Antivirus XP Pro, comment l'enlever !?
Résolu
bobbyseguin
Messages postés
23
Statut
Membre
-
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,
je laisse lordi sans surveillance et le lendemain...
BANG Antivirus XP Pro me dit que mon ordi neuf, avec Nod32 et tout le tralala, est infecté....
mais avant tout..... C'EST QUOI ANTIVIRUS XP PRO loll
ALERTE !? = http://img264.imageshack.us/img264/7041/sanstitre2ub3.jpg
ha oui... aussi ce qui me dérange au plus haut point c'est que Vista me dit qu'il n'est plus capable de s'auto-valider...! mais j'ai les cléfs originales et tout!
merci!!
IMAGE VISTA NON LÉGAL !? = http://img264.imageshack.us/img264/7864/sanstitre1ax0.jpg
j'ai aussi remarqué que quand je cherche sur google, il m'amene sur des sites comme Search20 et etc...
donc voila le rapport de HiJackThis ;)
----------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 17:24:36, on 2009-01-25
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Realtek\8192U Wireless LAN Utility\RtlService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Realtek\8192U Wireless LAN Utility\RtWlan.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\twex.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\frmwrk32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Northstar\SmartCopy\SmartCopy.exe
C:\Program Files\Northstar\SmartLauncher\SmartLauncher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PhotoFiltre\PhotoFiltre.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\So\Desktop\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c0c&s=1&o=vp32&d=1208&m=aspire_m1201
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c0c&s=1&o=vp32&d=1208&m=aspire_m1201
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\twex.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "d:\jeux\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: SmartCopy.lnk = C:\Program Files\Northstar\SmartCopy\SmartCopy.exe
O4 - Global Startup: SmartLauncher.lnk = C:\Program Files\Northstar\SmartLauncher\SmartLauncher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\jeux\Party Poker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\jeux\Party Poker\PartyPoker\RunApp.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_1_0_4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBAE113B-CFC0-424D-909A-A2A23B821FBF}: NameServer = 24.200.243.189,24.201.245.77,24.200.241.37
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\system32\c00517F2.mat
O20 - Winlogon Notify: c00517F2 - C:\Windows\SYSTEM32\c00517F2.mat
O20 - Winlogon Notify: sys32 - sys32.dll (file missing)
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Realtek92U - Realtek - C:\Program Files\Realtek\8192U Wireless LAN Utility\RtlService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
je suis quand même bon en ordi mais la je m'y perd loll! :P
Merci
je laisse lordi sans surveillance et le lendemain...
BANG Antivirus XP Pro me dit que mon ordi neuf, avec Nod32 et tout le tralala, est infecté....
mais avant tout..... C'EST QUOI ANTIVIRUS XP PRO loll
ALERTE !? = http://img264.imageshack.us/img264/7041/sanstitre2ub3.jpg
ha oui... aussi ce qui me dérange au plus haut point c'est que Vista me dit qu'il n'est plus capable de s'auto-valider...! mais j'ai les cléfs originales et tout!
merci!!
IMAGE VISTA NON LÉGAL !? = http://img264.imageshack.us/img264/7864/sanstitre1ax0.jpg
j'ai aussi remarqué que quand je cherche sur google, il m'amene sur des sites comme Search20 et etc...
donc voila le rapport de HiJackThis ;)
----------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 17:24:36, on 2009-01-25
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Running processes:
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Realtek\8192U Wireless LAN Utility\RtlService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Realtek\8192U Wireless LAN Utility\RtWlan.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\twex.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\frmwrk32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DNA\btdna.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Northstar\SmartCopy\SmartCopy.exe
C:\Program Files\Northstar\SmartLauncher\SmartLauncher.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\PhotoFiltre\PhotoFiltre.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\So\Desktop\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c0c&s=1&o=vp32&d=1208&m=aspire_m1201
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0c0c&s=1&o=vp32&d=1208&m=aspire_m1201
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Windows\system32\twex.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Steam] "d:\jeux\steam\steam.exe" -silent
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: SmartCopy.lnk = C:\Program Files\Northstar\SmartCopy\SmartCopy.exe
O4 - Global Startup: SmartLauncher.lnk = C:\Program Files\Northstar\SmartLauncher\SmartLauncher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\jeux\Party Poker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\jeux\Party Poker\PartyPoker\RunApp.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_1_0_4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBAE113B-CFC0-424D-909A-A2A23B821FBF}: NameServer = 24.200.243.189,24.201.245.77,24.200.241.37
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\system32\c00517F2.mat
O20 - Winlogon Notify: c00517F2 - C:\Windows\SYSTEM32\c00517F2.mat
O20 - Winlogon Notify: sys32 - sys32.dll (file missing)
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Realtek92U - Realtek - C:\Program Files\Realtek\8192U Wireless LAN Utility\RtlService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
je suis quand même bon en ordi mais la je m'y perd loll! :P
Merci
A voir également:
- Antivirus XP Pro, comment l'enlever !?
