A voir également:
- Virus TR/Agent.iob / Win32:Trojan-gen
- Svchost.exe virus - Guide
- Win32 pup gen ✓ - Forum Linux / Unix
- Faux message virus iphone ✓ - Forum iPhone
- Win32:bogent - Forum Virus
- Win32:malware-gen ✓ - Forum Virus
25 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
20 oct. 2008 à 16:35
20 oct. 2008 à 16:35
slt
un seul antivirus sur un ordi sinon cela plante : garde norton ou antivir ou avast (norton si tu paye, sinon antivir)
pour virer norton
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
pour virer avast:
https://www.avast.com/fr-fr/uninstall-utility
_________________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
_________________
lance ccleaner pour virer les traces de surf
https://www.malekal.com/tutoriel-ccleaner/
___________________
remets un rapport hijakhcits ensuite
a plus
un seul antivirus sur un ordi sinon cela plante : garde norton ou antivir ou avast (norton si tu paye, sinon antivir)
pour virer norton
http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
pour virer avast:
https://www.avast.com/fr-fr/uninstall-utility
_________________
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
_________________
lance ccleaner pour virer les traces de surf
https://www.malekal.com/tutoriel-ccleaner/
___________________
remets un rapport hijakhcits ensuite
a plus
Voilà le rapport de Combofix:
ComboFix 08-10-19.04 - Cyrille 2008-10-20 16:54:46.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2563 [GMT 2:00]
Lancé depuis: C:\Users\Cyrille.CYRILLE\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\jusched.exe
C:\Windows\system32\wxmmin.dll
G:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-20 au 2008-10-20 ))))))))))))))))))))))))))))))))))))
.
2008-10-20 16:59 . 2008-10-12 17:55 81,920 --a------ C:\Users\Cyrille.CYRILLE\AppData\Roaming\comrepl.exe
2008-10-20 16:59 . 2008-10-12 17:55 81,920 --a------ C:\Users\Cyrille.CYRILLE\AppData\Roaming\cisvc.exe
2008-10-19 12:48 . 2008-10-19 12:50 <REP> d-------- C:\Users\All Users\Lavasoft
2008-10-19 12:48 . 2008-10-19 12:50 <REP> d-------- C:\ProgramData\Lavasoft
2008-10-19 12:48 . 2008-10-19 12:48 <REP> d-------- C:\Program Files\Lavasoft
2008-10-19 12:47 . 2008-10-19 12:47 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-17 22:44 . 2008-10-17 22:44 <REP> d-------- C:\Program Files\CCleaner
2008-10-15 18:44 . 2008-10-15 18:44 <REP> d-------- C:\Program Files\Ubisoft
2008-10-15 17:32 . 2008-09-18 06:27 3,506,744 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 17:32 . 2008-09-18 06:27 3,472,952 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 17:32 . 2008-09-18 04:03 2,027,520 --a------ C:\Windows\System32\win32k.sys
2008-10-15 17:32 . 2008-08-26 03:12 290,304 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-14 20:42 . 2008-10-14 20:42 244 --ah----- C:\sqmnoopt09.sqm
2008-10-14 20:42 . 2008-10-14 20:42 232 --ah----- C:\sqmdata09.sqm
2008-10-14 18:02 . 2008-10-14 18:02 <REP> dr-h----- C:\Users\Cyrille.CYRILLE\AppData\Roaming\SecuROM
2008-10-14 18:00 . 2008-10-14 18:00 <REP> d-------- C:\Windows\System32\URTTEMP
2008-10-14 17:59 . 2008-10-14 22:30 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-10-14 17:59 . 2008-10-14 17:59 22,328 --a------ C:\Users\Cyrille.CYRILLE\AppData\Roaming\PnkBstrK.sys
2008-10-14 17:58 . 2008-10-14 17:58 669,184 --a------ C:\Windows\System32\pbsvc.exe
2008-10-14 17:58 . 2008-10-14 22:30 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-10-14 17:58 . 2008-10-14 17:58 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-10-14 17:56 . 2008-10-14 17:56 <REP> d-------- C:\Users\All Users\Media Center Programs
2008-10-14 17:56 . 2008-10-14 17:56 <REP> d-------- C:\ProgramData\Media Center Programs
2008-10-14 17:43 . 2008-10-14 17:43 <REP> d-------- C:\Program Files\Electronic Arts
2008-10-14 16:30 . 2008-10-14 16:43 <REP> d-------- C:\Program Files\Prey
2008-10-14 15:52 . 2008-10-14 15:52 <REP> d-------- C:\Users\Cyrille.CYRILLE\AppData\Roaming\Disney Interactive Studios
2008-10-14 15:33 . 2008-10-14 15:33 <REP> d-------- C:\Program Files\Disney Interactive Studios
2008-10-14 15:30 . 2008-10-14 15:30 <REP> d-------- C:\Users\Cyrille.CYRILLE\AppData\Roaming\InstallShield
2008-10-14 15:30 . 2008-10-14 15:48 1,002 --a------ C:\Windows\disney.ini
2008-10-13 19:01 . 2008-10-13 19:01 443,756 --a------ C:\Windows\Oral
2008-10-12 17:55 . 2008-10-12 17:55 81,920 --a------ C:\Windows\System32\drivers\cmstp.exe
2008-10-12 17:12 . 2008-10-12 17:12 <REP> d-------- C:\Program Files\THQ
2008-09-29 20:27 . 2008-09-29 20:27 268 --ah----- C:\sqmdata08.sqm
2008-09-29 20:27 . 2008-09-29 20:27 244 --ah----- C:\sqmnoopt08.sqm
2008-09-23 18:12 . 2008-10-19 15:45 23 --a------ C:\Windows\BlendSettings.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-20 14:59 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\DNA
2008-10-20 14:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-20 14:46 --------- d-----w C:\ProgramData\Symantec
2008-10-19 09:05 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\BitTorrent
2008-10-19 09:03 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\gtk-2.0
2008-10-16 21:56 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\LimeWire
2008-10-16 11:48 --------- d-----w C:\Program Files\Windows Mail
2008-10-16 10:28 --------- d-----w C:\Program Files\Astonsoft
2008-10-15 16:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-14 13:49 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-10-12 16:31 --------- d-----w C:\Program Files\eMule
2008-10-09 12:37 --------- d-----w C:\Program Files\Common Files\Steam
2008-10-02 03:49 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-09-29 19:53 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\OpenOffice.org2
2008-09-26 17:47 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-23 16:00 --------- d-----w C:\Program Files\Bethesda Softworks
2008-09-19 20:10 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-09-19 17:09 --------- d-----w C:\ProgramData\Avira
2008-09-19 17:09 --------- d-----w C:\Program Files\Avira
2008-09-17 20:07 --------- d-----w C:\Program Files\DNA
2008-09-15 17:24 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\Dev-Cpp
2008-09-14 17:42 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\Samsung
2008-09-14 17:20 --------- d-----w C:\Program Files\Samsung
2008-09-11 19:20 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-09-09 12:47 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-09-07 15:07 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\AVS4YOU
2008-09-07 15:07 --------- d-----w C:\ProgramData\AVS4YOU
2008-09-05 14:14 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\DivX
2008-09-05 14:13 --------- d-----w C:\Program Files\DivX
2008-09-05 14:13 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-09-04 11:18 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-02 17:08 --------- d-----w C:\Program Files\Red Kawa
2008-08-27 08:38 --------- d-----w C:\Program Files\Diablo II
2008-08-27 08:36 21,840 ----atw C:\Windows\System32\SIntfNT.dll
2008-08-27 08:36 17,212 ----atw C:\Windows\System32\SIntf32.dll
2008-08-27 08:36 12,067 ----atw C:\Windows\System32\SIntf16.dll
2008-08-27 06:57 2,829 ----a-w C:\Windows\DIIUnin.pif
2008-08-27 06:57 102,400 ----a-w C:\Windows\DIIUnin.exe
2008-08-22 15:48 --------- d-----w C:\Program Files\Microsoft Games
2008-08-05 22:02 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-08-05 22:02 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-08-05 22:00 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-08-05 21:58 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-08-05 21:58 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-08-05 21:58 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-08-05 21:58 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-08-05 21:58 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-08-04 11:47 729,088 ----a-w C:\Windows\iun6002.exe
2008-08-02 19:10 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-07-31 08:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-25 11:19 3,426,072 ----a-w C:\Windows\System32\d3dx9_32.dll
2008-07-16 15:37 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2008-10-09 1410296]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-27 8473120]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-27 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"="C:\Windows\System32\drivers\cmstp.exe" [2008-10-12 81920]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ComRepl"="C:\Users\CYRILL~1.CYR\AppData\Local\Temp\comrepl.exe" [2008-10-12 81920]
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ComRepl"="C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe" [2008-10-12 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\Users\CYRILL~1.CYR\AppData\Roaming\cisvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{15898CC2-D832-4881-8B12-3AF3F19FA741}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{844EDEA2-D01E-4C16-9656-B305D7960AC5}"= C:\Program Files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{A9EFEFB9-E314-4419-80EC-CD2B2EAB5D38}"= C:\Program Files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{DB0B2ECE-46A3-4E34-82D9-9F8C61E6780B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{58454799-26DF-4A5B-AD65-6D0C9D9E810F}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{D38CDB8A-8FBF-4784-88CF-F95A7D0FEBF8}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{F75CBE57-79A3-4B2F-A2B0-81BDC57E122F}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{241FFC13-2654-4F5B-8A29-8427CAE16CBB}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{B7D6EB48-3F45-495A-9B3A-438B2B8642AD}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{569BE145-F2AE-495D-B362-0683B0C5BBAA}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{6BCE66F6-001E-4D00-BE94-A70EA1380280}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{36598A21-97A9-4635-974C-8D4E11258EAC}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{9FC58FF5-EBF6-49E7-A9EE-3E4B29E91544}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{6BE2000B-1C2A-465A-A020-C25EAAAC350B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5E461E93-32BF-4F38-B5F5-F8E496C3C202}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{396FAE6E-B04E-43AD-80C4-5153B8248E28}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A0C2AEEA-6F3A-4E60-A769-22E22CAFF526}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{30A60FEA-4F84-48A5-BE97-BDA078D8E153}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2F5F85C1-4CC5-4EBB-A4E7-36ED73A35D0C}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{F3C45E92-DFAB-4830-BECF-32B14C6A70BC}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{B00EBB69-EA57-4B06-B877-03AD9A5D8521}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{EA3B04E1-1541-4497-B2C2-B1C61475DDA2}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{B8B4B788-8CA8-4DED-9FB8-C70CE12F558C}C:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:C:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"UDP Query User{1B2B7F4B-3B2E-4D78-ADCC-C4270C4FAF17}C:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:C:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"{4EB6C1BA-9B67-46D5-9AB0-8ACC8EB12C6F}"= UDP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{BA760ABA-3AB5-4209-BBF5-1EB6402C2921}"= TCP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{C006A9ED-A291-4F55-A23C-1C467A234F6D}"= UDP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"{4A014746-3BD9-402D-8DEB-36E06D40B0D8}"= TCP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"TCP Query User{18731FA5-AE82-4D41-A6AF-2A3FA8A20E3A}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{A88C8753-212A-4DCF-9E7B-3A303EF71DDA}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"TCP Query User{B6DF18D9-A3FC-4632-A6D8-64359EDCFDAB}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2CF11DE1-C1DA-4163-A666-BEBA204A8433}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{12BC906A-2BD5-4872-9469-A1DE1AFCB92C}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A27202A9-DD5F-4A83-BC03-533CEBE229FC}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{F3736C70-5A9D-4CF9-AC13-16C9D5C894CB}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D69B4E9B-05F5-40EA-8490-9E271F926A4F}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{9BE9EA8B-1BF0-489C-BDEF-892FEA52C915}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{90FB01A1-0D90-411C-87B2-0DA8E726BE2E}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{156CAC47-D9A1-4303-AE6E-B9036E6392A8}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{97FAAFD3-8083-4029-A1CE-571DA9348109}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{32C307B9-164E-4009-AC6F-E3D9213FC9A0}C:\\program files\\valve\\steam\\steamapps\\cycylonchfeu\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\cycylonchfeu\counter-strike source\hl2.exe:hl2
"UDP Query User{CFD1BA55-6E00-4C31-9B5E-F73FA982C136}C:\\program files\\valve\\steam\\steamapps\\cycylonchfeu\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\cycylonchfeu\counter-strike source\hl2.exe:hl2
"{D42CC645-5390-4CF2-8F2E-D7AA7E4C904D}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{D8F38A63-4E78-4F31-A3D4-A964990B81E4}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{690AE736-6181-4002-A409-59E84137C878}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{A8A1A36A-5CF9-480D-A224-9945663E91F7}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{DE3B3D76-5DF8-4A35-9EBE-3EBE3BA20DA9}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8D8C69A8-8DAB-4FC4-A9EB-6D8BB2522285}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{99D43AC2-1663-4D1A-B9FB-66D60BF5595B}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{6E739FD0-7FB3-4665-846B-69972FBC56F2}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{999F9BF2-3E7E-4B92-B952-743DF5D2C9C4}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{8A5B0B70-B545-4DBB-8C0F-D8850C7C9D7B}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{15529BE6-2F3B-4CCD-9E6A-E4EFC557A4F0}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5457891B-D77F-458F-9DEF-E462510F38CE}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{D1D6F5CB-CC7B-478E-9BD4-3928E71E757B}"= UDP:C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\7zS38DB.tmp\SymNRT.exe:Norton Removal Tool
"{1540E84C-3281-4384-BB4F-D459BE7679C4}"= TCP:C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\7zS38DB.tmp\SymNRT.exe:Norton Removal Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\DVDPlay\[u]0/u00.fcl [2008-03-11 11:17 41456]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 50768]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-10-01 1129344]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [2007-09-13 25760]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-10-06 87288]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - wd_windows_tools\WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - wd_windows_tools\WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01e9810d-534f-11dd-bf0c-001e90047df6}]
\shell\AutoRun\command - wd_windows_tools\WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b726bae1-6533-11dd-806d-001e90047df6}]
\shell\Auto\command - sxs.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e968b55d-557e-11dd-ae7d-001e90047df6}]
\shell\AutoRun\command - L:\AutoRunCD.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e968b562-557e-11dd-ae7d-001e90047df6}]
\shell\AutoRun\command - M:\Autoplay.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-10-20 C:\Windows\Tasks\User_Feed_Synchronization-{E371418A-2D8A-480C-AD5C-C91E5946172E}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-UnlockerAssistant - C:\Program Files\Unlocker\UnlockerAssistant.exe
HKLM-Run-AceGain LiveUpdate - C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Cyrille.CYRILLE\AppData\Roaming\Mozilla\Firefox\Profiles\kzok6kc1.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 16:59:27
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-20 17:00:43
ComboFix-quarantined-files.txt 2008-10-20 15:00:39
Avant-CF: 210 885 308 416 octets libres
Après-CF: 210,873,339,904 octets libres
299 --- E O F --- 2008-10-17 16:45:02
et le rapport de Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:26, on 20/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\MICROS~1\cisvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Cyrille.CYRILLE\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System32\drivers\cmstp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ComRepl] C:\Users\CYRILL~1.CYR\AppData\Local\Temp\comrepl.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ComRepl] C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ComRepl] C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe /waitservice (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\{66AC7A1D-A798-4CFC-86E3-14DEFEB5E064}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
ComboFix 08-10-19.04 - Cyrille 2008-10-20 16:54:46.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2563 [GMT 2:00]
Lancé depuis: C:\Users\Cyrille.CYRILLE\Desktop\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\jusched.exe
C:\Windows\system32\wxmmin.dll
G:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-20 au 2008-10-20 ))))))))))))))))))))))))))))))))))))
.
