-90DEBAF66EF4}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{D73D28BB-23CE-4D60-8D0A-AEED018FBADE}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{646DF6D6-F4EA-4F1A-9965-CF146E533C9F}D:\\programs\\star trek legacy\\legacy.exe"= UDP:D:\programs\star trek legacy\legacy.exe:Star Trek Legacy
"UDP Query User{D3A965E4-E8B8-4B95-AAEF-A4158CBAE3BA}D:\\programs\\star trek legacy\\legacy.exe"= TCP:D:\programs\star trek legacy\legacy.exe:Star Trek Legacy
"{6D792524-29E0-4678-AC43-8FD0DA98E1BE}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{07A7F200-6192-4BF0-8F09-93B54B053229}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{B386B480-67AB-4B95-BFD8-D2A329180C27}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{6A3F322C-52B3-4F79-B9A0-9C7550E7AF90}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"TCP Query User{3A5A4E16-63F5-4AC4-B116-A3EBA115D747}C:\\program files\\xi\\netxfer\\nettransport.exe"= UDP:C:\program files\xi\netxfer\nettransport.exe:NetXfer Download Manager
"UDP Query User{F4DE6B96-FEB4-416E-A9C1-BFB501B8805D}C:\\program files\\xi\\netxfer\\nettransport.exe"= TCP:C:\program files\xi\netxfer\nettransport.exe:NetXfer Download Manager
"TCP Query User{5054E55A-C352-4F61-87A0-1EBA7872CAAD}D:\\programs\\ultima online kingdom reborn\\uokr.exe"= UDP:D:\programs\ultima online kingdom reborn\uokr.exe:UOKR
"UDP Query User{DC96CF59-9691-4602-ACB1-5264BFA6902A}D:\\programs\\ultima online kingdom reborn\\uokr.exe"= TCP:D:\programs\ultima online kingdom reborn\uokr.exe:UOKR
"TCP Query User{66156255-BE65-4E48-9C0C-4FA9EA791514}C:\\program files\\homeplayer1.5.1.2\\homeplayer.exe"= UDP:C:\program files\homeplayer1.5.1.2\homeplayer.exe:HomePlayer
"UDP Query User{27973476-644E-4678-931E-3439FEAB77D0}C:\\program files\\homeplayer1.5.1.2\\homeplayer.exe"= TCP:C:\program files\homeplayer1.5.1.2\homeplayer.exe:HomePlayer
"TCP Query User{C30ADD88-0CD3-4BB3-80CB-64B61BB62F23}D:\\programs\\le seigneur des anneaux online\\lotroclient.exe"= UDP:D:\programs\le seigneur des anneaux online\lotroclient.exe:lotroclient.exe
"UDP Query User{6F554C8B-7FE1-4056-B462-5A9DE2DBE970}D:\\programs\\le seigneur des anneaux online\\lotroclient.exe"= TCP:D:\programs\le seigneur des anneaux online\lotroclient.exe:lotroclient.exe
"TCP Query User{6C280CEE-07BE-4714-AB50-1EE6596E54C5}D:\\programs\\command & conquer 3\\retailexe\\1.5\\cnc3game.dat"= UDP:D:\programs\command & conquer 3\retailexe\1.5\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{16C22C09-8DEF-47A8-83B9-87A62B0F0321}D:\\programs\\command & conquer 3\\retailexe\\1.5\\cnc3game.dat"= TCP:D:\programs\command & conquer 3\retailexe\1.5\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"{04CA52D7-32B4-4788-A804-01E8C8230FB7}"= UDP:443:ooVoo TCP port 443
"{52D888F6-1A22-4954-87F5-684A09015593}"= Disabled:TCP:443:UDP port 443 ooVoo
"{BDDBCF8D-AAE4-4311-9FB4-D87A8BC15B63}"= Disabled:UDP:37674:TCP port 37674 ooVoo
"{FADAF416-1708-4E22-9537-DB015E33696E}"= Disabled:TCP:37674:UDP port 37674 ooVoo
"{439D1568-F8E2-47E7-90B7-6B61344F1EE9}"= Disabled:TCP:37675:UDP port 37675 ooVoo
"TCP Query User{B04F39AD-CB13-4FCD-89D7-2F9C5F141BAD}C:\\program files\\oovoo\\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{9AF15683-54FD-4EA1-82F3-C12F35D0D9D0}C:\\program files\\oovoo\\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe:ooVoo