- Cle windows xp - Guide
- Enlever pub youtube - Accueil - Streaming
- Ccleaner pro gratuit - Télécharger - Optimisation
- Comodo antivirus - Télécharger - Sécurité
- Cool edit pro - Télécharger - Édition & Montage
26 réponses
COMBOFIX
ComboFix 09-01-21.04 - So 2009-01-25 21:57:32.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.2164 [GMT -5:00]
Lancé depuis: c:\users\So\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)
.
[i] ADS - Windows: deleted 48 bytes in 1 streams. /i
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Bobby\AppData\Roaming\.#
c:\windows\System32\303350.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\senekawupbyvid.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\senekaftcotbed.dll
c:\windows\system32\senekaihvoegow.dll
c:\windows\system32\senekamoccdpft.dat
c:\windows\system32\senekavgiuiicn.dat
c:\windows\system32\SrchSTS.exe
c:\windows\system32\test.ttt
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\win32hlp.cnf
c:\windows\system32\WS2Fix.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat . . . . impossible à supprimer
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat . . . . impossible à supprimer
----- BITS: Il y a peut-être des sites infectés -----
hxxp://kakoitodomen.com
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SENEKA
-------\Service_SENEKA
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-26 au 2009-01-26 ))))))))))))))))))))))))))))))))))))
.
2009-01-25 22:01 . 2009-01-25 22:01 1,006 --a------ c:\windows\System32\senekahcptnsrf.dat
2009-01-25 22:01 . 2009-01-25 22:01 414 --a------ c:\windows\System32\senekalog.dat
2009-01-25 22:00 . 2009-01-25 22:00 0 --a------ c:\windows\System32\senekapop.dll
2009-01-25 22:00 . 2009-01-25 22:00 0 --a------ c:\windows\System32\drivers\seneka.sys
2009-01-25 21:07 . 2009-01-25 21:07 <REP> d-------- c:\users\All Users\Windows Genuine Advantage
2009-01-25 18:11 . 2009-01-25 18:11 <REP> d-------- c:\users\So\AppData\Roaming\Malwarebytes
2009-01-25 18:11 . 2009-01-25 18:11 <REP> d-------- c:\users\All Users\Malwarebytes
2009-01-25 18:11 . 2009-01-25 18:11 <REP> d-------- c:\programdata\Malwarebytes
2009-01-25 18:11 . 2009-01-25 18:11 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-25 18:11 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-25 18:11 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-25 18:00 . 2009-01-25 18:00 691 --a------ c:\users\So\AppData\Roaming\GetValue.vbs
2009-01-25 18:00 . 2009-01-25 18:00 35 --a------ c:\users\So\AppData\Roaming\SetValue.bat
2009-01-24 12:57 . 2009-01-25 20:03 <REP> d--hs---- c:\windows\System32\twain32
2009-01-24 12:57 . 2009-01-24 12:57 94,208 --a------ c:\windows\System32\winlogon2.exe
2009-01-23 16:56 . 2009-01-23 16:56 0 --a------ c:\windows\System32\drivers\senekannplmype.sys
2009-01-23 13:05 . 2009-01-23 13:05 41,472 --a------ c:\windows\System32\chert6-303350.exe
2009-01-23 13:05 . 2009-01-23 13:05 41,472 --a------ c:\windows\Jnabexemexiz.dll
2009-01-23 13:02 . 2009-01-23 13:03 <REP> d-------- c:\users\Bobby\AppData\Roaming\ForgottenRiddles
2009-01-20 00:05 . 2009-01-20 00:05 <REP> d-------- c:\users\All Users\Awem