2008-10-20 16:59 . 2008-10-12 17:55 81,920 --a------ C:\Users\Cyrille.CYRILLE\AppData\Roaming\comrepl.exe
2008-10-20 16:59 . 2008-10-12 17:55 81,920 --a------ C:\Users\Cyrille.CYRILLE\AppData\Roaming\cisvc.exe
2008-10-19 12:48 . 2008-10-19 12:50 <REP> d-------- C:\Users\All Users\Lavasoft
2008-10-19 12:48 . 2008-10-19 12:50 <REP> d-------- C:\ProgramData\Lavasoft
2008-10-19 12:48 . 2008-10-19 12:48 <REP> d-------- C:\Program Files\Lavasoft
2008-10-19 12:47 . 2008-10-19 12:47 <REP> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-10-17 22:44 . 2008-10-17 22:44 <REP> d-------- C:\Program Files\CCleaner
2008-10-15 18:44 . 2008-10-15 18:44 <REP> d-------- C:\Program Files\Ubisoft
2008-10-15 17:32 . 2008-09-18 06:27 3,506,744 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 17:32 . 2008-09-18 06:27 3,472,952 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 17:32 . 2008-09-18 04:03 2,027,520 --a------ C:\Windows\System32\win32k.sys
2008-10-15 17:32 . 2008-08-26 03:12 290,304 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-14 20:42 . 2008-10-14 20:42 244 --ah----- C:\sqmnoopt09.sqm
2008-10-14 20:42 . 2008-10-14 20:42 232 --ah----- C:\sqmdata09.sqm
2008-10-14 18:02 . 2008-10-14 18:02 <REP> dr-h----- C:\Users\Cyrille.CYRILLE\AppData\Roaming\SecuROM
2008-10-14 18:00 . 2008-10-14 18:00 <REP> d-------- C:\Windows\System32\URTTEMP
2008-10-14 17:59 . 2008-10-14 22:30 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-10-14 17:59 . 2008-10-14 17:59 22,328 --a------ C:\Users\Cyrille.CYRILLE\AppData\Roaming\PnkBstrK.sys
2008-10-14 17:58 . 2008-10-14 17:58 669,184 --a------ C:\Windows\System32\pbsvc.exe
2008-10-14 17:58 . 2008-10-14 22:30 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-10-14 17:58 . 2008-10-14 17:58 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-10-14 17:56 . 2008-10-14 17:56 <REP> d-------- C:\Users\All Users\Media Center Programs
2008-10-14 17:56 . 2008-10-14 17:56 <REP> d-------- C:\ProgramData\Media Center Programs
2008-10-14 17:43 . 2008-10-14 17:43 <REP> d-------- C:\Program Files\Electronic Arts
2008-10-14 16:30 . 2008-10-14 16:43 <REP> d-------- C:\Program Files\Prey
2008-10-14 15:52 . 2008-10-14 15:52 <REP> d-------- C:\Users\Cyrille.CYRILLE\AppData\Roaming\Disney Interactive Studios
2008-10-14 15:33 . 2008-10-14 15:33 <REP> d-------- C:\Program Files\Disney Interactive Studios
2008-10-14 15:30 . 2008-10-14 15:30 <REP> d-------- C:\Users\Cyrille.CYRILLE\AppData\Roaming\InstallShield
2008-10-14 15:30 . 2008-10-14 15:48 1,002 --a------ C:\Windows\disney.ini
2008-10-13 19:01 . 2008-10-13 19:01 443,756 --a------ C:\Windows\Oral
2008-10-12 17:55 . 2008-10-12 17:55 81,920 --a------ C:\Windows\System32\drivers\cmstp.exe
2008-10-12 17:12 . 2008-10-12 17:12 <REP> d-------- C:\Program Files\THQ
2008-09-29 20:27 . 2008-09-29 20:27 268 --ah----- C:\sqmdata08.sqm
2008-09-29 20:27 . 2008-09-29 20:27 244 --ah----- C:\sqmnoopt08.sqm
2008-09-23 18:12 . 2008-10-19 15:45 23 --a------ C:\Windows\BlendSettings.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-20 14:59 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\DNA
2008-10-20 14:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-20 14:46 --------- d-----w C:\ProgramData\Symantec
2008-10-19 09:05 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\BitTorrent
2008-10-19 09:03 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\gtk-2.0
2008-10-16 21:56 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\LimeWire
2008-10-16 11:48 --------- d-----w C:\Program Files\Windows Mail
2008-10-16 10:28 --------- d-----w C:\Program Files\Astonsoft
2008-10-15 16:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-14 13:49 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-10-12 16:31 --------- d-----w C:\Program Files\eMule
2008-10-09 12:37 --------- d-----w C:\Program Files\Common Files\Steam
2008-10-02 03:49 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-09-29 19:53 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\OpenOffice.org2
2008-09-26 17:47 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-23 16:00 --------- d-----w C:\Program Files\Bethesda Softworks
2008-09-19 20:10 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-09-19 17:09 --------- d-----w C:\ProgramData\Avira
2008-09-19 17:09 --------- d-----w C:\Program Files\Avira
2008-09-17 20:07 --------- d-----w C:\Program Files\DNA
2008-09-15 17:24 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\Dev-Cpp
2008-09-14 17:42 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\Samsung
2008-09-14 17:20 --------- d-----w C:\Program Files\Samsung
2008-09-11 19:20 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-09-09 12:47 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-09-07 15:07 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\AVS4YOU
2008-09-07 15:07 --------- d-----w C:\ProgramData\AVS4YOU
2008-09-05 14:14 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\DivX
2008-09-05 14:13 --------- d-----w C:\Program Files\DivX
2008-09-05 14:13 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-09-04 11:18 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-02 17:08 --------- d-----w C:\Program Files\Red Kawa
2008-08-27 08:38 --------- d-----w C:\Program Files\Diablo II
2008-08-27 08:36 21,840 ----atw C:\Windows\System32\SIntfNT.dll
2008-08-27 08:36 17,212 ----atw C:\Windows\System32\SIntf32.dll
2008-08-27 08:36 12,067 ----atw C:\Windows\System32\SIntf16.dll
2008-08-27 06:57 2,829 ----a-w C:\Windows\DIIUnin.pif
2008-08-27 06:57 102,400 ----a-w C:\Windows\DIIUnin.exe
2008-08-22 15:48 --------- d-----w C:\Program Files\Microsoft Games
2008-08-05 22:02 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-08-05 22:02 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-08-05 22:00 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-08-05 21:58 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-08-05 21:58 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-08-05 21:58 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-08-05 21:58 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-08-05 21:58 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-08-04 11:47 729,088 ----a-w C:\Windows\iun6002.exe
2008-08-02 19:10 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-07-31 08:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-25 11:19 3,426,072 ----a-w C:\Windows\System32\d3dx9_32.dll
2008-07-16 15:37 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2008-10-09 1410296]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-27 8473120]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-27 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"="C:\Windows\System32\drivers\cmstp.exe" [2008-10-12 81920]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ComRepl"="C:\Users\CYRILL~1.CYR\AppData\Local\Temp\comrepl.exe" [2008-10-12 81920]
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ComRepl"="C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe" [2008-10-12 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\Users\CYRILL~1.CYR\AppData\Roaming\cisvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{15898CC2-D832-4881-8B12-3AF3F19FA741}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{844EDEA2-D01E-4C16-9656-B305D7960AC5}"= C:\Program Files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{A9EFEFB9-E314-4419-80EC-CD2B2EAB5D38}"= C:\Program Files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{DB0B2ECE-46A3-4E34-82D9-9F8C61E6780B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{58454799-26DF-4A5B-AD65-6D0C9D9E810F}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{D38CDB8A-8FBF-4784-88CF-F95A7D0FEBF8}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{F75CBE57-79A3-4B2F-A2B0-81BDC57E122F}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{241FFC13-2654-4F5B-8A29-8427CAE16CBB}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{B7D6EB48-3F45-495A-9B3A-438B2B8642AD}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{569BE145-F2AE-495D-B362-0683B0C5BBAA}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{6BCE66F6-001E-4D00-BE94-A70EA1380280}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{36598A21-97A9-4635-974C-8D4E11258EAC}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{9FC58FF5-EBF6-49E7-A9EE-3E4B29E91544}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{6BE2000B-1C2A-465A-A020-C25EAAAC350B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5E461E93-32BF-4F38-B5F5-F8E496C3C202}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{396FAE6E-B04E-43AD-80C4-5153B8248E28}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A0C2AEEA-6F3A-4E60-A769-22E22CAFF526}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{30A60FEA-4F84-48A5-BE97-BDA078D8E153}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2F5F85C1-4CC5-4EBB-A4E7-36ED73A35D0C}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{F3C45E92-DFAB-4830-BECF-32B14C6A70BC}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{B00EBB69-EA57-4B06-B877-03AD9A5D8521}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{EA3B04E1-1541-4497-B2C2-B1C61475DDA2}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{B8B4B788-8CA8-4DED-9FB8-C70CE12F558C}C:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:C:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"UDP Query User{1B2B7F4B-3B2E-4D78-ADCC-C4270C4FAF17}C:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:C:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"{4EB6C1BA-9B67-46D5-9AB0-8ACC8EB12C6F}"= UDP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{BA760ABA-3AB5-4209-BBF5-1EB6402C2921}"= TCP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{C006A9ED-A291-4F55-A23C-1C467A234F6D}"= UDP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"{4A014746-3BD9-402D-8DEB-36E06D40B0D8}"= TCP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"TCP Query User{18731FA5-AE82-4D41-A6AF-2A3FA8A20E3A}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{A88C8753-212A-4DCF-9E7B-3A303EF71DDA}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"TCP Query User{B6DF18D9-A3FC-4632-A6D8-64359EDCFDAB}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2CF11DE1-C1DA-4163-A666-BEBA204A8433}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{12BC906A-2BD5-4872-9469-A1DE1AFCB92C}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A27202A9-DD5F-4A83-BC03-533CEBE229FC}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{F3736C70-5A9D-4CF9-AC13-16C9D5C894CB}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D69B4E9B-05F5-40EA-8490-9E271F926A4F}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{9BE9EA8B-1BF0-489C-BDEF-892FEA52C915}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{90FB01A1-0D90-411C-87B2-0DA8E726BE2E}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{156CAC47-D9A1-4303-AE6E-B9036E6392A8}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{97FAAFD3-8083-4029-A1CE-571DA9348109}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{32C307B9-164E-4009-AC6F-E3D9213FC9A0}C:\\program files\\valve\\steam\\steamapps\\cycylonchfeu\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\cycylonchfeu\counter-strike source\hl2.exe:hl2
"UDP Query User{CFD1BA55-6E00-4C31-9B5E-F73FA982C136}C:\\program files\\valve\\steam\\steamapps\\cycylonchfeu\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\cycylonchfeu\counter-strike source\hl2.exe:hl2
"{D42CC645-5390-4CF2-8F2E-D7AA7E4C904D}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{D8F38A63-4E78-4F31-A3D4-A964990B81E4}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{690AE736-6181-4002-A409-59E84137C878}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{A8A1A36A-5CF9-480D-A224-9945663E91F7}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{DE3B3D76-5DF8-4A35-9EBE-3EBE3BA20DA9}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8D8C69A8-8DAB-4FC4-A9EB-6D8BB2522285}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{99D43AC2-1663-4D1A-B9FB-66D60BF5595B}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{6E739FD0-7FB3-4665-846B-69972FBC56F2}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{999F9BF2-3E7E-4B92-B952-743DF5D2C9C4}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{8A5B0B70-B545-4DBB-8C0F-D8850C7C9D7B}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{15529BE6-2F3B-4CCD-9E6A-E4EFC557A4F0}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5457891B-D77F-458F-9DEF-E462510F38CE}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{D1D6F5CB-CC7B-478E-9BD4-3928E71E757B}"= UDP:C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\7zS38DB.tmp\SymNRT.exe:Norton Removal Tool
"{1540E84C-3281-4384-BB4F-D459BE7679C4}"= TCP:C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\7zS38DB.tmp\SymNRT.exe:Norton Removal Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\DVDPlay\[u]0/u00.fcl [2008-03-11 11:17 41456]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 50768]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-10-01 1129344]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [2007-09-13 25760]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-10-06 87288]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - wd_windows_tools\WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\shell\AutoRun\command - wd_windows_tools\WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{01e9810d-534f-11dd-bf0c-001e90047df6}]
\shell\AutoRun\command - wd_windows_tools\WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b726bae1-6533-11dd-806d-001e90047df6}]
\shell\Auto\command - sxs.exe
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e968b55d-557e-11dd-ae7d-001e90047df6}]
\shell\AutoRun\command - L:\AutoRunCD.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e968b562-557e-11dd-ae7d-001e90047df6}]
\shell\AutoRun\command - M:\Autoplay.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'
2008-10-20 C:\Windows\Tasks\User_Feed_Synchronization-{E371418A-2D8A-480C-AD5C-C91E5946172E}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
HKLM-Run-UnlockerAssistant - C:\Program Files\Unlocker\UnlockerAssistant.exe
HKLM-Run-AceGain LiveUpdate - C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Users\Cyrille.CYRILLE\AppData\Roaming\Mozilla\Firefox\Profiles\kzok6kc1.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.msn.com/
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-20 16:59:27
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-20 17:00:43
ComboFix-quarantined-files.txt 2008-10-20 15:00:39
Avant-CF: 210 885 308 416 octets libres
Après-CF: 210,873,339,904 octets libres
299 --- E O F --- 2008-10-17 16:45:02
et le rapport de Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:06:26, on 20/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\MICROS~1\cisvc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Cyrille.CYRILLE\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System32\drivers\cmstp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ComRepl] C:\Users\CYRILL~1.CYR\AppData\Local\Temp\comrepl.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ComRepl] C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ComRepl] C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe /waitservice (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\{66AC7A1D-A798-4CFC-86E3-14DEFEB5E064}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
20 oct. 2008 à 17:23
20 oct. 2008 à 17:23
analyse ces fichiers sur virus total et colle les rapports: https://www.virustotal.com/gui/
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
C:\Windows\System32\drivers\cmstp.exe
C:\Users\CYRILL~1.CYR\AppData\Local\Temp\comrepl.exe
______________________
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
C:\Windows\System32\drivers\cmstp.exe
C:\Users\CYRILL~1.CYR\AppData\Local\Temp\comrepl.exe