"TCP Query User{1ACCD41C-C5ED-47B4-991F-AFB5475A0C3A}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{16E4A98B-FB84-41B5-82C9-D03A877C2687}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{0A082EDD-8240-4619-90E9-7E81AF3D7D3A}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{AE4E957C-2564-4736-B9D7-925DE1960DBF}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"TCP Query User{C21A5AF2-C400-4F24-90AB-CF8C58FE9B88}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{8010115E-C7BF-4027-8336-BD4CEB9C81C7}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{2EDE8E70-A373-42B7-BD43-A130BCA0A485}C:\\users\\dagon\\desktop\\emule0.48a\\emule0.48a\\emule.exe"= UDP:C:\users\dagon\desktop\emule0.48a\emule0.48a\emule.exe:emule.exe
"UDP Query User{FEAB418B-6E4B-4D98-BF68-136FD71F3462}C:\\users\\dagon\\desktop\\emule0.48a\\emule0.48a\\emule.exe"= TCP:C:\users\dagon\desktop\emule0.48a\emule0.48a\emule.exe:emule.exe
"{FAFB319D-21A3-4DBD-8B8D-416E57101A10}"= UDP:D:\Programs\Neverwinter 2\nwn2main.exe:Neverwinter Nights 2 Main
"{96635206-F455-444D-BA4C-A849E2E6678D}"= TCP:D:\Programs\Neverwinter 2\nwn2main.exe:Neverwinter Nights 2 Main
"{2E7BF82F-3E1D-4D7B-ACD3-1A88A5EB6E0C}"= UDP:D:\Programs\Neverwinter 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{ABFA8DA8-4155-4EC9-A497-DF889A37E40B}"= TCP:D:\Programs\Neverwinter 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD
"{A9940AA3-E75F-410B-9A7E-803DA8BF52BB}"= UDP:D:\Programs\Neverwinter 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{583282F8-4FC6-4C30-8E44-9B26A121D40B}"= TCP:D:\Programs\Neverwinter 2\nwupdate.exe:Neverwinter Nights 2 Updater
"{63A20BEB-9B1D-4950-B001-4AD78BCB0068}"= UDP:D:\Programs\Neverwinter 2\nwn2server.exe:Neverwinter Nights 2 Server
"{D523DDC2-5774-4686-8587-FAAB59EECB7D}"= TCP:D:\Programs\Neverwinter 2\nwn2server.exe:Neverwinter Nights 2 Server
"TCP Query User{3E118099-98BB-4722-9183-D5C9D369E40E}C:\\users\\dagon\\appdata\\local\\temp\\temp1_wakeonlanmonitor.zip\\wakeonlanmonitor.exe"= UDP:C:\users\dagon\appdata\local\temp\temp1_wakeonlanmonitor.zip\wakeonlanmonitor.exe:wakeonlanmonitor.exe
"UDP Query User{0FF48EFE-4374-4C90-8769-82B7B540EEFB}C:\\users\\dagon\\appdata\\local\\temp\\temp1_wakeonlanmonitor.zip\\wakeonlanmonitor.exe"= TCP:C:\users\dagon\appdata\local\temp\temp1_wakeonlanmonitor.zip\wakeonlanmonitor.exe:wakeonlanmonitor.exe
"TCP Query User{51DABAB3-6D4D-4F1A-92C1-536C61B49AE7}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{C846E717-6187-4AE5-9242-17EB6DD8E118}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{7C4031E8-C316-4B5B-B8CD-D0CEC4B0A8FC}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2D65652B-CC18-4DAA-BAB1-F19CFC63A688}D:\\programs\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= UDP:D:\programs\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"UDP Query User{BD1002EC-B0D4-4D8A-9396-7FCDA5F424DC}D:\\programs\\command & conquer 3\\retailexe\\1.9\\cnc3game.dat"= TCP:D:\programs\command & conquer 3\retailexe\1.9\cnc3game.dat:Command and Conquer 3 Tiberium Wars™
"TCP Query User{DFE755A7-BD8F-4215-AFCA-3A6B65CFD968}C:\\users\\dagon\\desktop\\wakeonlanmonitor\\wakeonlanmonitor.exe"= UDP:C:\users\dagon\desktop\wakeonlanmonitor\wakeonlanmonitor.exe:wakeonlanmonitor.exe
"UDP Query User{585408B9-4AEC-4546-A420-2A2E71BE6BAA}C:\\users\\dagon\\desktop\\wakeonlanmonitor\\wakeonlanmonitor.exe"= TCP:C:\users\dagon\desktop\wakeonlanmonitor\wakeonlanmonitor.exe:wakeonlanmonitor.exe
"TCP Query User{F960351A-053E-4B58-AB7A-19594A28C6F1}C:\\users\\dagon\\desktop\\aocp20080410.exe"= UDP:C:\users\dagon\desktop\aocp20080410.exe:aocp20080410.exe
"UDP Query User{8893F83E-6A4D-4884-927A-9DB4CE15ED05}C:\\users\\dagon\\desktop\\aocp20080410.exe"= TCP:C:\users\dagon\desktop\aocp20080410.exe:aocp20080410.exe
"{E2458890-CF74-4EDE-8867-1858EAC70117}"= UDP:D:\Programs\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{368B0BE1-531A-4A9C-AE16-057E4111C0DF}"= TCP:D:\Programs\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9