2009-01-20 00:05 . 2009-01-20 00:05 <REP> d-------- c:\programdata\Awem
2009-01-18 17:43 . 2009-01-18 17:43 <REP> d-------- c:\windows\System32\REALTEK RTL8192U Wireless LAN Driver and Utility
2009-01-18 17:43 . 2009-01-18 17:43 <REP> d-------- c:\windows\OPTIONS
2009-01-18 17:43 . 2008-06-30 08:14 410,624 -ra------ c:\windows\System32\drivers\rtl8192u.sys
2009-01-18 17:43 . 2007-04-23 10:50 25,896 --a------ c:\windows\System32\drivers\RtlProt.sys
2009-01-17 23:26 . 2009-01-17 23:26 <REP> d-------- c:\users\Jeux\Gros jeux
2009-01-17 23:26 . 2009-01-18 21:59 <REP> dr------- c:\users\Jeux
2009-01-17 21:42 . 2009-01-17 21:42 <REP> d-------- c:\users\Bobby\AppData\Roaming\Incredible Ink
2009-01-17 21:28 . 2005-11-07 19:14 802,816 --a------ c:\windows\FeedingFrenzy.scr
2009-01-17 20:59 . 2009-01-17 20:59 <REP> d-------- c:\users\Bobby\AppData\Roaming\EA
2009-01-17 20:58 . 2009-01-17 20:58 <REP> d-------- c:\users\All Users\EA
2009-01-17 20:58 . 2009-01-17 20:58 <REP> d-------- c:\programdata\EA
2009-01-17 20:55 . 2009-01-17 20:55 <REP> d-------- c:\users\Bobby\AppData\Roaming\funkitron
2009-01-17 20:40 . 2009-01-17 20:40 16 --a------ c:\windows\popcinfo.dat
2009-01-17 20:35 . 2009-01-17 21:30 <REP> d-------- c:\program files\GameHouse
2009-01-17 20:35 . 2005-08-03 13:48 389,120 --a------ c:\windows\System32\Adventure Inlay.scr
2009-01-17 20:31 . 2009-01-17 20:31 <REP> d-------- c:\windows\The Tuttles - Madcap Misadventures
2009-01-17 20:28 . 2009-01-17 20:28 <REP> d--hs---- c:\windows\ftpcache
2009-01-17 20:24 . 2009-01-17 20:24 <REP> d-------- c:\windows\Snowy Treasure Hunter 3
2009-01-17 20:23 . 2009-01-17 20:23 <REP> d-------- c:\windows\Sir Arthur in the Dragonland
2009-01-17 20:22 . 2009-01-17 20:22 <REP> d-------- c:\windows\Secrets Of Great Art
2009-01-17 20:19 . 2009-01-17 20:19 <REP> d-------- c:\windows\Paradise Pet Salon
2009-01-17 20:17 . 2009-01-17 20:17 <REP> d-------- c:\windows\The Treasures Of Montezuma
2009-01-17 20:17 . 2009-01-17 20:17 <REP> d-------- c:\windows\Mysteryville
2009-01-17 20:13 . 2009-01-17 20:13 <REP> d-------- c:\windows\Mystery in London
2009-01-17 19:57 . 2009-01-17 19:57 <REP> d-------- c:\windows\Little Shop - Big City
2009-01-17 19:55 . 2009-01-17 19:55 <REP> d-------- c:\windows\Hidden Secrets - The Nightmare
2009-01-17 19:50 . 2009-01-17 19:50 <REP> d-------- c:\windows\Hidden Expedition - Everest
2009-01-17 19:49 . 2009-01-17 19:49 <REP> d-------- c:\users\Bobby\AppData\Roaming\GameHouse
2009-01-17 19:47 . 2009-01-17 19:47 <REP> d-------- c:\windows\Forgotten Riddles - The Mayan Princess
2009-01-17 19:42 . 2009-01-17 19:42 <REP> d-------- c:\windows\Dream Day - First Home
2009-01-17 19:40 . 2009-01-17 19:40 125 --a------ C:\ioSpecial.ini
2009-01-17 19:39 . 2009-01-17 19:39 <REP> d-------- c:\windows\Dream Chronicles
2009-01-17 19:37 . 2009-01-17 19:37 <REP> d-------- c:\users\Bobby\AppData\Roaming\CaribbeanHideaway
2009-01-17 19:36 . 2009-01-17 19:36 4,096 --a------ c:\windows\d3dx.dat
2009-01-17 19:05 . 2009-01-17 19:05 <REP> d-------- c:\users\All Users\SpinTop Games
2009-01-17 19:05 . 2009-01-17 19:05 <REP> d-------- c:\programdata\SpinTop Games
2009-01-17 19:02 . 2009-01-17 19:02 <REP> d-------- c:\users\All Users\Trymedia