______________________
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voilà les rapports de VirusTotal:
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe :
Fichier cmstp.exe reçu le 2008.10.20 17:29:41 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 3/36 (8.34%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 40 et 57 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.18.0 2008.10.20 -
AntiVir 7.9.0.5 2008.10.20 -
Authentium 5.1.0.4 2008.10.20 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.20 -
BitDefender 7.2 2008.10.20 -
CAT-QuickHeal 9.50 2008.10.20 -
ClamAV 0.93.1 2008.10.20 -
DrWeb 4.44.0.09170 2008.10.20 -
eSafe 7.0.17.0 2008.10.19 -
eTrust-Vet 31.6.6159 2008.10.20 -
Ewido 4.0 2008.10.20 -
F-Prot 4.4.4.56 2008.10.20 -
F-Secure 8.0.14332.0 2008.10.20 -
Fortinet 3.113.0.0 2008.10.20 -
GData 19 2008.10.20 -
Ikarus T3.1.1.44.0 2008.10.20 -
K7AntiVirus 7.10.500 2008.10.20 -
Kaspersky 7.0.0.125 2008.10.20 Heur.Trojan.Generic
McAfee 5408 2008.10.17 -
Microsoft 1.4005 2008.10.20 -
NOD32 3538 2008.10.20 -
Norman 5.80.02 2008.10.17 -
Panda 9.0.0.4 2008.10.20 Suspicious file
PCTools 4.4.2.0 2008.10.20 -
Prevx1 V2 2008.10.20 Cloaked Malware
Rising 20.67.01.00 2008.10.20 -
SecureWeb-Gateway 6.7.6 2008.10.20 -
Sophos 4.34.0 2008.10.20 -
Sunbelt 3.1.1732.1 2008.10.18 -
Symantec 10 2008.10.20 -
TheHacker 6.3.1.0.119 2008.10.18 -
TrendMicro 8.700.0.1004 2008.10.20 -
VBA32 3.12.8.7 2008.10.19 -
ViRobot 2008.10.20.1428 2008.10.20 -
VirusBuster 4.5.11.0 2008.10.20 -
Information additionnelle
File size: 81920 bytes
MD5...: 3a8bad2f65fa83d2d556874e4eafbdeb
SHA1..: 19f1e668e1cec82178f9b874ad791768dc6204e5
SHA256: 30e967c49eb02a2318538fd0bb8d508ff0ad6dd1ceedf5231d867ff603ecea4f
SHA512: ade7b29c2774d033a7447348e88187ab5a6cce31510925606a9c4beaf987c79e
14fc568a83838252bfb27de8d02e8838496b20099c568ba920455b79f424795c
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x40ac06
timedatestamp.....: 0x48f21cc9 (Sun Oct 12 15:50:33 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf4a4 0x10000 6.20 f9f9c3a7d6196191235cf72a71c3680b
.rdata 0x11000 0x1fe2 0x2000 5.47 39554ca36cd053fc683c267f0cbd4192
.data 0x13000 0x3798 0x1000 1.46 c1222d6eb5b571f6597db6519724470a
( 6 imports )
> USER32.dll: LoadImageA
> ADVAPI32.dll: RegQueryValueExA, RegEnumValueA, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegGetKeySecurity, LookupAccountSidA, GetTokenInformation, OpenProcessToken
> WS2_32.dll: -, -
> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetSystemDirectoryA, CreateDirectoryA, GetStartupInfoA, GetFileType, GetFileTime, OpenProcess, GetProcessPriorityBoost, GetVolumeInformationA, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc
( 0 exports )
C:\Windows\System32\drivers\cmstp.exe :
Fichier cmstp.exe reçu le 2008.10.20 17:30:33 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 3/36 (8.34%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 40 et 57 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.18.0 2008.10.20 -
AntiVir 7.9.0.5 2008.10.20 -
Authentium 5.1.0.4 2008.10.20 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.20 -
BitDefender 7.2 2008.10.20 -
CAT-QuickHeal 9.50 2008.10.20 -
ClamAV 0.93.1 2008.10.20 -
DrWeb 4.44.0.09170 2008.10.20 -
eSafe 7.0.17.0 2008.10.19 -
eTrust-Vet 31.6.6159 2008.10.20 -
Ewido 4.0 2008.10.20 -
F-Prot 4.4.4.56 2008.10.20 -
F-Secure 8.0.14332.0 2008.10.20 -
Fortinet 3.113.0.0 2008.10.20 -
GData 19 2008.10.20 -
Ikarus T3.1.1.44.0 2008.10.20 -
K7AntiVirus 7.10.500 2008.10.20 -
Kaspersky 7.0.0.125 2008.10.20 Heur.Trojan.Generic
McAfee 5408 2008.10.17 -
Microsoft 1.4005 2008.10.20 -
NOD32 3538 2008.10.20 -
Norman 5.80.02 2008.10.17 -
Panda 9.0.0.4 2008.10.20 Suspicious file
PCTools 4.4.2.0 2008.10.20 -
Prevx1 V2 2008.10.20 Cloaked Malware
Rising 20.67.01.00 2008.10.20 -
SecureWeb-Gateway 6.7.6 2008.10.20 -
Sophos 4.34.0 2008.10.20 -
Sunbelt 3.1.1732.1 2008.10.18 -
Symantec 10 2008.10.20 -
TheHacker 6.3.1.0.119 2008.10.18 -
TrendMicro 8.700.0.1004 2008.10.20 -
VBA32 3.12.8.7 2008.10.19 -
ViRobot 2008.10.20.1428 2008.10.20 -
VirusBuster 4.5.11.0 2008.10.20 -
Information additionnelle
File size: 81920 bytes
MD5...: 3a8bad2f65fa83d2d556874e4eafbdeb
SHA1..: 19f1e668e1cec82178f9b874ad791768dc6204e5
SHA256: 30e967c49eb02a2318538fd0bb8d508ff0ad6dd1ceedf5231d867ff603ecea4f
SHA512: ade7b29c2774d033a7447348e88187ab5a6cce31510925606a9c4beaf987c79e
14fc568a83838252bfb27de8d02e8838496b20099c568ba920455b79f424795c
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x40ac06
timedatestamp.....: 0x48f21cc9 (Sun Oct 12 15:50:33 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf4a4 0x10000 6.20 f9f9c3a7d6196191235cf72a71c3680b
.rdata 0x11000 0x1fe2 0x2000 5.47 39554ca36cd053fc683c267f0cbd4192
.data 0x13000 0x3798 0x1000 1.46 c1222d6eb5b571f6597db6519724470a
( 6 imports )
> USER32.dll: LoadImageA
> ADVAPI32.dll: RegQueryValueExA, RegEnumValueA, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegGetKeySecurity, LookupAccountSidA, GetTokenInformation, OpenProcessToken
> WS2_32.dll: -, -
> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetSystemDirectoryA, CreateDirectoryA, GetStartupInfoA, GetFileType, GetFileTime, OpenProcess, GetProcessPriorityBoost, GetVolumeInformationA, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc
( 0 exports )
C:\Users\CYRILL~1.CYR\AppData\Local\Temp\comrepl.exe :
Fichier comrepl.exe reçu le 2008.10.20 17:30:55 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 3/36 (8.34%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 40 et 57 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.18.0 2008.10.20 -
AntiVir 7.9.0.5 2008.10.20 -
Authentium 5.1.0.4 2008.10.20 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.20 -
BitDefender 7.2 2008.10.20 -
CAT-QuickHeal 9.50 2008.10.20 -
ClamAV 0.93.1 2008.10.20 -
DrWeb 4.44.0.09170 2008.10.20 -
eSafe 7.0.17.0 2008.10.19 -
eTrust-Vet 31.6.6159 2008.10.20 -
Ewido 4.0 2008.10.20 -
F-Prot 4.4.4.56 2008.10.20 -
F-Secure 8.0.14332.0 2008.10.20 -
Fortinet 3.113.0.0 2008.10.20 -
GData 19 2008.10.20 -
Ikarus T3.1.1.44.0 2008.10.20 -
K7AntiVirus 7.10.500 2008.10.20 -
Kaspersky 7.0.0.125 2008.10.20 Heur.Trojan.Generic
McAfee 5408 2008.10.17 -
Microsoft 1.4005 2008.10.20 -
NOD32 3538 2008.10.20 -
Norman 5.80.02 2008.10.17 -
Panda 9.0.0.4 2008.10.20 Suspicious file
PCTools 4.4.2.0 2008.10.20 -
Prevx1 V2 2008.10.20 Cloaked Malware
Rising 20.67.01.00 2008.10.20 -
SecureWeb-Gateway 6.7.6 2008.10.20 -
Sophos 4.34.0 2008.10.20 -
Sunbelt 3.1.1732.1 2008.10.18 -
Symantec 10 2008.10.20 -
TheHacker 6.3.1.0.119 2008.10.18 -
TrendMicro 8.700.0.1004 2008.10.20 -
VBA32 3.12.8.7 2008.10.19 -
ViRobot 2008.10.20.1428 2008.10.20 -
VirusBuster 4.5.11.0 2008.10.20 -
Information additionnelle
File size: 81920 bytes
MD5...: 3a8bad2f65fa83d2d556874e4eafbdeb
SHA1..: 19f1e668e1cec82178f9b874ad791768dc6204e5
SHA256: 30e967c49eb02a2318538fd0bb8d508ff0ad6dd1ceedf5231d867ff603ecea4f
SHA512: ade7b29c2774d033a7447348e88187ab5a6cce31510925606a9c4beaf987c79e
14fc568a83838252bfb27de8d02e8838496b20099c568ba920455b79f424795c
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x40ac06
timedatestamp.....: 0x48f21cc9 (Sun Oct 12 15:50:33 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf4a4 0x10000 6.20 f9f9c3a7d6196191235cf72a71c3680b
.rdata 0x11000 0x1fe2 0x2000 5.47 39554ca36cd053fc683c267f0cbd4192
.data 0x13000 0x3798 0x1000 1.46 c1222d6eb5b571f6597db6519724470a
( 6 imports )
> USER32.dll: LoadImageA
> ADVAPI32.dll: RegQueryValueExA, RegEnumValueA, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegGetKeySecurity, LookupAccountSidA, GetTokenInformation, OpenProcessToken
> WS2_32.dll: -, -
> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetSystemDirectoryA, CreateDirectoryA, GetStartupInfoA, GetFileType, GetFileTime, OpenProcess, GetProcessPriorityBoost, GetVolumeInformationA, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc
( 0 exports )
Et le rapport de USBFIX:
-------------- UsbFix V2.395 ---------------
* User : Cyrille - CYRILLE
* Outils mis a jours le 19/10/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 17:40:59 le 20/10/2008
* Windows Vista - Internet Explorer 7.0.6000.16757
--------------- [ Processus actifs ] ----------------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\Windows\system32\taskeng.exe
C:\Users\CYRILL~1.CYR\AppData\Local\Temp\E58D.tmp\b2e.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe
G: - Lecteur fixe
K: - Lecteur amovible
O: - Lecteur amovible
P: - Lecteur fixe
--------------- [ Registre / Startup ] ----------------
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
hpsysdrv REG_SZ c:\hp\support\hpsysdrv.exe
OsdMaestro REG_SZ "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
RtHDVCpl REG_SZ RtHDVCpl.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateReg REG_SZ "C:\Windows\system32\jureg.exe"
HP Software Update REG_SZ c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
Steam REG_SZ C:\Program Files\Valve\Steam\\Steam.exe -silent
BitTorrent DNA REG_SZ "C:\Program Files\DNA\btdna.exe"
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\OsdMaestro
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-3506581386-3588203364-262623782-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-3506581386-3588203364-262623782-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01e9810d-534f-11dd-bf0c-001e90047df6}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-3506581386-3588203364-262623782-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01e9810d-534f-11dd-bf0c-001e90047df6}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b726bae1-6533-11dd-806d-001e90047df6}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-3506581386-3588203364-262623782-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b726bae1-6533-11dd-806d-001e90047df6}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e968b55d-557e-11dd-ae7d-001e90047df6}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-3506581386-3588203364-262623782-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e968b55d-557e-11dd-ae7d-001e90047df6}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e968b562-557e-11dd-ae7d-001e90047df6}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-3506581386-3588203364-262623782-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e968b562-557e-11dd-ae7d-001e90047df6}\Shell\AutoRun\command
--------------- [ Nettoyage des disques ] ----------------
--------------- ! Fin du rapport ! ----------------
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe :
Fichier cmstp.exe reçu le 2008.10.20 17:29:41 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 3/36 (8.34%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 40 et 57 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.18.0 2008.10.20 -
AntiVir 7.9.0.5 2008.10.20 -
Authentium 5.1.0.4 2008.10.20 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.20 -
BitDefender 7.2 2008.10.20 -
CAT-QuickHeal 9.50 2008.10.20 -
ClamAV 0.93.1 2008.10.20 -
DrWeb 4.44.0.09170 2008.10.20 -
eSafe 7.0.17.0 2008.10.19 -
eTrust-Vet 31.6.6159 2008.10.20 -
Ewido 4.0 2008.10.20 -
F-Prot 4.4.4.56 2008.10.20 -
F-Secure 8.0.14332.0 2008.10.20 -
Fortinet 3.113.0.0 2008.10.20 -
GData 19 2008.10.20 -
Ikarus T3.1.1.44.0 2008.10.20 -
K7AntiVirus 7.10.500 2008.10.20 -
Kaspersky 7.0.0.125 2008.10.20 Heur.Trojan.Generic
McAfee 5408 2008.10.17 -
Microsoft 1.4005 2008.10.20 -
NOD32 3538 2008.10.20 -
Norman 5.80.02 2008.10.17 -
Panda 9.0.0.4 2008.10.20 Suspicious file
PCTools 4.4.2.0 2008.10.20 -
Prevx1 V2 2008.10.20 Cloaked Malware
Rising 20.67.01.00 2008.10.20 -
SecureWeb-Gateway 6.7.6 2008.10.20 -
Sophos 4.34.0 2008.10.20 -
Sunbelt 3.1.1732.1 2008.10.18 -
Symantec 10 2008.10.20 -
TheHacker 6.3.1.0.119 2008.10.18 -
TrendMicro 8.700.0.1004 2008.10.20 -
VBA32 3.12.8.7 2008.10.19 -
ViRobot 2008.10.20.1428 2008.10.20 -
VirusBuster 4.5.11.0 2008.10.20 -
Information additionnelle
File size: 81920 bytes
MD5...: 3a8bad2f65fa83d2d556874e4eafbdeb
SHA1..: 19f1e668e1cec82178f9b874ad791768dc6204e5
SHA256: 30e967c49eb02a2318538fd0bb8d508ff0ad6dd1ceedf5231d867ff603ecea4f
SHA512: ade7b29c2774d033a7447348e88187ab5a6cce31510925606a9c4beaf987c79e
14fc568a83838252bfb27de8d02e8838496b20099c568ba920455b79f424795c
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x40ac06
timedatestamp.....: 0x48f21cc9 (Sun Oct 12 15:50:33 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf4a4 0x10000 6.20 f9f9c3a7d6196191235cf72a71c3680b
.rdata 0x11000 0x1fe2 0x2000 5.47 39554ca36cd053fc683c267f0cbd4192
.data 0x13000 0x3798 0x1000 1.46 c1222d6eb5b571f6597db6519724470a
( 6 imports )
> USER32.dll: LoadImageA
> ADVAPI32.dll: RegQueryValueExA, RegEnumValueA, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegGetKeySecurity, LookupAccountSidA, GetTokenInformation, OpenProcessToken
> WS2_32.dll: -, -
> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetSystemDirectoryA, CreateDirectoryA, GetStartupInfoA, GetFileType, GetFileTime, OpenProcess, GetProcessPriorityBoost, GetVolumeInformationA, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc
( 0 exports )
C:\Windows\System32\drivers\cmstp.exe :
Fichier cmstp.exe reçu le 2008.10.20 17:30:33 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 3/36 (8.34%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 40 et 57 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.18.0 2008.10.20 -
AntiVir 7.9.0.5 2008.10.20 -
Authentium 5.1.0.4 2008.10.20 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.20 -
BitDefender 7.2 2008.10.20 -
CAT-QuickHeal 9.50 2008.10.20 -
ClamAV 0.93.1 2008.10.20 -
DrWeb 4.44.0.09170 2008.10.20 -
eSafe 7.0.17.0 2008.10.19 -
eTrust-Vet 31.6.6159 2008.10.20 -
Ewido 4.0 2008.10.20 -
F-Prot 4.4.4.56 2008.10.20 -
F-Secure 8.0.14332.0 2008.10.20 -
Fortinet 3.113.0.0 2008.10.20 -
GData 19 2008.10.20 -
Ikarus T3.1.1.44.0 2008.10.20 -
K7AntiVirus 7.10.500 2008.10.20 -
Kaspersky 7.0.0.125 2008.10.20 Heur.Trojan.Generic
McAfee 5408 2008.10.17 -
Microsoft 1.4005 2008.10.20 -
NOD32 3538 2008.10.20 -
Norman 5.80.02 2008.10.17 -
Panda 9.0.0.4 2008.10.20 Suspicious file
PCTools 4.4.2.0 2008.10.20 -
Prevx1 V2 2008.10.20 Cloaked Malware
Rising 20.67.01.00 2008.10.20 -
SecureWeb-Gateway 6.7.6 2008.10.20 -
Sophos 4.34.0 2008.10.20 -
Sunbelt 3.1.1732.1 2008.10.18 -
Symantec 10 2008.10.20 -
TheHacker 6.3.1.0.119 2008.10.18 -
TrendMicro 8.700.0.1004 2008.10.20 -
VBA32 3.12.8.7 2008.10.19 -
ViRobot 2008.10.20.1428 2008.10.20 -
VirusBuster 4.5.11.0 2008.10.20 -
Information additionnelle
File size: 81920 bytes
MD5...: 3a8bad2f65fa83d2d556874e4eafbdeb
SHA1..: 19f1e668e1cec82178f9b874ad791768dc6204e5
SHA256: 30e967c49eb02a2318538fd0bb8d508ff0ad6dd1ceedf5231d867ff603ecea4f
SHA512: ade7b29c2774d033a7447348e88187ab5a6cce31510925606a9c4beaf987c79e
14fc568a83838252bfb27de8d02e8838496b20099c568ba920455b79f424795c
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x40ac06
timedatestamp.....: 0x48f21cc9 (Sun Oct 12 15:50:33 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf4a4 0x10000 6.20 f9f9c3a7d6196191235cf72a71c3680b
.rdata 0x11000 0x1fe2 0x2000 5.47 39554ca36cd053fc683c267f0cbd4192
.data 0x13000 0x3798 0x1000 1.46 c1222d6eb5b571f6597db6519724470a
( 6 imports )
> USER32.dll: LoadImageA
> ADVAPI32.dll: RegQueryValueExA, RegEnumValueA, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegGetKeySecurity, LookupAccountSidA, GetTokenInformation, OpenProcessToken
> WS2_32.dll: -, -
> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetSystemDirectoryA, CreateDirectoryA, GetStartupInfoA, GetFileType, GetFileTime, OpenProcess, GetProcessPriorityBoost, GetVolumeInformationA, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc
( 0 exports )
C:\Users\CYRILL~1.CYR\AppData\Local\Temp\comrepl.exe :
Fichier comrepl.exe reçu le 2008.10.20 17:30:55 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 3/36 (8.34%)
en train de charger les informations du serveur...