"{70C3F2F1-4A0D-4A77-ACB2-639FC6533DCD}"= UDP:D:\Programs\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{75A73E70-5C26-461D-A858-3E24FA28E12F}"= TCP:D:\Programs\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10
"{97FCF7AD-3E69-4258-8A37-875E785DAF5C}"= UDP:D:\Programs\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
"{6B353752-F9C2-47E2-89AA-9FB139482854}"= TCP:D:\Programs\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2007-11-14 16:06]
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-03-07 19:24]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-09-12 11:21]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-09-12 11:20]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 14:13]
R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2008-01-19 00:33]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2006-11-15 16:24]
R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2008-02-25 09:44]
R3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2006-12-05 15:39]
S2 AcronisOSSReinstallSvc;Acronis OS Selector Reinstall Service;"C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe" []
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;"C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe" [2008-04-12 10:26]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\Windows\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 13:18]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\Windows\system32\DRIVERS\se2End5.sys [2006-05-01 13:15]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\SE2Eobex.sys [2006-05-01 13:18]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\Windows\system32\DRIVERS\se2Eunic.sys [2006-05-01 13:15]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2007-12-23 18:07]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82f0dc1e-ca9d-11db-a77d-806e6f6e6963}]
\shell\AutoRun\command - F:\autorun.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-25 15:15:59 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-05-05 23:35:25 C:\Windows\Tasks\User_Feed_Synchronization-{9AC6BA22-0B14-4BFB-BB4F-B6FF187594CA}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 13:15:47
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\RAXCO\PerfectDisk\PDAgent.exe
C:\Windows\System32\PSIService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\RAXCO\PerfectDisk\PDEngine.exe
C:\Windows\System32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Windows\System32\CTxfispi.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ASUS\AI Remote\AiRemote.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-06 13:22:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-06 11:21:54
Pre-Run: 42,294,087,680 octets libres
Post-Run: 44,043,112,448 octets libres
352 --- E O F --- 2008-05-02 09:30:43
--------------------
HIJACKTHIS :
---------------------
Logfile of HijackThis v1.99.1
Scan saved at 13:28:13, on 06/05/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ASUS\AI Remote\AiRc.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Windows\vVX1000.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Windows\System32\CtHelper.exe
C:\Windows\System32\Ctxfihlp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ASUS\AI Remote\AiRemote.exe
C:\Windows\Explorer.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\Dagon\Desktop\hijackthis\HijackThis.exe
C:\Windows\system32\DllHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Ai Remote Help] "C:\Program Files\ASUS\AI Remote\AiRc.exe"
O4 - HKLM\..\Run: [ASUS ASAP USB] C:\Program Files\ASUS\ASAP\asapusb.exe
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su2/ocx/15035/CTPID.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 320
6 mai 2008 à 18:19
6 mai 2008 à 18:19
Ok.