2009-01-17 19:02 . 2009-01-17 19:02 <REP> d-------- c:\programdata\Trymedia
2009-01-15 22:36 . 2009-01-15 22:36 <REP> d-------- c:\users\Bobby\AppData\Roaming\PlayFirst
2009-01-15 22:36 . 2009-01-15 22:36 <REP> d-------- c:\users\All Users\PlayFirst
2009-01-15 22:36 . 2009-01-15 22:36 <REP> d-------- c:\programdata\PlayFirst
2009-01-15 22:34 . 2009-01-15 22:34 <REP> d-------- c:\program files\ReflexiveArcade
2009-01-15 22:28 . 2009-01-15 22:28 <REP> d-------- c:\windows\Mahjong Fortuna 2 Deluxe
2009-01-15 22:22 . 2009-01-15 22:22 <REP> d-------- c:\windows\Build A Lot
2009-01-15 22:17 . 2009-01-17 19:11 <REP> d-------- c:\program files\BFG
2009-01-14 19:18 . 2009-01-14 19:18 <REP> d-------- c:\program files\MSECache
2009-01-14 19:18 . 2009-01-14 19:18 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
2009-01-14 18:12 . 2009-01-14 18:12 <REP> d-------- c:\users\Bobby\AppData\Roaming\eSobi
2009-01-14 16:30 . 2009-01-14 16:30 <REP> d-------- c:\users\Bobby\AppData\Roaming\FloodLightGames
2009-01-14 16:16 . 2009-01-14 16:16 <REP> d-------- c:\users\Public\MediaServer
2009-01-14 13:15 . 2008-12-15 21:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-13 20:25 . 2009-01-13 20:26 <REP> d-------- c:\program files\SopCast
2009-01-13 20:23 . 2009-01-13 20:24 <REP> d-------- c:\users\Bobby\AppData\Roaming\vlc
2009-01-13 20:23 . 2009-01-13 20:23 <REP> d-------- c:\program files\VideoLAN
2009-01-11 20:21 . 2009-01-11 20:21 <REP> d-------- c:\windows\Prefs
2009-01-09 21:05 . 2009-01-09 21:05 <REP> d-------- c:\users\So\AppData\Roaming\Atari
2009-01-09 05:10 . 2008-12-13 01:23 1,659,392 --a------ c:\windows\System32\mshtml.tlb
2009-01-09 00:28 . 2009-01-09 00:28 <REP> d-------- c:\windows\System32\briblo dir
2009-01-09 00:28 . 2009-01-09 00:29 2,841,342 --a------ c:\windows\Bacura.exe
2009-01-09 00:28 . 2009-01-09 00:28 532,480 --a------ c:\windows\System32\briblo.scr
2009-01-09 00:28 . 2009-01-09 00:29 402,208 --a------ c:\windows\Bacura.scr
2009-01-09 00:28 . 2009-01-09 00:29 29,696 --a------ c:\windows\mickey32.dll
2009-01-09 00:25 . 2009-01-09 00:25 <REP> d-------- c:\program files\Mickey Mouse
2009-01-08 23:45 . 2009-01-08 23:45 102,400 --a------ c:\windows\DreamAquarium.scr
2009-01-08 23:27 . 2009-01-09 00:25 <REP> d-------- c:\windows\System32\FLIQLO dir
2009-01-08 23:27 . 2009-01-08 23:27 <REP> d-------- c:\program files\Liquid Screen Saver
2009-01-08 23:27 . 2009-01-09 00:21 <REP> d-------- c:\program files\Dream Aquarium
2009-01-08 23:27 . 2009-01-08 23:27 532,480 --a------ c:\windows\System32\FLIQLO.scr
2009-01-07 20:01 . 2009-01-25 22:33 <REP> d-------- c:\users\So\AppData\Roaming\DNA
2009-01-06 20:06 . 2009-01-06 20:06 <REP> d-------- c:\users\All Users\ma-config.com
2009-01-06 20:06 . 2009-01-06 20:06 <REP> d-------- c:\programdata\ma-config.com
2009-01-06 20:06 . 2009-01-06 20:07 <REP> d-------- c:\program files\ma-config.com
2009-01-06 19:34 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2009-01-06 19:33 . 2009-01-06 19:33 <REP> d-------- c:\windows\System32\RTCOM
2009-01-06 19:32 . 2009-01-18 17:43 <REP> d-------- c:\program files\Realtek