Votre fichier est dans la file d'attente, en position: 1.
L'heure estimée de démarrage est entre 40 et 57 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse.
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération.
Formaté Formaté
Impression des résultats Impression des résultats
Votre fichier a expiré ou n'existe pas.
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.
Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
Email:
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.10.18.0 2008.10.20 -
AntiVir 7.9.0.5 2008.10.20 -
Authentium 5.1.0.4 2008.10.20 -
Avast 4.8.1248.0 2008.10.15 -
AVG 8.0.0.161 2008.10.20 -
BitDefender 7.2 2008.10.20 -
CAT-QuickHeal 9.50 2008.10.20 -
ClamAV 0.93.1 2008.10.20 -
DrWeb 4.44.0.09170 2008.10.20 -
eSafe 7.0.17.0 2008.10.19 -
eTrust-Vet 31.6.6159 2008.10.20 -
Ewido 4.0 2008.10.20 -
F-Prot 4.4.4.56 2008.10.20 -
F-Secure 8.0.14332.0 2008.10.20 -
Fortinet 3.113.0.0 2008.10.20 -
GData 19 2008.10.20 -
Ikarus T3.1.1.44.0 2008.10.20 -
K7AntiVirus 7.10.500 2008.10.20 -
Kaspersky 7.0.0.125 2008.10.20 Heur.Trojan.Generic
McAfee 5408 2008.10.17 -
Microsoft 1.4005 2008.10.20 -
NOD32 3538 2008.10.20 -
Norman 5.80.02 2008.10.17 -
Panda 9.0.0.4 2008.10.20 Suspicious file
PCTools 4.4.2.0 2008.10.20 -
Prevx1 V2 2008.10.20 Cloaked Malware
Rising 20.67.01.00 2008.10.20 -
SecureWeb-Gateway 6.7.6 2008.10.20 -
Sophos 4.34.0 2008.10.20 -
Sunbelt 3.1.1732.1 2008.10.18 -
Symantec 10 2008.10.20 -
TheHacker 6.3.1.0.119 2008.10.18 -
TrendMicro 8.700.0.1004 2008.10.20 -
VBA32 3.12.8.7 2008.10.19 -
ViRobot 2008.10.20.1428 2008.10.20 -
VirusBuster 4.5.11.0 2008.10.20 -
Information additionnelle
File size: 81920 bytes
MD5...: 3a8bad2f65fa83d2d556874e4eafbdeb
SHA1..: 19f1e668e1cec82178f9b874ad791768dc6204e5
SHA256: 30e967c49eb02a2318538fd0bb8d508ff0ad6dd1ceedf5231d867ff603ecea4f
SHA512: ade7b29c2774d033a7447348e88187ab5a6cce31510925606a9c4beaf987c79e
14fc568a83838252bfb27de8d02e8838496b20099c568ba920455b79f424795c
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x40ac06
timedatestamp.....: 0x48f21cc9 (Sun Oct 12 15:50:33 2008)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xf4a4 0x10000 6.20 f9f9c3a7d6196191235cf72a71c3680b
.rdata 0x11000 0x1fe2 0x2000 5.47 39554ca36cd053fc683c267f0cbd4192
.data 0x13000 0x3798 0x1000 1.46 c1222d6eb5b571f6597db6519724470a
( 6 imports )
> USER32.dll: LoadImageA
> ADVAPI32.dll: RegQueryValueExA, RegEnumValueA, RegOpenKeyExA, RegCreateKeyExA, RegSetValueExA, RegCloseKey, RegGetKeySecurity, LookupAccountSidA, GetTokenInformation, OpenProcessToken
> WS2_32.dll: -, -
> WININET.dll: InternetReadFile, HttpQueryInfoA, InternetCloseHandle, InternetOpenUrlA, InternetOpenA
> NETAPI32.dll: NetUserGetInfo, NetApiBufferFree
> KERNEL32.dll: SetEnvironmentVariableA, GetSystemInfo, VirtualProtect, GetLocaleInfoA, FlushFileBuffers, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, SetStdHandle, GetCPInfo, GetOEMCP, GetACP, GetSystemDirectoryA, CreateDirectoryA, GetStartupInfoA, GetFileType, GetFileTime, OpenProcess, GetProcessPriorityBoost, GetVolumeInformationA, OpenMutexA, CreateMutexA, CloseHandle, GetDriveTypeA, GetLogicalDriveStringsA, Sleep, GetLastError, GetLocalTime, GetShortPathNameA, GetEnvironmentVariableA, ExitProcess, SetFileAttributesA, CreateFileA, CreateProcessA, GlobalFree, CreateThread, GlobalAlloc, MultiByteToWideChar, GetModuleFileNameA, GetCurrentProcess, CopyFileA, WriteFile, RtlUnwind, GetSystemTimeAsFileTime, GetProcAddress, GetModuleHandleA, TerminateProcess, GetCommandLineA, GetVersionExA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, HeapReAlloc, HeapAlloc, HeapSize, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, HeapDestroy, HeapCreate, VirtualFree, HeapFree, LoadLibraryA, InterlockedExchange, VirtualQuery, SetFilePointer, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadWritePtr, IsBadCodePtr, VirtualAlloc
( 0 exports )
Et le rapport de USBFIX:
-------------- UsbFix V2.395 ---------------
* User : Cyrille - CYRILLE
* Outils mis a jours le 19/10/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 17:40:59 le 20/10/2008
* Windows Vista - Internet Explorer 7.0.6000.16757
--------------- [ Processus actifs ] ----------------
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\system32\userinit.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\Windows\system32\taskeng.exe
C:\Users\CYRILL~1.CYR\AppData\Local\Temp\E58D.tmp\b2e.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
E: - Lecteur fixe
G: - Lecteur fixe
K: - Lecteur amovible
O: - Lecteur amovible
P: - Lecteur fixe
--------------- [ Registre / Startup ] ----------------
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
hpsysdrv REG_SZ c:\hp\support\hpsysdrv.exe
OsdMaestro REG_SZ "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
RtHDVCpl REG_SZ RtHDVCpl.exe
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
SunJavaUpdateReg REG_SZ "C:\Windows\system32\jureg.exe"
HP Software Update REG_SZ c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
AppleSyncNotifier REG_SZ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
Steam REG_SZ C:\Program Files\Valve\Steam\\Steam.exe -silent
BitTorrent DNA REG_SZ "C:\Program Files\DNA\btdna.exe"
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\OsdMaestro
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-3506581386-3588203364-262623782-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-3506581386-3588203364-262623782-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01e9810d-534f-11dd-bf0c-001e90047df6}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-3506581386-3588203364-262623782-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01e9810d-534f-11dd-bf0c-001e90047df6}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b726bae1-6533-11dd-806d-001e90047df6}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-3506581386-3588203364-262623782-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b726bae1-6533-11dd-806d-001e90047df6}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e968b55d-557e-11dd-ae7d-001e90047df6}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-3506581386-3588203364-262623782-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e968b55d-557e-11dd-ae7d-001e90047df6}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e968b562-557e-11dd-ae7d-001e90047df6}\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-3506581386-3588203364-262623782-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e968b562-557e-11dd-ae7d-001e90047df6}\Shell\AutoRun\command
--------------- [ Nettoyage des disques ] ----------------
--------------- ! Fin du rapport ! ----------------
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
20 oct. 2008 à 18:04
20 oct. 2008 à 18:04
vire avast
_____________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Users\X\AppData\Local\Temp\~tmp\hmunmlc04\hmunmlc04.exe
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
C:\Windows\System32\drivers\cmstp.exe
C:\Users\CYRILL~1.CYR\AppData\Local\Temp\comrepl.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
__________________
scan avec malwarebyte (minutieux) et colle le rapport:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
___________________
colle un rapport avec antivir que tu as
____________________
colle un nouvel hijakhcits et dis tes soucis actuels
_____________
télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
Citation :
C:\Users\X\AppData\Local\Temp\~tmp\hmunmlc04\hmunmlc04.exe
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
C:\Windows\System32\drivers\cmstp.exe
C:\Users\CYRILL~1.CYR\AppData\Local\Temp\comrepl.exe
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
__________________
scan avec malwarebyte (minutieux) et colle le rapport:
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
___________________
colle un rapport avec antivir que tu as
____________________
colle un nouvel hijakhcits et dis tes soucis actuels
voilà pour le moment les rapports de OTMoveIt et malwarebyte:
File/Folder not found.
File/Folder C:\Users\CYRILL~1.CYR\AppData\Local\Temp\~tmp\hmunmlc04\hmunmlc04.exe not found.
File move failed. C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe scheduled to be moved on reboot.
C:\Windows\System32\drivers\cmstp.exe moved successfully.
File/Folder C:\Users\\AppData\Local\Temp\comrepl.exe not found.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10202008_181701
Files moved on Reboot...
File move failed. C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe scheduled to be moved on reboot.
Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1298
Windows 6.0.6000
20/10/2008 20:04:14
mbam-log-2008-10-20 (20-04-14).txt
Type de recherche: Examen complet (C:\|D:\|E:\|G:\|)
Eléments examinés: 232679
Temps écoulé: 1 hour(s), 36 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Le scan d'Antivir est en cours
File/Folder not found.
File/Folder C:\Users\CYRILL~1.CYR\AppData\Local\Temp\~tmp\hmunmlc04\hmunmlc04.exe not found.
File move failed. C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe scheduled to be moved on reboot.
C:\Windows\System32\drivers\cmstp.exe moved successfully.
File/Folder C:\Users\\AppData\Local\Temp\comrepl.exe not found.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10202008_181701
Files moved on Reboot...
File move failed. C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe scheduled to be moved on reboot.
Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1298
Windows 6.0.6000
20/10/2008 20:04:14
mbam-log-2008-10-20 (20-04-14).txt
Type de recherche: Examen complet (C:\|D:\|E:\|G:\|)
Eléments examinés: 232679
Temps écoulé: 1 hour(s), 36 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Le scan d'Antivir est en cours
oups coquille voilà le log de OTMoveIt:
File/Folder not found.
File/Folder C:\Users\CYRILL~1.CYR\AppData\Local\Temp\~tmp\hmunmlc04\hmunmlc04.exe not found.
File move failed. C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe scheduled to be moved on reboot.
C:\Windows\System32\drivers\cmstp.exe moved successfully.
File/Folder C:\Users\CYRILL~1.CYR\AppData\Local\Temp\comrepl.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10202008_181701
Files moved on Reboot...
File move failed. C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe scheduled to be moved on reboot.
File/Folder not found.
File/Folder C:\Users\CYRILL~1.CYR\AppData\Local\Temp\~tmp\hmunmlc04\hmunmlc04.exe not found.
File move failed. C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe scheduled to be moved on reboot.
C:\Windows\System32\drivers\cmstp.exe moved successfully.
File/Folder C:\Users\CYRILL~1.CYR\AppData\Local\Temp\comrepl.exe moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10202008_181701
Files moved on Reboot...
File move failed. C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe scheduled to be moved on reboot.
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
20 oct. 2008 à 20:18
20 oct. 2008 à 20:18
ok j'attends la suite
Le scan d'Antivir n'est pas terminé mais il vient de détecter :
Virus or unwanted program 'TR/Agent.iob [trojan]'
detected in file 'C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\~tmp\hmunmlc05\hmunmlc05.exe.
:(
Virus or unwanted program 'TR/Agent.iob [trojan]'
detected in file 'C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\~tmp\hmunmlc05\hmunmlc05.exe.
:(
Voilà le rapport d'Antivir:
Avira AntiVir Personal
Report file date: lundi 20 octobre 2008 20:05
Scanning for 1692263 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: Cyrille
Computer name: CYRILLE
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.7.12 4066816 Bytes 08/10/2008 18:14:36
ANTIVIR3.VDF : 7.0.7.58 315904 Bytes 17/10/2008 18:14:19
Engineversion : 8.2.0.5
AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 18:15:06
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 16/10/2008 18:15:17
AESCN.DLL : 8.1.1.3 123252 Bytes 15/10/2008 18:15:04
AERDL.DLL : 8.1.1.2 438644 Bytes 19/09/2008 17:12:40
AEPACK.DLL : 8.1.2.4 369014 Bytes 15/10/2008 18:15:03
AEOFFICE.DLL : 8.1.0.28 196987 Bytes 15/10/2008 18:15:02
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 19/09/2008 17:12:34
AEHELP.DLL : 8.1.1.2 115062 Bytes 15/10/2008 18:15:01
AEGEN.DLL : 8.1.0.41 319861 Bytes 15/10/2008 18:15:00
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 18:14:59
AECORE.DLL : 8.1.2.6 172406 Bytes 15/10/2008 18:14:58
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 18:14:57
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 19/09/2008 17:12:12
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, G:, H:, I:, J:, K:, F:, L:, M:, N:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 20 octobre 2008 20:05
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPBtnSrv.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'schtasks.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'cmstp.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'OSD.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
65 processes with 65 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD6
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[INFO] In the drive 'J:\' no data medium is inserted!
Boot sector 'K:\'
[INFO] In the drive 'K:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '46' files ).
Starting the file scan:
Begin scan in 'C:\' <HP>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <FACTORY_IMAGE>
Begin scan in 'E:\' <NEW_VOLUME>
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [3]: Le chemin d'accès spécifié est introuvable.
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'K:\'
Search path K:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'L:\' <Crysis>
L:\Levels1.cab
[0] Archive type: CAB (Microsoft)
--> _70534C1F1A724AB4AD5C656EA70F9913
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'M:\'
Search path M:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'N:\'
Search path N:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
End of the scan: lundi 20 octobre 2008 21:21
Used time: 1:16:07 Hour(s)
The scan has been done completely.
26089 Scanning directories
767378 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
767375 Files not concerned
4345 Archives were scanned
8 Warnings
0 Notes
et celui de Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:48, on 20/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cyrille.CYRILLE\Downloads\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System32\drivers\cmstp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ComRepl] C:\Users\CYRILL~1.CYR\AppData\Local\Temp\comrepl.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ComRepl] C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ComRepl] C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe /waitservice (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\{66AC7A1D-A798-4CFC-86E3-14DEFEB5E064}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
Avira AntiVir Personal
Report file date: lundi 20 octobre 2008 20:05
Scanning for 1692263 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: Cyrille
Computer name: CYRILLE
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.7.12 4066816 Bytes 08/10/2008 18:14:36
ANTIVIR3.VDF : 7.0.7.58 315904 Bytes 17/10/2008 18:14:19
Engineversion : 8.2.0.5
AEVDF.DLL : 8.1.0.6 102772 Bytes 15/10/2008 18:15:06
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 16/10/2008 18:15:17
AESCN.DLL : 8.1.1.3 123252 Bytes 15/10/2008 18:15:04
AERDL.DLL : 8.1.1.2 438644 Bytes 19/09/2008 17:12:40
AEPACK.DLL : 8.1.2.4 369014 Bytes 15/10/2008 18:15:03
AEOFFICE.DLL : 8.1.0.28 196987 Bytes 15/10/2008 18:15:02
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 19/09/2008 17:12:34
AEHELP.DLL : 8.1.1.2 115062 Bytes 15/10/2008 18:15:01
AEGEN.DLL : 8.1.0.41 319861 Bytes 15/10/2008 18:15:00
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 18:14:59
AECORE.DLL : 8.1.2.6 172406 Bytes 15/10/2008 18:14:58
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 18:14:57
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 19/09/2008 17:12:12
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, G:, H:, I:, J:, K:, F:, L:, M:, N:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 20 octobre 2008 20:05
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'StarWindService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'HPBtnSrv.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'schtasks.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'cmstp.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'OSD.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
65 processes with 65 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD5
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD6
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'G:\'
[INFO] No virus was found!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!