Fais un scan en ligne Kaspersky avec Internet Explorer :
- Clique sur Démarrer Online-Scanner
- Clique maintenant sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail.
- Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Configurer le contrôle des ActiveX
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
A+
Fais un scan en ligne Kaspersky avec Internet Explorer :
- Clique sur Démarrer Online-Scanner
- Clique maintenant sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail.
- Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Configurer le contrôle des ActiveX
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
A+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
the_dagon
Messages postés
7
Date d'inscription
mardi 6 mai 2008
Statut
Membre
Dernière intervention
10 novembre 2009
6 mai 2008 à 19:03
6 mai 2008 à 19:03
incompatible vista...
the_dagon
Messages postés
7
Date d'inscription
mardi 6 mai 2008
Statut
Membre
Dernière intervention
10 novembre 2009
9 mai 2008 à 21:01
9 mai 2008 à 21:01
comme dit dans mon post précédent, kaspersky en online scanner n'est pas compatible vista... que puis-je utiliser d'autre ?
Au vu du log HijackThis et Combofix, le système est-il propre maintenant ?
merci pour tout !
Au vu du log HijackThis et Combofix, le système est-il propre maintenant ?
merci pour tout !
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 320
10 mai 2008 à 11:12
10 mai 2008 à 11:12
Salut.
Oui. :-)
Des problèmes en particulier?
Sinon, tu me disais que le démarrage était lent?
A+
Oui. :-)
Des problèmes en particulier?
Sinon, tu me disais que le démarrage était lent?
A+
nkd
Messages postés
73
Date d'inscription
jeudi 24 avril 2008
Statut
Membre
Dernière intervention
21 mai 2010
7
10 mai 2008 à 11:15
10 mai 2008 à 11:15
As tu un anti virus?Si oui,c koi,le mets tu a jour de temps à autre ou active la mise à jour automatique,essaie de faire un scan en ligne
the_dagon
Messages postés
7
Date d'inscription
mardi 6 mai 2008
Statut
Membre
Dernière intervention
10 novembre 2009
10 mai 2008 à 13:13
10 mai 2008 à 13:13
Oui le démarrage est à priori assez lent depuis cette infection, et pourtant je n'ai pas des tonnes d'applis en démarrage, d'après msconfig.
Mon antivirus est NOD32 qui est mis à jour automatiquement tous les jours.
Bon, je défragmenterai d'ici là.
quoiqu'il en soit, les instructions de Regis59 (hijackthis + combofix) semblent avoir tout résolu au niveau de l'infection.
MERCI !
Mon antivirus est NOD32 qui est mis à jour automatiquement tous les jours.
Bon, je défragmenterai d'ici là.
quoiqu'il en soit, les instructions de Regis59 (hijackthis + combofix) semblent avoir tout résolu au niveau de l'infection.
MERCI !
Regis59
Messages postés
21143
Date d'inscription
mardi 27 juin 2006
Statut
Contributeur sécurité
Dernière intervention
22 juin 2016
1 320
10 mai 2008 à 14:46
10 mai 2008 à 14:46
Salut
Pour le démarrage, Fais démarrer < tous les programmes < démarrage
Tu as quelque chose la?
A+
Pour le démarrage, Fais démarrer < tous les programmes < démarrage
Tu as quelque chose la?
A+