2009-01-06 19:22 . 2009-01-06 19:37 <REP> d--h----- c:\program files\Temp
2009-01-06 18:02 . 2009-01-06 18:02 <REP> d-------- c:\users\All Users\NetZero
2009-01-06 18:02 . 2009-01-06 18:02 <REP> d-------- c:\programdata\NetZero
2009-01-06 13:43 . 2009-01-06 13:43 <REP> d-------- c:\users\All Users\Recisio
2009-01-06 13:43 . 2009-01-06 13:43 <REP> d-------- c:\programdata\Recisio
2009-01-06 13:43 . 2009-01-06 13:43 <REP> d-------- c:\program files\KaraFun
2009-01-06 00:10 . 2009-01-06 00:10 <REP> d-------- c:\program files\GXTranscoderv5
2009-01-04 17:04 . 2009-01-04 17:27 <REP> d-------- c:\program files\Audacity
2009-01-02 15:12 . 2009-01-02 16:03 <REP> d-------- c:\users\Bobby\AppData\Roaming\Vso
2009-01-02 15:12 . 2009-01-02 15:12 <REP> d-------- c:\program files\vso
2009-01-02 15:12 . 2009-01-02 15:12 81,920 --a------ c:\users\Bobby\AppData\Roaming\ezpinst.exe
2009-01-02 15:12 . 2009-01-02 15:12 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2009-01-02 15:12 . 2009-01-02 15:12 47,360 --a------ c:\users\Bobby\AppData\Roaming\pcouffin.sys
2008-12-30 16:48 . 2008-12-30 16:48 <REP> d-------- c:\users\All Users\SlySoft
2008-12-30 16:48 . 2008-12-30 16:48 <REP> d-------- c:\programdata\SlySoft
2008-12-30 16:45 . 2008-12-30 16:45 <REP> d-------- c:\program files\SlySoft
2008-12-29 18:08 . 2008-12-29 18:08 <REP> d-------- c:\users\All Users\Elaborate Bytes
2008-12-29 18:08 . 2008-12-29 18:08 <REP> d-------- c:\programdata\Elaborate Bytes
2008-12-29 16:06 . 2008-12-29 16:06 103,360 --a------ c:\windows\System32\drivers\AnyDVD.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-26 03:33 --------- d-----w c:\program files\DNA
2009-01-26 02:56 35,840 ------w c:\windows\System32\senekaihvoegow.dll
2009-01-26 01:57 --------- d-----w c:\program files\isoHunt
2009-01-24 23:52 --------- d-----w c:\users\Bobby\AppData\Roaming\DNA
2009-01-23 18:01 --------- d---a-w c:\programdata\TEMP
2009-01-20 07:31 --------- d-----w c:\users\Bobby\AppData\Roaming\LimeWire
2009-01-19 22:21 --------- d-----w c:\program files\Common Files\Steam
2009-01-18 22:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-16 15:26 --------- d-----w c:\users\Bobby\AppData\Roaming\BitTorrent
2009-01-14 23:22 --------- d-----w c:\programdata\Microsoft Help
2009-01-14 23:22 --------- d-----w c:\program files\Windows Mail
2009-01-14 23:12 --------- d-----w c:\programdata\eSobi
2009-01-07 00:32 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-01-06 18:35 --------- d-----w c:\program files\MediaCoder
2008-12-29 23:08 --------- d-----w c:\program files\Elaborate Bytes
2008-12-26 23:13 965,664 ----a-w c:\windows\System32\RtkPgExt.dll
2008-12-26 23:13 44,064 ----a-w c:\windows\System32\RtkCoInst.dll
2008-12-26 23:12 322,080 ----a-w c:\windows\System32\RtkApoApi.dll
2008-12-26 23:12 2,510,368 ----a-w c:\windows\System32\RtkAPO.dll
2008-12-26 22:26 2,259,296 ----a-w c:\windows\system32\drivers\RTKVHDA.sys
2008-12-26 04:05 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-20 02:07 --------- d-----w c:\program files\Chuzzle Deluxe
2008-12-20 01:39 --------- d-----w c:\users\So\AppData\Roaming\Leadertech
2008-12-20 01:39 --------- d-----w c:\users\So\AppData\Roaming\ATI