Boot sector 'J:\'
[INFO] In the drive 'J:\' no data medium is inserted!
Boot sector 'K:\'
[INFO] In the drive 'K:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '46' files ).
Starting the file scan:
Begin scan in 'C:\' <HP>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Windows\System32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <FACTORY_IMAGE>
Begin scan in 'E:\' <NEW_VOLUME>
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [3]: Le chemin d'accès spécifié est introuvable.
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'J:\'
Search path J:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'K:\'
Search path K:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'L:\' <Crysis>
L:\Levels1.cab
[0] Archive type: CAB (Microsoft)
--> _70534C1F1A724AB4AD5C656EA70F9913
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'M:\'
Search path M:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'N:\'
Search path N:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
End of the scan: lundi 20 octobre 2008 21:21
Used time: 1:16:07 Hour(s)
The scan has been done completely.
26089 Scanning directories
767378 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
767375 Files not concerned
4345 Archives were scanned
8 Warnings
0 Notes
et celui de Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:48, on 20/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cyrille.CYRILLE\Downloads\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System32\drivers\cmstp.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ComRepl] C:\Users\CYRILL~1.CYR\AppData\Local\Temp\comrepl.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ComRepl] C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ComRepl] C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe /waitservice (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\{66AC7A1D-A798-4CFC-86E3-14DEFEB5E064}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
21 oct. 2008 à 11:30
21 oct. 2008 à 11:30
utilise pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
________________
Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
______________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
________________
Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
______________
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Avast me détecte que http://sosvirus.changelog.fr/MSNFix.zip comporte un virus de type trojan:
Win32:Trojan-gen {Other}
Win32:Trojan-gen {Other}
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
21 oct. 2008 à 15:50
21 oct. 2008 à 15:50
oui c'est normal
il faut que tu désactive ton antivirus le temps de faire msnfix qui est considéré a tort comme un virus
il faut que tu désactive ton antivirus le temps de faire msnfix qui est considéré a tort comme un virus
Bon je trouve pas le log de MSNfix mais il disait pas de fichier infecté
voilà combofix
ComboFix 08-10-19.04 - Cyrille 2008-10-21 15:46:31.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2463 [GMT 2:00]
Lancé depuis: C:\Users\Cyrille.CYRILLE\Downloads\ComboFix.exe
Commutateurs utilisés :: C:\Users\Cyrille.CYRILLE\Desktop\CFscript.txt
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-21 au 2008-10-21 ))))))))))))))))))))))))))))))))))))
.
2008-10-20 18:21 . 2008-10-20 18:21 <REP> d-------- C:\Users\Cyrille.CYRILLE\AppData\Roaming\Malwarebytes
2008-10-20 18:21 . 2008-10-20 18:21 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-20 18:21 . 2008-10-20 18:21 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-20 18:21 . 2008-10-20 18:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-20 18:21 . 2008-10-16 20:25 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-20 18:21 . 2008-10-16 20:25 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-20 18:18 . 2008-10-12 17:55 81,920 --a------ C:\Windows\System32\drivers\cmstp.exe
2008-10-20 18:07 . 2008-10-20 18:07 <REP> d-------- C:\_OTMoveIt
2008-10-20 17:37 . 2008-10-20 17:41 <REP> d-------- C:\Program Files\UsbFix
2008-10-20 16:59 . 2008-10-12 17:55 81,920 --a------ C:\Users\Cyrille.CYRILLE\AppData\Roaming\comrepl.exe
2008-10-20 16:59 . 2008-10-12 17:55 81,920 --a------ C:\Users\Cyrille.CYRILLE\AppData\Roaming\cisvc.exe
2008-10-19 12:48 . 2008-10-19 12:50 <REP> d-------- C:\Users\All Users\Lavasoft
2008-10-19 12:48 . 2008-10-19 12:50 <REP> d-------- C:\ProgramData\Lavasoft
2008-10-19 12:48 . 2008-10-19 12:48 <REP> d-------- C:\Program Files\Lavasoft
2008-10-17 22:44 . 2008-10-17 22:44 <REP> d-------- C:\Program Files\CCleaner
2008-10-15 18:44 . 2008-10-15 18:44 <REP> d-------- C:\Program Files\Ubisoft
2008-10-15 17:32 . 2008-09-18 06:27 3,506,744 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 17:32 . 2008-09-18 06:27 3,472,952 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 17:32 . 2008-09-18 04:03 2,027,520 --a------ C:\Windows\System32\win32k.sys
2008-10-15 17:32 . 2008-08-26 03:12 290,304 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-14 20:42 . 2008-10-14 20:42 244 --ah----- C:\sqmnoopt09.sqm
2008-10-14 20:42 . 2008-10-14 20:42 232 --ah----- C:\sqmdata09.sqm
2008-10-14 18:02 . 2008-10-14 18:02 <REP> dr-h----- C:\Users\Cyrille.CYRILLE\AppData\Roaming\SecuROM
2008-10-14 18:00 . 2008-10-14 18:00 <REP> d-------- C:\Windows\System32\URTTEMP
2008-10-14 17:59 . 2008-10-14 22:30 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-10-14 17:59 . 2008-10-14 17:59 22,328 --a------ C:\Users\Cyrille.CYRILLE\AppData\Roaming\PnkBstrK.sys
2008-10-14 17:58 . 2008-10-14 17:58 669,184 --a------ C:\Windows\System32\pbsvc.exe
2008-10-14 17:58 . 2008-10-14 22:30 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-10-14 17:58 . 2008-10-14 17:58 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-10-14 17:56 . 2008-10-14 17:56 <REP> d-------- C:\Users\All Users\Media Center Programs
2008-10-14 17:56 . 2008-10-14 17:56 <REP> d-------- C:\ProgramData\Media Center Programs
2008-10-14 17:43 . 2008-10-14 17:43 <REP> d-------- C:\Program Files\Electronic Arts
2008-10-14 16:30 . 2008-10-14 16:43 <REP> d-------- C:\Program Files\Prey
2008-10-14 15:52 . 2008-10-14 15:52 <REP> d-------- C:\Users\Cyrille.CYRILLE\AppData\Roaming\Disney Interactive Studios
2008-10-14 15:33 . 2008-10-14 15:33 <REP> d-------- C:\Program Files\Disney Interactive Studios
2008-10-14 15:30 . 2008-10-14 15:30 <REP> d-------- C:\Users\Cyrille.CYRILLE\AppData\Roaming\InstallShield
2008-10-14 15:30 . 2008-10-14 15:48 1,002 --a------ C:\Windows\disney.ini
2008-10-13 19:01 . 2008-10-13 19:01 443,756 --a------ C:\Windows\Oral
2008-10-12 17:12 . 2008-10-12 17:12 <REP> d-------- C:\Program Files\THQ
2008-09-29 20:27 . 2008-09-29 20:27 268 --ah----- C:\sqmdata08.sqm
2008-09-29 20:27 . 2008-09-29 20:27 244 --ah----- C:\sqmnoopt08.sqm
2008-09-23 18:12 . 2008-10-19 15:45 23 --a------ C:\Windows\BlendSettings.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 13:43 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\DNA
2008-10-20 14:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-20 14:46 --------- d-----w C:\ProgramData\Symantec
2008-10-19 09:05 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\BitTorrent
2008-10-19 09:03 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\gtk-2.0
2008-10-16 21:56 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\LimeWire
2008-10-16 11:48 --------- d-----w C:\Program Files\Windows Mail
2008-10-16 10:28 --------- d-----w C:\Program Files\Astonsoft
2008-10-15 16:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-14 13:49 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-10-12 16:31 --------- d-----w C:\Program Files\eMule
2008-10-09 12:37 --------- d-----w C:\Program Files\Common Files\Steam
2008-10-02 03:49 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-09-29 19:53 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\OpenOffice.org2
2008-09-26 17:47 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-23 16:00 --------- d-----w C:\Program Files\Bethesda Softworks
2008-09-19 20:10 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-09-19 17:09 --------- d-----w C:\ProgramData\Avira
2008-09-19 17:09 --------- d-----w C:\Program Files\Avira
2008-09-17 20:07 --------- d-----w C:\Program Files\DNA
2008-09-15 17:24 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\Dev-Cpp
2008-09-14 17:42 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\Samsung
2008-09-14 17:20 --------- d-----w C:\Program Files\Samsung
2008-09-11 19:20 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-09-09 12:47 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-09-07 15:07 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\AVS4YOU
2008-09-07 15:07 --------- d-----w C:\ProgramData\AVS4YOU
2008-09-05 14:14 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\DivX
2008-09-05 14:13 --------- d-----w C:\Program Files\DivX
2008-09-05 14:13 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-09-04 11:18 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-02 17:08 --------- d-----w C:\Program Files\Red Kawa
2008-08-27 08:38 --------- d-----w C:\Program Files\Diablo II
2008-08-27 08:36 21,840 ----atw C:\Windows\System32\SIntfNT.dll
2008-08-27 08:36 17,212 ----atw C:\Windows\System32\SIntf32.dll
2008-08-27 08:36 12,067 ----atw C:\Windows\System32\SIntf16.dll
2008-08-27 06:57 2,829 ----a-w C:\Windows\DIIUnin.pif
2008-08-27 06:57 102,400 ----a-w C:\Windows\DIIUnin.exe
2008-08-22 15:48 --------- d-----w C:\Program Files\Microsoft Games
2008-08-05 22:02 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-08-05 22:02 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-08-05 22:00 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-08-05 21:58 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-08-05 21:58 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-08-05 21:58 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-08-05 21:58 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-08-05 21:58 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-08-04 11:47 729,088 ----a-w C:\Windows\iun6002.exe
2008-08-02 19:10 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-07-31 08:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-25 11:19 3,426,072 ----a-w C:\Windows\System32\d3dx9_32.dll
2008-07-16 15:37 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2008-10-20_17.00.11.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-20 14:48:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-21 13:33:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-20 14:48:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-21 13:33:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-20 14:51:27 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-21 13:35:42 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-21 13:35:42 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-20 14:59:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-21 13:50:07 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-21 13:50:07 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-20 14:48:49 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-21 13:35:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-20 14:48:49 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-21 13:35:12 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-20 14:48:49 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-21 13:35:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-20 14:55:49 107,416 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-21 13:39:35 107,416 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-20 14:55:50 121,814 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-10-21 13:39:35 121,814 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-10-20 14:55:50 618,272 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-21 13:39:35 618,272 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-20 14:55:50 699,984 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-10-21 13:39:35 699,984 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-10-20 14:51:13 5,454 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3506581386-3588203364-262623782-1001_UserData.bin
+ 2008-10-21 13:35:35 5,670 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3506581386-3588203364-262623782-1001_UserData.bin
- 2008-10-20 14:51:13 73,728 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-21 13:35:35 74,582 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-20 14:51:11 44,602 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-21 13:35:31 45,448 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2008-10-09 1410296]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-27 8473120]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-27 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"="C:\Windows\System32\drivers\cmstp.exe" [2008-10-12 81920]
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ComRepl"="C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe" [2008-10-12 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{15898CC2-D832-4881-8B12-3AF3F19FA741}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{844EDEA2-D01E-4C16-9656-B305D7960AC5}"= C:\Program Files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{A9EFEFB9-E314-4419-80EC-CD2B2EAB5D38}"= C:\Program Files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{DB0B2ECE-46A3-4E34-82D9-9F8C61E6780B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{58454799-26DF-4A5B-AD65-6D0C9D9E810F}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{D38CDB8A-8FBF-4784-88CF-F95A7D0FEBF8}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{F75CBE57-79A3-4B2F-A2B0-81BDC57E122F}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{241FFC13-2654-4F5B-8A29-8427CAE16CBB}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{B7D6EB48-3F45-495A-9B3A-438B2B8642AD}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{569BE145-F2AE-495D-B362-0683B0C5BBAA}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{6BCE66F6-001E-4D00-BE94-A70EA1380280}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{36598A21-97A9-4635-974C-8D4E11258EAC}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{9FC58FF5-EBF6-49E7-A9EE-3E4B29E91544}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{6BE2000B-1C2A-465A-A020-C25EAAAC350B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5E461E93-32BF-4F38-B5F5-F8E496C3C202}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{396FAE6E-B04E-43AD-80C4-5153B8248E28}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A0C2AEEA-6F3A-4E60-A769-22E22CAFF526}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{30A60FEA-4F84-48A5-BE97-BDA078D8E153}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2F5F85C1-4CC5-4EBB-A4E7-36ED73A35D0C}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{F3C45E92-DFAB-4830-BECF-32B14C6A70BC}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{B00EBB69-EA57-4B06-B877-03AD9A5D8521}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{EA3B04E1-1541-4497-B2C2-B1C61475DDA2}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{B8B4B788-8CA8-4DED-9FB8-C70CE12F558C}C:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:C:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"UDP Query User{1B2B7F4B-3B2E-4D78-ADCC-C4270C4FAF17}C:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:C:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"{4EB6C1BA-9B67-46D5-9AB0-8ACC8EB12C6F}"= UDP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{BA760ABA-3AB5-4209-BBF5-1EB6402C2921}"= TCP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{C006A9ED-A291-4F55-A23C-1C467A234F6D}"= UDP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"{4A014746-3BD9-402D-8DEB-36E06D40B0D8}"= TCP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"TCP Query User{18731FA5-AE82-4D41-A6AF-2A3FA8A20E3A}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{A88C8753-212A-4DCF-9E7B-3A303EF71DDA}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"TCP Query User{B6DF18D9-A3FC-4632-A6D8-64359EDCFDAB}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2CF11DE1-C1DA-4163-A666-BEBA204A8433}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{12BC906A-2BD5-4872-9469-A1DE1AFCB92C}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A27202A9-DD5F-4A83-BC03-533CEBE229FC}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{F3736C70-5A9D-4CF9-AC13-16C9D5C894CB}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D69B4E9B-05F5-40EA-8490-9E271F926A4F}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{9BE9EA8B-1BF0-489C-BDEF-892FEA52C915}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{90FB01A1-0D90-411C-87B2-0DA8E726BE2E}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{156CAC47-D9A1-4303-AE6E-B9036E6392A8}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{97FAAFD3-8083-4029-A1CE-571DA9348109}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{32C307B9-164E-4009-AC6F-E3D9213FC9A0}C:\\program files\\valve\\steam\\steamapps\\x\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\cycylonchfeu\counter-strike source\hl2.exe:hl2
"UDP Query User{CFD1BA55-6E00-4C31-9B5E-F73FA982C136}C:\\program files\\valve\\steam\\steamapps\\x\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\cycylonchfeu\counter-strike source\hl2.exe:hl2
"{D42CC645-5390-4CF2-8F2E-D7AA7E4C904D}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{D8F38A63-4E78-4F31-A3D4-A964990B81E4}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{690AE736-6181-4002-A409-59E84137C878}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{A8A1A36A-5CF9-480D-A224-9945663E91F7}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{DE3B3D76-5DF8-4A35-9EBE-3EBE3BA20DA9}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8D8C69A8-8DAB-4FC4-A9EB-6D8BB2522285}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{99D43AC2-1663-4D1A-B9FB-66D60BF5595B}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{6E739FD0-7FB3-4665-846B-69972FBC56F2}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{999F9BF2-3E7E-4B92-B952-743DF5D2C9C4}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{8A5B0B70-B545-4DBB-8C0F-D8850C7C9D7B}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{15529BE6-2F3B-4CCD-9E6A-E4EFC557A4F0}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5457891B-D77F-458F-9DEF-E462510F38CE}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{D1D6F5CB-CC7B-478E-9BD4-3928E71E757B}"= UDP:C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\7zS38DB.tmp\SymNRT.exe:Norton Removal Tool
"{1540E84C-3281-4384-BB4F-D459BE7679C4}"= TCP:C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\7zS38DB.tmp\SymNRT.exe:Norton Removal Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\DVDPlay\[u]0/u00.fcl [2008-03-11 11:17 41456]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 50768]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-10-01 1129344]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [2007-09-13 25760]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-10-06 87288]
.
Contenu du dossier 'Tâches planifiées'
2008-10-20 C:\Windows\Tasks\User_Feed_Synchronization-{E371418A-2D8A-480C-AD5C-C91E5946172E}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 15:50:15
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-21 15:51:58
ComboFix-quarantined-files.txt 2008-10-21 13:51:53
ComboFix2.txt 2008-10-20 15:00:44
Avant-CF: 206 124 130 304 octets libres
Après-CF: 206,087,860,224 octets libres
301 --- E O F --- 2008-10-17 16:45:02
voilà combofix
ComboFix 08-10-19.04 - Cyrille 2008-10-21 15:46:31.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2463 [GMT 2:00]
Lancé depuis: C:\Users\Cyrille.CYRILLE\Downloads\ComboFix.exe
Commutateurs utilisés :: C:\Users\Cyrille.CYRILLE\Desktop\CFscript.txt
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-21 au 2008-10-21 ))))))))))))))))))))))))))))))))))))
.
2008-10-20 18:21 . 2008-10-20 18:21 <REP> d-------- C:\Users\Cyrille.CYRILLE\AppData\Roaming\Malwarebytes
2008-10-20 18:21 . 2008-10-20 18:21 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-20 18:21 . 2008-10-20 18:21 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-20 18:21 . 2008-10-20 18:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-20 18:21 . 2008-10-16 20:25 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-20 18:21 . 2008-10-16 20:25 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-20 18:18 . 2008-10-12 17:55 81,920 --a------ C:\Windows\System32\drivers\cmstp.exe
2008-10-20 18:07 . 2008-10-20 18:07 <REP> d-------- C:\_OTMoveIt
2008-10-20 17:37 . 2008-10-20 17:41 <REP> d-------- C:\Program Files\UsbFix
2008-10-20 16:59 . 2008-10-12 17:55 81,920 --a------ C:\Users\Cyrille.CYRILLE\AppData\Roaming\comrepl.exe
2008-10-20 16:59 . 2008-10-12 17:55 81,920 --a------ C:\Users\Cyrille.CYRILLE\AppData\Roaming\cisvc.exe
2008-10-19 12:48 . 2008-10-19 12:50 <REP> d-------- C:\Users\All Users\Lavasoft
2008-10-19 12:48 . 2008-10-19 12:50 <REP> d-------- C:\ProgramData\Lavasoft
2008-10-19 12:48 . 2008-10-19 12:48 <REP> d-------- C:\Program Files\Lavasoft
2008-10-17 22:44 . 2008-10-17 22:44 <REP> d-------- C:\Program Files\CCleaner
2008-10-15 18:44 . 2008-10-15 18:44 <REP> d-------- C:\Program Files\Ubisoft
2008-10-15 17:32 . 2008-09-18 06:27 3,506,744 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 17:32 . 2008-09-18 06:27 3,472,952 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 17:32 . 2008-09-18 04:03 2,027,520 --a------ C:\Windows\System32\win32k.sys
2008-10-15 17:32 . 2008-08-26 03:12 290,304 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-14 20:42 . 2008-10-14 20:42 244 --ah----- C:\sqmnoopt09.sqm
2008-10-14 20:42 . 2008-10-14 20:42 232 --ah----- C:\sqmdata09.sqm
2008-10-14 18:02 . 2008-10-14 18:02 <REP> dr-h----- C:\Users\Cyrille.CYRILLE\AppData\Roaming\SecuROM
2008-10-14 18:00 . 2008-10-14 18:00 <REP> d-------- C:\Windows\System32\URTTEMP
2008-10-14 17:59 . 2008-10-14 22:30 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-10-14 17:59 . 2008-10-14 17:59 22,328 --a------ C:\Users\Cyrille.CYRILLE\AppData\Roaming\PnkBstrK.sys
2008-10-14 17:58 . 2008-10-14 17:58 669,184 --a------ C:\Windows\System32\pbsvc.exe
2008-10-14 17:58 . 2008-10-14 22:30 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-10-14 17:58 . 2008-10-14 17:58 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-10-14 17:56 . 2008-10-14 17:56 <REP> d-------- C:\Users\All Users\Media Center Programs
2008-10-14 17:56 . 2008-10-14 17:56 <REP> d-------- C:\ProgramData\Media Center Programs
2008-10-14 17:43 . 2008-10-14 17:43 <REP> d-------- C:\Program Files\Electronic Arts
2008-10-14 16:30 . 2008-10-14 16:43 <REP> d-------- C:\Program Files\Prey
2008-10-14 15:52 . 2008-10-14 15:52 <REP> d-------- C:\Users\Cyrille.CYRILLE\AppData\Roaming\Disney Interactive Studios
2008-10-14 15:33 . 2008-10-14 15:33 <REP> d-------- C:\Program Files\Disney Interactive Studios
2008-10-14 15:30 . 2008-10-14 15:30 <REP> d-------- C:\Users\Cyrille.CYRILLE\AppData\Roaming\InstallShield
2008-10-14 15:30 . 2008-10-14 15:48 1,002 --a------ C:\Windows\disney.ini
2008-10-13 19:01 . 2008-10-13 19:01 443,756 --a------ C:\Windows\Oral
2008-10-12 17:12 . 2008-10-12 17:12 <REP> d-------- C:\Program Files\THQ
2008-09-29 20:27 . 2008-09-29 20:27 268 --ah----- C:\sqmdata08.sqm
2008-09-29 20:27 . 2008-09-29 20:27 244 --ah----- C:\sqmnoopt08.sqm
2008-09-23 18:12 . 2008-10-19 15:45 23 --a------ C:\Windows\BlendSettings.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 13:43 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\DNA
2008-10-20 14:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-20 14:46 --------- d-----w C:\ProgramData\Symantec
2008-10-19 09:05 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\BitTorrent
2008-10-19 09:03 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\gtk-2.0
2008-10-16 21:56 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\LimeWire
2008-10-16 11:48 --------- d-----w C:\Program Files\Windows Mail
2008-10-16 10:28 --------- d-----w C:\Program Files\Astonsoft
2008-10-15 16:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-14 13:49 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-10-12 16:31 --------- d-----w C:\Program Files\eMule
2008-10-09 12:37 --------- d-----w C:\Program Files\Common Files\Steam
2008-10-02 03:49 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-09-29 19:53 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\OpenOffice.org2
2008-09-26 17:47 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-23 16:00 --------- d-----w C:\Program Files\Bethesda Softworks
2008-09-19 20:10 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-09-19 17:09 --------- d-----w C:\ProgramData\Avira
2008-09-19 17:09 --------- d-----w C:\Program Files\Avira
2008-09-17 20:07 --------- d-----w C:\Program Files\DNA
2008-09-15 17:24 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\Dev-Cpp
2008-09-14 17:42 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\Samsung
2008-09-14 17:20 --------- d-----w C:\Program Files\Samsung
2008-09-11 19:20 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-09-09 12:47 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-09-07 15:07 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\AVS4YOU
2008-09-07 15:07 --------- d-----w C:\ProgramData\AVS4YOU
2008-09-05 14:14 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\DivX
2008-09-05 14:13 --------- d-----w C:\Program Files\DivX
2008-09-05 14:13 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-09-04 11:18 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-02 17:08 --------- d-----w C:\Program Files\Red Kawa
2008-08-27 08:38 --------- d-----w C:\Program Files\Diablo II
2008-08-27 08:36 21,840 ----atw C:\Windows\System32\SIntfNT.dll
2008-08-27 08:36 17,212 ----atw C:\Windows\System32\SIntf32.dll
2008-08-27 08:36 12,067 ----atw C:\Windows\System32\SIntf16.dll
2008-08-27 06:57 2,829 ----a-w C:\Windows\DIIUnin.pif
2008-08-27 06:57 102,400 ----a-w C:\Windows\DIIUnin.exe
2008-08-22 15:48 --------- d-----w C:\Program Files\Microsoft Games
2008-08-05 22:02 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-08-05 22:02 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-08-05 22:00 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-08-05 21:58 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-08-05 21:58 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-08-05 21:58 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-08-05 21:58 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-08-05 21:58 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-08-04 11:47 729,088 ----a-w C:\Windows\iun6002.exe
2008-08-02 19:10 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-07-31 08:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-25 11:19 3,426,072 ----a-w C:\Windows\System32\d3dx9_32.dll
2008-07-16 15:37 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2008-10-20_17.00.11.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-20 14:48:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-21 13:33:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-10-20 14:48:48 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-10-21 13:33:05 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-20 14:51:27 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-21 13:35:42 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-21 13:35:42 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-20 14:59:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-21 13:50:07 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-21 13:50:07 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-20 14:48:49 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-21 13:35:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-20 14:48:49 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-21 13:35:12 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-20 14:48:49 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-21 13:35:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-20 14:55:49 107,416 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-10-21 13:39:35 107,416 ----a-w C:\Windows\System32\perfc009.dat
- 2008-10-20 14:55:50 121,814 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-10-21 13:39:35 121,814 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-10-20 14:55:50 618,272 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-10-21 13:39:35 618,272 ----a-w C:\Windows\System32\perfh009.dat
- 2008-10-20 14:55:50 699,984 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-10-21 13:39:35 699,984 ----a-w C:\Windows\System32\perfh00C.dat
- 2008-10-20 14:51:13 5,454 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3506581386-3588203364-262623782-1001_UserData.bin
+ 2008-10-21 13:35:35 5,670 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3506581386-3588203364-262623782-1001_UserData.bin
- 2008-10-20 14:51:13 73,728 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-21 13:35:35 74,582 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-20 14:51:11 44,602 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-21 13:35:31 45,448 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Instantané actualisé --
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2008-10-09 1410296]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-27 8473120]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-27 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"="C:\Windows\System32\drivers\cmstp.exe" [2008-10-12 81920]
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ComRepl"="C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe" [2008-10-12 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{15898CC2-D832-4881-8B12-3AF3F19FA741}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{844EDEA2-D01E-4C16-9656-B305D7960AC5}"= C:\Program Files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{A9EFEFB9-E314-4419-80EC-CD2B2EAB5D38}"= C:\Program Files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{DB0B2ECE-46A3-4E34-82D9-9F8C61E6780B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{58454799-26DF-4A5B-AD65-6D0C9D9E810F}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{D38CDB8A-8FBF-4784-88CF-F95A7D0FEBF8}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{F75CBE57-79A3-4B2F-A2B0-81BDC57E122F}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{241FFC13-2654-4F5B-8A29-8427CAE16CBB}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{B7D6EB48-3F45-495A-9B3A-438B2B8642AD}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{569BE145-F2AE-495D-B362-0683B0C5BBAA}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{6BCE66F6-001E-4D00-BE94-A70EA1380280}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{36598A21-97A9-4635-974C-8D4E11258EAC}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{9FC58FF5-EBF6-49E7-A9EE-3E4B29E91544}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{6BE2000B-1C2A-465A-A020-C25EAAAC350B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5E461E93-32BF-4F38-B5F5-F8E496C3C202}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{396FAE6E-B04E-43AD-80C4-5153B8248E28}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A0C2AEEA-6F3A-4E60-A769-22E22CAFF526}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{30A60FEA-4F84-48A5-BE97-BDA078D8E153}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2F5F85C1-4CC5-4EBB-A4E7-36ED73A35D0C}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{F3C45E92-DFAB-4830-BECF-32B14C6A70BC}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{B00EBB69-EA57-4B06-B877-03AD9A5D8521}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{EA3B04E1-1541-4497-B2C2-B1C61475DDA2}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{B8B4B788-8CA8-4DED-9FB8-C70CE12F558C}C:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:C:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"UDP Query User{1B2B7F4B-3B2E-4D78-ADCC-C4270C4FAF17}C:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:C:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"{4EB6C1BA-9B67-46D5-9AB0-8ACC8EB12C6F}"= UDP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{BA760ABA-3AB5-4209-BBF5-1EB6402C2921}"= TCP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{C006A9ED-A291-4F55-A23C-1C467A234F6D}"= UDP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"{4A014746-3BD9-402D-8DEB-36E06D40B0D8}"= TCP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"TCP Query User{18731FA5-AE82-4D41-A6AF-2A3FA8A20E3A}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{A88C8753-212A-4DCF-9E7B-3A303EF71DDA}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"TCP Query User{B6DF18D9-A3FC-4632-A6D8-64359EDCFDAB}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2CF11DE1-C1DA-4163-A666-BEBA204A8433}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{12BC906A-2BD5-4872-9469-A1DE1AFCB92C}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A27202A9-DD5F-4A83-BC03-533CEBE229FC}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{F3736C70-5A9D-4CF9-AC13-16C9D5C894CB}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D69B4E9B-05F5-40EA-8490-9E271F926A4F}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{9BE9EA8B-1BF0-489C-BDEF-892FEA52C915}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{90FB01A1-0D90-411C-87B2-0DA8E726BE2E}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{156CAC47-D9A1-4303-AE6E-B9036E6392A8}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{97FAAFD3-8083-4029-A1CE-571DA9348109}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{32C307B9-164E-4009-AC6F-E3D9213FC9A0}C:\\program files\\valve\\steam\\steamapps\\x\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\cycylonchfeu\counter-strike source\hl2.exe:hl2
"UDP Query User{CFD1BA55-6E00-4C31-9B5E-F73FA982C136}C:\\program files\\valve\\steam\\steamapps\\x\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\cycylonchfeu\counter-strike source\hl2.exe:hl2
"{D42CC645-5390-4CF2-8F2E-D7AA7E4C904D}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{D8F38A63-4E78-4F31-A3D4-A964990B81E4}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{690AE736-6181-4002-A409-59E84137C878}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{A8A1A36A-5CF9-480D-A224-9945663E91F7}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{DE3B3D76-5DF8-4A35-9EBE-3EBE3BA20DA9}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8D8C69A8-8DAB-4FC4-A9EB-6D8BB2522285}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{99D43AC2-1663-4D1A-B9FB-66D60BF5595B}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{6E739FD0-7FB3-4665-846B-69972FBC56F2}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{999F9BF2-3E7E-4B92-B952-743DF5D2C9C4}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{8A5B0B70-B545-4DBB-8C0F-D8850C7C9D7B}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{15529BE6-2F3B-4CCD-9E6A-E4EFC557A4F0}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5457891B-D77F-458F-9DEF-E462510F38CE}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{D1D6F5CB-CC7B-478E-9BD4-3928E71E757B}"= UDP:C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\7zS38DB.tmp\SymNRT.exe:Norton Removal Tool
"{1540E84C-3281-4384-BB4F-D459BE7679C4}"= TCP:C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\7zS38DB.tmp\SymNRT.exe:Norton Removal Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\DVDPlay\[u]0/u00.fcl [2008-03-11 11:17 41456]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 50768]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-10-01 1129344]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [2007-09-13 25760]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-10-06 87288]
.
Contenu du dossier 'Tâches planifiées'
2008-10-20 C:\Windows\Tasks\User_Feed_Synchronization-{E371418A-2D8A-480C-AD5C-C91E5946172E}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 15:50:15
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-21 15:51:58
ComboFix-quarantined-files.txt 2008-10-21 13:51:53
ComboFix2.txt 2008-10-20 15:00:44
Avant-CF: 206 124 130 304 octets libres
Après-CF: 206,087,860,224 octets libres
301 --- E O F --- 2008-10-17 16:45:02
et Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:04, on 21/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cyrille.CYRILLE\Downloads\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System32\drivers\cmstp.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ComRepl] C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ComRepl] C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe /waitservice (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\{66AC7A1D-A798-4CFC-86E3-14DEFEB5E064}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:21:04, on 21/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cyrille.CYRILLE\Downloads\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [CmSTP] C:\Windows\System32\drivers\cmstp.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [ComRepl] C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [ComRepl] C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe /waitservice (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\{66AC7A1D-A798-4CFC-86E3-14DEFEB5E064}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
21 oct. 2008 à 18:58
21 oct. 2008 à 18:58
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Driver ::
cmstp
File::
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe
C:\Windows\System32\drivers\cmstp.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"=-
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ComRepl"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
Driver ::
cmstp
File::
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe
C:\Windows\System32\drivers\cmstp.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"=-
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ComRepl"=-
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Voilà le nouveau rapport de combofix:
ComboFix 08-10-19.04 - Cyrille 2008-10-21 20:01:00.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2413 [GMT 2:00]
Lancé depuis: C:\Users\Cyrille.CYRILLE\Downloads\ComboFix.exe
Commutateurs utilisés :: C:\Users\Cyrille.CYRILLE\Desktop\CFscript.txt
* Un nouveau point de restauration a été créé
FILE ::
C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
C:\Windows\System32\drivers\cmstp.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe
C:\Windows\System32\drivers\cmstp.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-21 au 2008-10-21 ))))))))))))))))))))))))))))))))))))
.
2008-10-21 20:05 . 2008-10-12 17:55 81,920 --a------ C:\Windows\mstinit.exe
2008-10-21 20:04 . 2008-10-12 17:55 81,920 --a------ C:\Windows\System32\drivers\cisvc.exe
2008-10-21 17:34 . 2008-10-12 17:55 81,920 --a------ C:\Windows\system\clipsrv.exe
2008-10-20 18:21 . 2008-10-20 18:21 <REP> d-------- C:\Users\Cyrille.CYRILLE\AppData\Roaming\Malwarebytes
2008-10-20 18:21 . 2008-10-20 18:21 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-20 18:21 . 2008-10-20 18:21 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-20 18:21 . 2008-10-20 18:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-20 18:21 . 2008-10-16 20:25 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-20 18:21 . 2008-10-16 20:25 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-20 18:07 . 2008-10-20 18:07 <REP> d-------- C:\_OTMoveIt
2008-10-20 17:37 . 2008-10-20 17:41 <REP> d-------- C:\Program Files\UsbFix
2008-10-20 16:59 . 2008-10-12 17:55 81,920 --a------ C:\Users\Cyrille.CYRILLE\AppData\Roaming\cisvc.exe
2008-10-19 12:48 . 2008-10-19 12:50 <REP> d-------- C:\Users\All Users\Lavasoft
2008-10-19 12:48 . 2008-10-19 12:50 <REP> d-------- C:\ProgramData\Lavasoft
2008-10-19 12:48 . 2008-10-19 12:48 <REP> d-------- C:\Program Files\Lavasoft
2008-10-17 22:44 . 2008-10-17 22:44 <REP> d-------- C:\Program Files\CCleaner
2008-10-15 18:44 . 2008-10-15 18:44 <REP> d-------- C:\Program Files\Ubisoft
2008-10-15 17:32 . 2008-09-18 06:27 3,506,744 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 17:32 . 2008-09-18 06:27 3,472,952 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 17:32 . 2008-09-18 04:03 2,027,520 --a------ C:\Windows\System32\win32k.sys
2008-10-15 17:32 . 2008-08-26 03:12 290,304 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-14 20:42 . 2008-10-14 20:42 244 --ah----- C:\sqmnoopt09.sqm
2008-10-14 20:42 . 2008-10-14 20:42 232 --ah----- C:\sqmdata09.sqm
2008-10-14 18:02 . 2008-10-14 18:02 <REP> dr-h----- C:\Users\Cyrille.CYRILLE\AppData\Roaming\SecuROM
2008-10-14 18:00 . 2008-10-14 18:00 <REP> d-------- C:\Windows\System32\URTTEMP
2008-10-14 17:59 . 2008-10-14 22:30 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-10-14 17:59 . 2008-10-14 17:59 22,328 --a------ C:\Users\Cyrille.CYRILLE\AppData\Roaming\PnkBstrK.sys
2008-10-14 17:58 . 2008-10-14 17:58 669,184 --a------ C:\Windows\System32\pbsvc.exe
2008-10-14 17:58 . 2008-10-14 22:30 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-10-14 17:58 . 2008-10-14 17:58 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-10-14 17:56 . 2008-10-14 17:56 <REP> d-------- C:\Users\All Users\Media Center Programs
2008-10-14 17:56 . 2008-10-14 17:56 <REP> d-------- C:\ProgramData\Media Center Programs
2008-10-14 17:43 . 2008-10-14 17:43 <REP> d-------- C:\Program Files\Electronic Arts
2008-10-14 16:30 . 2008-10-14 16:43 <REP> d-------- C:\Program Files\Prey
2008-10-14 15:52 . 2008-10-14 15:52 <REP> d-------- C:\Users\Cyrille.CYRILLE\AppData\Roaming\Disney Interactive Studios
2008-10-14 15:33 . 2008-10-14 15:33 <REP> d-------- C:\Program Files\Disney Interactive Studios
2008-10-14 15:30 . 2008-10-14 15:30 <REP> d-------- C:\Users\Cyrille.CYRILLE\AppData\Roaming\InstallShield
2008-10-14 15:30 . 2008-10-14 15:48 1,002 --a------ C:\Windows\disney.ini
2008-10-13 19:01 . 2008-10-13 19:01 443,756 --a------ C:\Windows\Oral
2008-10-12 17:12 . 2008-10-12 17:12 <REP> d-------- C:\Program Files\THQ
2008-09-29 20:27 . 2008-09-29 20:27 268 --ah----- C:\sqmdata08.sqm
2008-09-29 20:27 . 2008-09-29 20:27 244 --ah----- C:\sqmnoopt08.sqm
2008-09-23 18:12 . 2008-10-19 15:45 23 --a------ C:\Windows\BlendSettings.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 18:03 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\DNA
2008-10-21 17:56 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\BitTorrent
2008-10-20 14:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-20 14:46 --------- d-----w C:\ProgramData\Symantec
2008-10-19 09:03 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\gtk-2.0
2008-10-16 21:56 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\LimeWire
2008-10-16 11:48 --------- d-----w C:\Program Files\Windows Mail
2008-10-16 10:28 --------- d-----w C:\Program Files\Astonsoft
2008-10-15 16:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-14 13:49 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-10-12 16:31 --------- d-----w C:\Program Files\eMule
2008-10-09 12:37 --------- d-----w C:\Program Files\Common Files\Steam
2008-10-02 03:49 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-09-29 19:53 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\OpenOffice.org2
2008-09-26 17:47 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-23 16:00 --------- d-----w C:\Program Files\Bethesda Softworks
2008-09-19 20:10 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-09-19 17:09 --------- d-----w C:\ProgramData\Avira
2008-09-19 17:09 --------- d-----w C:\Program Files\Avira
2008-09-17 20:07 --------- d-----w C:\Program Files\DNA
2008-09-15 17:24 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\Dev-Cpp
2008-09-14 17:42 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\Samsung
2008-09-14 17:20 --------- d-----w C:\Program Files\Samsung
2008-09-11 19:20 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-09-09 12:47 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-09-07 15:07 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\AVS4YOU
2008-09-07 15:07 --------- d-----w C:\ProgramData\AVS4YOU
2008-09-05 14:14 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\DivX
2008-09-05 14:13 --------- d-----w C:\Program Files\DivX
2008-09-05 14:13 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-09-04 11:18 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-02 17:08 --------- d-----w C:\Program Files\Red Kawa
2008-08-27 08:38 --------- d-----w C:\Program Files\Diablo II
2008-08-27 08:36 21,840 ----atw C:\Windows\System32\SIntfNT.dll
2008-08-27 08:36 17,212 ----atw C:\Windows\System32\SIntf32.dll
2008-08-27 08:36 12,067 ----atw C:\Windows\System32\SIntf16.dll
2008-08-27 06:57 2,829 ----a-w C:\Windows\DIIUnin.pif
2008-08-27 06:57 102,400 ----a-w C:\Windows\DIIUnin.exe
2008-08-22 15:48 --------- d-----w C:\Program Files\Microsoft Games
2008-08-05 22:02 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-08-05 22:02 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-08-05 22:00 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-08-05 21:58 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-08-05 21:58 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-08-05 21:58 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-08-05 21:58 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-08-05 21:58 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-08-04 11:47 729,088 ----a-w C:\Windows\iun6002.exe
2008-08-02 19:10 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-07-31 08:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-25 11:19 3,426,072 ----a-w C:\Windows\System32\d3dx9_32.dll
2008-07-16 15:37 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot_2008-10-21_15.51.07.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-21 13:50:07 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-21 18:05:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-21 18:05:10 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-21 13:35:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-21 17:37:22 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-21 13:35:12 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-21 17:37:22 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-21 13:35:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-21 17:37:22 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2008-10-09 1410296]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-27 8473120]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-27 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Logman"="C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\MICROS~1\logman.exe" [2008-10-12 81920]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ClipSrv"="C:\Windows\System\clipsrv.exe" [2008-10-12 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\Windows\mstinit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{15898CC2-D832-4881-8B12-3AF3F19FA741}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{844EDEA2-D01E-4C16-9656-B305D7960AC5}"= C:\Program Files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{A9EFEFB9-E314-4419-80EC-CD2B2EAB5D38}"= C:\Program Files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{DB0B2ECE-46A3-4E34-82D9-9F8C61E6780B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{58454799-26DF-4A5B-AD65-6D0C9D9E810F}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{D38CDB8A-8FBF-4784-88CF-F95A7D0FEBF8}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{F75CBE57-79A3-4B2F-A2B0-81BDC57E122F}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{241FFC13-2654-4F5B-8A29-8427CAE16CBB}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{B7D6EB48-3F45-495A-9B3A-438B2B8642AD}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{569BE145-F2AE-495D-B362-0683B0C5BBAA}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{6BCE66F6-001E-4D00-BE94-A70EA1380280}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{36598A21-97A9-4635-974C-8D4E11258EAC}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{9FC58FF5-EBF6-49E7-A9EE-3E4B29E91544}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{6BE2000B-1C2A-465A-A020-C25EAAAC350B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5E461E93-32BF-4F38-B5F5-F8E496C3C202}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{396FAE6E-B04E-43AD-80C4-5153B8248E28}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A0C2AEEA-6F3A-4E60-A769-22E22CAFF526}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{30A60FEA-4F84-48A5-BE97-BDA078D8E153}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2F5F85C1-4CC5-4EBB-A4E7-36ED73A35D0C}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{F3C45E92-DFAB-4830-BECF-32B14C6A70BC}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{B00EBB69-EA57-4B06-B877-03AD9A5D8521}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{EA3B04E1-1541-4497-B2C2-B1C61475DDA2}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{B8B4B788-8CA8-4DED-9FB8-C70CE12F558C}C:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:C:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"UDP Query User{1B2B7F4B-3B2E-4D78-ADCC-C4270C4FAF17}C:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:C:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"{4EB6C1BA-9B67-46D5-9AB0-8ACC8EB12C6F}"= UDP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{BA760ABA-3AB5-4209-BBF5-1EB6402C2921}"= TCP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{C006A9ED-A291-4F55-A23C-1C467A234F6D}"= UDP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"{4A014746-3BD9-402D-8DEB-36E06D40B0D8}"= TCP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"TCP Query User{18731FA5-AE82-4D41-A6AF-2A3FA8A20E3A}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{A88C8753-212A-4DCF-9E7B-3A303EF71DDA}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"TCP Query User{B6DF18D9-A3FC-4632-A6D8-64359EDCFDAB}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2CF11DE1-C1DA-4163-A666-BEBA204A8433}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{12BC906A-2BD5-4872-9469-A1DE1AFCB92C}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A27202A9-DD5F-4A83-BC03-533CEBE229FC}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{F3736C70-5A9D-4CF9-AC13-16C9D5C894CB}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D69B4E9B-05F5-40EA-8490-9E271F926A4F}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{9BE9EA8B-1BF0-489C-BDEF-892FEA52C915}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{90FB01A1-0D90-411C-87B2-0DA8E726BE2E}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{156CAC47-D9A1-4303-AE6E-B9036E6392A8}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{97FAAFD3-8083-4029-A1CE-571DA9348109}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{32C307B9-164E-4009-AC6F-E3D9213FC9A0}C:\\program files\\valve\\steam\\steamapps\\x\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\x\counter-strike source\hl2.exe:hl2
"UDP Query User{CFD1BA55-6E00-4C31-9B5E-F73FA982C136}C:\\program files\\valve\\steam\\steamapps\\x\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\x\counter-strike source\hl2.exe:hl2
"{D42CC645-5390-4CF2-8F2E-D7AA7E4C904D}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{D8F38A63-4E78-4F31-A3D4-A964990B81E4}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{690AE736-6181-4002-A409-59E84137C878}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{A8A1A36A-5CF9-480D-A224-9945663E91F7}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{DE3B3D76-5DF8-4A35-9EBE-3EBE3BA20DA9}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8D8C69A8-8DAB-4FC4-A9EB-6D8BB2522285}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{99D43AC2-1663-4D1A-B9FB-66D60BF5595B}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{6E739FD0-7FB3-4665-846B-69972FBC56F2}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{999F9BF2-3E7E-4B92-B952-743DF5D2C9C4}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{8A5B0B70-B545-4DBB-8C0F-D8850C7C9D7B}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{15529BE6-2F3B-4CCD-9E6A-E4EFC557A4F0}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5457891B-D77F-458F-9DEF-E462510F38CE}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{D1D6F5CB-CC7B-478E-9BD4-3928E71E757B}"= UDP:C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\7zS38DB.tmp\SymNRT.exe:Norton Removal Tool
"{1540E84C-3281-4384-BB4F-D459BE7679C4}"= TCP:C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\7zS38DB.tmp\SymNRT.exe:Norton Removal Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\DVDPlay\[u]0/u00.fcl [2008-03-11 11:17 41456]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 50768]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-10-01 1129344]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [2007-09-13 25760]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-10-06 87288]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e968b55d-557e-11dd-ae7d-001e90047df6}]
\shell\AutoRun\command - L:\Autoplay.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-21 C:\Windows\Tasks\User_Feed_Synchronization-{E371418A-2D8A-480C-AD5C-C91E5946172E}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKU-Default-Explorer_Run-SessMgr - C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\sessmgr.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 20:05:13
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-21 20:07:17
ComboFix-quarantined-files.txt 2008-10-21 18:07:13
ComboFix2.txt 2008-10-21 13:51:59
ComboFix3.txt 2008-10-20 15:00:44
Avant-CF: 205 952 151 552 octets libres
Après-CF: 205,828,976,640 octets libres
295 --- E O F --- 2008-10-17 16:45:02
ComboFix 08-10-19.04 - Cyrille 2008-10-21 20:01:00.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.2413 [GMT 2:00]
Lancé depuis: C:\Users\Cyrille.CYRILLE\Downloads\ComboFix.exe
Commutateurs utilisés :: C:\Users\Cyrille.CYRILLE\Desktop\CFscript.txt
* Un nouveau point de restauration a été créé
FILE ::
C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
C:\Windows\System32\drivers\cmstp.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\CYRILL~1.CYR\AppData\Roaming\comrepl.exe
C:\Windows\System32\drivers\cmstp.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-21 au 2008-10-21 ))))))))))))))))))))))))))))))))))))
.
2008-10-21 20:05 . 2008-10-12 17:55 81,920 --a------ C:\Windows\mstinit.exe
2008-10-21 20:04 . 2008-10-12 17:55 81,920 --a------ C:\Windows\System32\drivers\cisvc.exe
2008-10-21 17:34 . 2008-10-12 17:55 81,920 --a------ C:\Windows\system\clipsrv.exe
2008-10-20 18:21 . 2008-10-20 18:21 <REP> d-------- C:\Users\Cyrille.CYRILLE\AppData\Roaming\Malwarebytes
2008-10-20 18:21 . 2008-10-20 18:21 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-20 18:21 . 2008-10-20 18:21 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-20 18:21 . 2008-10-20 18:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-20 18:21 . 2008-10-16 20:25 38,496 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-20 18:21 . 2008-10-16 20:25 15,504 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-20 18:07 . 2008-10-20 18:07 <REP> d-------- C:\_OTMoveIt
2008-10-20 17:37 . 2008-10-20 17:41 <REP> d-------- C:\Program Files\UsbFix
2008-10-20 16:59 . 2008-10-12 17:55 81,920 --a------ C:\Users\Cyrille.CYRILLE\AppData\Roaming\cisvc.exe
2008-10-19 12:48 . 2008-10-19 12:50 <REP> d-------- C:\Users\All Users\Lavasoft
2008-10-19 12:48 . 2008-10-19 12:50 <REP> d-------- C:\ProgramData\Lavasoft
2008-10-19 12:48 . 2008-10-19 12:48 <REP> d-------- C:\Program Files\Lavasoft
2008-10-17 22:44 . 2008-10-17 22:44 <REP> d-------- C:\Program Files\CCleaner
2008-10-15 18:44 . 2008-10-15 18:44 <REP> d-------- C:\Program Files\Ubisoft
2008-10-15 17:32 . 2008-09-18 06:27 3,506,744 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-10-15 17:32 . 2008-09-18 06:27 3,472,952 --a------ C:\Windows\System32\ntoskrnl.exe
2008-10-15 17:32 . 2008-09-18 04:03 2,027,520 --a------ C:\Windows\System32\win32k.sys
2008-10-15 17:32 . 2008-08-26 03:12 290,304 --a------ C:\Windows\System32\drivers\srv.sys
2008-10-14 20:42 . 2008-10-14 20:42 244 --ah----- C:\sqmnoopt09.sqm
2008-10-14 20:42 . 2008-10-14 20:42 232 --ah----- C:\sqmdata09.sqm
2008-10-14 18:02 . 2008-10-14 18:02 <REP> dr-h----- C:\Users\Cyrille.CYRILLE\AppData\Roaming\SecuROM
2008-10-14 18:00 . 2008-10-14 18:00 <REP> d-------- C:\Windows\System32\URTTEMP
2008-10-14 17:59 . 2008-10-14 22:30 22,328 --a------ C:\Windows\System32\drivers\PnkBstrK.sys
2008-10-14 17:59 . 2008-10-14 17:59 22,328 --a------ C:\Users\Cyrille.CYRILLE\AppData\Roaming\PnkBstrK.sys
2008-10-14 17:58 . 2008-10-14 17:58 669,184 --a------ C:\Windows\System32\pbsvc.exe
2008-10-14 17:58 . 2008-10-14 22:30 107,832 --a------ C:\Windows\System32\PnkBstrB.exe
2008-10-14 17:58 . 2008-10-14 17:58 66,872 --a------ C:\Windows\System32\PnkBstrA.exe
2008-10-14 17:56 . 2008-10-14 17:56 <REP> d-------- C:\Users\All Users\Media Center Programs
2008-10-14 17:56 . 2008-10-14 17:56 <REP> d-------- C:\ProgramData\Media Center Programs
2008-10-14 17:43 . 2008-10-14 17:43 <REP> d-------- C:\Program Files\Electronic Arts
2008-10-14 16:30 . 2008-10-14 16:43 <REP> d-------- C:\Program Files\Prey
2008-10-14 15:52 . 2008-10-14 15:52 <REP> d-------- C:\Users\Cyrille.CYRILLE\AppData\Roaming\Disney Interactive Studios
2008-10-14 15:33 . 2008-10-14 15:33 <REP> d-------- C:\Program Files\Disney Interactive Studios
2008-10-14 15:30 . 2008-10-14 15:30 <REP> d-------- C:\Users\Cyrille.CYRILLE\AppData\Roaming\InstallShield
2008-10-14 15:30 . 2008-10-14 15:48 1,002 --a------ C:\Windows\disney.ini
2008-10-13 19:01 . 2008-10-13 19:01 443,756 --a------ C:\Windows\Oral
2008-10-12 17:12 . 2008-10-12 17:12 <REP> d-------- C:\Program Files\THQ
2008-09-29 20:27 . 2008-09-29 20:27 268 --ah----- C:\sqmdata08.sqm
2008-09-29 20:27 . 2008-09-29 20:27 244 --ah----- C:\sqmnoopt08.sqm
2008-09-23 18:12 . 2008-10-19 15:45 23 --a------ C:\Windows\BlendSettings.ini
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-21 18:03 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\DNA
2008-10-21 17:56 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\BitTorrent
2008-10-20 14:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-10-20 14:46 --------- d-----w C:\ProgramData\Symantec
2008-10-19 09:03 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\gtk-2.0
2008-10-16 21:56 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\LimeWire
2008-10-16 11:48 --------- d-----w C:\Program Files\Windows Mail
2008-10-16 10:28 --------- d-----w C:\Program Files\Astonsoft
2008-10-15 16:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-14 13:49 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-10-12 16:31 --------- d-----w C:\Program Files\eMule
2008-10-09 12:37 --------- d-----w C:\Program Files\Common Files\Steam
2008-10-02 03:49 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-09-29 19:53 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\OpenOffice.org2
2008-09-26 17:47 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-09-23 16:00 --------- d-----w C:\Program Files\Bethesda Softworks
2008-09-19 20:10 --------- d-----w C:\Program Files\WinAVI MP4 Converter
2008-09-19 17:09 --------- d-----w C:\ProgramData\Avira
2008-09-19 17:09 --------- d-----w C:\Program Files\Avira
2008-09-17 20:07 --------- d-----w C:\Program Files\DNA
2008-09-15 17:24 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\Dev-Cpp
2008-09-14 17:42 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\Samsung
2008-09-14 17:20 --------- d-----w C:\Program Files\Samsung
2008-09-11 19:20 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2008-09-09 12:47 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-09-07 15:07 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\AVS4YOU
2008-09-07 15:07 --------- d-----w C:\ProgramData\AVS4YOU
2008-09-05 14:14 --------- d-----w C:\Users\Cyrille.CYRILLE\AppData\Roaming\DivX
2008-09-05 14:13 --------- d-----w C:\Program Files\DivX
2008-09-05 14:13 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-09-04 11:18 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-02 17:08 --------- d-----w C:\Program Files\Red Kawa
2008-08-27 08:38 --------- d-----w C:\Program Files\Diablo II
2008-08-27 08:36 21,840 ----atw C:\Windows\System32\SIntfNT.dll
2008-08-27 08:36 17,212 ----atw C:\Windows\System32\SIntf32.dll
2008-08-27 08:36 12,067 ----atw C:\Windows\System32\SIntf16.dll
2008-08-27 06:57 2,829 ----a-w C:\Windows\DIIUnin.pif
2008-08-27 06:57 102,400 ----a-w C:\Windows\DIIUnin.exe
2008-08-22 15:48 --------- d-----w C:\Program Files\Microsoft Games
2008-08-05 22:02 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-08-05 22:02 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-08-05 22:00 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-08-05 22:00 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-08-05 21:59 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-08-05 21:59 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-08-05 21:59 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-08-05 21:59 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-08-05 21:59 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-08-05 21:59 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-08-05 21:59 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-08-05 21:58 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-08-05 21:58 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-08-05 21:58 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-08-05 21:58 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-08-05 21:58 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-08-05 21:58 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-08-04 11:47 729,088 ----a-w C:\Windows\iun6002.exe
2008-08-02 19:10 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
2008-07-31 08:41 68,616 ----a-w C:\Windows\System32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\Windows\System32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\Windows\System32\XAudio2_2.dll
2008-07-31 03:34 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-07-31 03:34 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:34 28,160 ----a-w C:\Windows\System32\Apphlpdm.dll
2008-07-31 03:34 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:34 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-31 03:34 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-07-30 23:47 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-07-30 23:32 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-07-25 11:19 3,426,072 ----a-w C:\Windows\System32\d3dx9_32.dll
2008-07-16 15:37 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot_2008-10-21_15.51.07.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-21 13:50:07 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-21 18:05:10 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-21 18:05:10 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-10-21 13:35:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-21 17:37:22 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-21 13:35:12 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-21 17:37:22 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-21 13:35:12 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-21 17:37:22 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 125440]
"Steam"="C:\Program Files\Valve\Steam\\Steam.exe" [2008-10-09 1410296]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-17 289088]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-27 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-27 8473120]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-27 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 79224]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 C:\Windows\RtHDVCpl.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Logman"="C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\MICROS~1\logman.exe" [2008-10-12 81920]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ClipSrv"="C:\Windows\System\clipsrv.exe" [2008-10-12 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=C:\Windows\mstinit.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{15898CC2-D832-4881-8B12-3AF3F19FA741}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{844EDEA2-D01E-4C16-9656-B305D7960AC5}"= C:\Program Files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{A9EFEFB9-E314-4419-80EC-CD2B2EAB5D38}"= C:\Program Files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"{DB0B2ECE-46A3-4E34-82D9-9F8C61E6780B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{58454799-26DF-4A5B-AD65-6D0C9D9E810F}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{D38CDB8A-8FBF-4784-88CF-F95A7D0FEBF8}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{F75CBE57-79A3-4B2F-A2B0-81BDC57E122F}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{241FFC13-2654-4F5B-8A29-8427CAE16CBB}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{B7D6EB48-3F45-495A-9B3A-438B2B8642AD}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{569BE145-F2AE-495D-B362-0683B0C5BBAA}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{6BCE66F6-001E-4D00-BE94-A70EA1380280}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{36598A21-97A9-4635-974C-8D4E11258EAC}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{9FC58FF5-EBF6-49E7-A9EE-3E4B29E91544}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{6BE2000B-1C2A-465A-A020-C25EAAAC350B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{5E461E93-32BF-4F38-B5F5-F8E496C3C202}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{396FAE6E-B04E-43AD-80C4-5153B8248E28}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{A0C2AEEA-6F3A-4E60-A769-22E22CAFF526}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{30A60FEA-4F84-48A5-BE97-BDA078D8E153}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{2F5F85C1-4CC5-4EBB-A4E7-36ED73A35D0C}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{F3C45E92-DFAB-4830-BECF-32B14C6A70BC}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{B00EBB69-EA57-4B06-B877-03AD9A5D8521}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{EA3B04E1-1541-4497-B2C2-B1C61475DDA2}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{B8B4B788-8CA8-4DED-9FB8-C70CE12F558C}C:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:C:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"UDP Query User{1B2B7F4B-3B2E-4D78-ADCC-C4270C4FAF17}C:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:C:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"{4EB6C1BA-9B67-46D5-9AB0-8ACC8EB12C6F}"= UDP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{BA760ABA-3AB5-4209-BBF5-1EB6402C2921}"= TCP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_NO_SSE.exe:Earth 2160
"{C006A9ED-A291-4F55-A23C-1C467A234F6D}"= UDP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"{4A014746-3BD9-402D-8DEB-36E06D40B0D8}"= TCP:C:\Program Files\Reality Pump\Earth 2160\Earth2160_SSE.exe:Earth 2160
"TCP Query User{18731FA5-AE82-4D41-A6AF-2A3FA8A20E3A}C:\\program files\\itunes\\itunes.exe"= UDP:C:\program files\itunes\itunes.exe:iTunes
"UDP Query User{A88C8753-212A-4DCF-9E7B-3A303EF71DDA}C:\\program files\\itunes\\itunes.exe"= TCP:C:\program files\itunes\itunes.exe:iTunes
"TCP Query User{B6DF18D9-A3FC-4632-A6D8-64359EDCFDAB}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{2CF11DE1-C1DA-4163-A666-BEBA204A8433}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{12BC906A-2BD5-4872-9469-A1DE1AFCB92C}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A27202A9-DD5F-4A83-BC03-533CEBE229FC}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{F3736C70-5A9D-4CF9-AC13-16C9D5C894CB}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D69B4E9B-05F5-40EA-8490-9E271F926A4F}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{9BE9EA8B-1BF0-489C-BDEF-892FEA52C915}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{90FB01A1-0D90-411C-87B2-0DA8E726BE2E}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{156CAC47-D9A1-4303-AE6E-B9036E6392A8}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{97FAAFD3-8083-4029-A1CE-571DA9348109}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{32C307B9-164E-4009-AC6F-E3D9213FC9A0}C:\\program files\\valve\\steam\\steamapps\\x\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\x\counter-strike source\hl2.exe:hl2
"UDP Query User{CFD1BA55-6E00-4C31-9B5E-F73FA982C136}C:\\program files\\valve\\steam\\steamapps\\x\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\x\counter-strike source\hl2.exe:hl2
"{D42CC645-5390-4CF2-8F2E-D7AA7E4C904D}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{D8F38A63-4E78-4F31-A3D4-A964990B81E4}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{690AE736-6181-4002-A409-59E84137C878}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{A8A1A36A-5CF9-480D-A224-9945663E91F7}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{DE3B3D76-5DF8-4A35-9EBE-3EBE3BA20DA9}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{8D8C69A8-8DAB-4FC4-A9EB-6D8BB2522285}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{99D43AC2-1663-4D1A-B9FB-66D60BF5595B}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{6E739FD0-7FB3-4665-846B-69972FBC56F2}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{999F9BF2-3E7E-4B92-B952-743DF5D2C9C4}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{8A5B0B70-B545-4DBB-8C0F-D8850C7C9D7B}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{15529BE6-2F3B-4CCD-9E6A-E4EFC557A4F0}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5457891B-D77F-458F-9DEF-E462510F38CE}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{D1D6F5CB-CC7B-478E-9BD4-3928E71E757B}"= UDP:C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\7zS38DB.tmp\SymNRT.exe:Norton Removal Tool
"{1540E84C-3281-4384-BB4F-D459BE7679C4}"= TCP:C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\7zS38DB.tmp\SymNRT.exe:Norton Removal Tool
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 78416]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files\HP\DVDPlay\[u]0/u00.fcl [2008-03-11 11:17 41456]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 50768]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys [2007-10-01 1129344]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms [2007-09-13 25760]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-10-06 87288]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e968b55d-557e-11dd-ae7d-001e90047df6}]
\shell\AutoRun\command - L:\Autoplay.exe
.
Contenu du dossier 'Tâches planifiées'
2008-10-21 C:\Windows\Tasks\User_Feed_Synchronization-{E371418A-2D8A-480C-AD5C-C91E5946172E}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 11:45]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKU-Default-Explorer_Run-SessMgr - C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\sessmgr.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 20:05:13
Windows 6.0.6000 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-21 20:07:17
ComboFix-quarantined-files.txt 2008-10-21 18:07:13
ComboFix2.txt 2008-10-21 13:51:59
ComboFix3.txt 2008-10-20 15:00:44
Avant-CF: 205 952 151 552 octets libres
Après-CF: 205,828,976,640 octets libres
295 --- E O F --- 2008-10-17 16:45:02
et Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:17, on 21/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cyrille.CYRILLE\Downloads\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\CYRILL~1.CYR\AppData\Roaming\sessmgr.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\MICROS~1\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\Windows\System\clipsrv.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\MICROS~1\cisvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\MICROS~1\cisvc.exe /waitservice (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\{66AC7A1D-A798-4CFC-86E3-14DEFEB5E064}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:17, on 21/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\hp\support\hpsysdrv.exe
C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\cmstp.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\notepad.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Cyrille.CYRILLE\Downloads\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\CYRILL~1.CYR\AppData\Roaming\sessmgr.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\\Steam.exe -silent
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKLM\..\Policies\Explorer\Run: [Logman] C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\MICROS~1\logman.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\Windows\System\clipsrv.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Cisvc] C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\MICROS~1\cisvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Cisvc] C:\Users\CYRILL~1.CYR\LOCALS~1\APPLIC~1\MICROS~1\cisvc.exe /waitservice (User 'Default user')
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Users\Cyrille.CYRILLE\AppData\Local\Temp\{66AC7A1D-A798-4CFC-86E3-14DEFEB5E064}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O13 - Gopher Prefix:
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