2008-12-20 01:39 --------- d-----w c:\users\So\AppData\Roaming\Acer
2008-12-18 14:13 --------- d-----w c:\program files\LimeWire
2008-12-18 13:06 --------- d-----w c:\program files\Google
2008-12-16 23:15 --------- d-----w c:\program files\Bonjour
2008-12-16 21:55 --------- d-----w c:\program files\MagicISO
2008-12-15 21:14 --------- d-----w c:\program files\Conduit
2008-12-13 02:08 --------- d-----w c:\users\Bobby\AppData\Roaming\PeerNetworking
2008-12-12 16:33 --------- d-----w c:\programdata\TrackMania United
2008-12-12 16:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 16:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-12-12 08:03 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-11 14:51 --------- d-----w c:\program files\Xvid
2008-12-11 14:40 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-11 13:23 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-12-10 17:54 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-10 17:54 --------- d-----w c:\program files\Java
2008-12-10 06:47 --------- d-----w c:\users\Bobby\AppData\Roaming\Atari
2008-12-10 06:18 --------- d-----w c:\program files\ESET
2008-12-10 05:51 --------- d-----w c:\program files\Common Files\Java
2008-12-10 01:09 --------- d-----w c:\users\Bobby\AppData\Roaming\My Games
2008-12-09 23:14 --------- d-----w c:\program files\PowerISO
2008-12-09 22:58 --------- d-----w c:\program files\Common Files\PocketSoft
2008-12-09 21:07 --------- d-----w c:\program files\Alcohol Soft
2008-12-09 21:05 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-09 21:04 --------- d-----w c:\program files\Common Files\Adobe
2008-12-08 06:03 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-08 04:08 --------- d-----w c:\program files\Common Files\Motorola Shared
2008-12-08 00:41 2,829 ----a-w c:\windows\DIIUnin.pif
2008-12-08 00:41 102,400 ----a-w c:\windows\DIIUnin.exe
2008-12-07 23:55 --------- d-----w c:\program files\MSBuild
2008-12-07 23:52 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-12-07 21:29 --------- d-----w c:\users\Bobby\AppData\Roaming\CyberLink
2008-12-07 21:29 --------- d-----w c:\programdata\CyberLink
2008-12-07 21:29 --------- d-----w c:\program files\Common Files\SWF Studio
2008-12-07 21:17 --------- d-----w c:\program files\BitTorrent
2008-12-07 20:38 --------- d-----w c:\programdata\Messenger Plus!
2008-12-07 03:25 --------- d-----w c:\program files\Microsoft Works
2008-12-07 03:08 --------- d-----w c:\program files\PhotoFiltre
2008-12-07 02:47 --------- d-----w c:\program files\Windows Live
2008-12-07 02:47 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-07 02:46 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-07 02:45 --------- d-----w c:\programdata\WLInstaller
2008-12-07 02:01 --------- d-----w c:\users\Bobby\AppData\Roaming\Apple Computer
2008-12-07 02:00 --------- d-----w c:\programdata\Apple Computer
2008-12-07 02:00 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-07 02:00 --------- d-----w c:\program files\iTunes
2008-12-07 02:00 --------- d-----w c:\program files\iPod
2008-12-07 02:00 --------- d-----w c:\program files\Common Files\Apple
2008-12-07 01:59 --------- d-----w c:\programdata\Apple
2008-12-07 01:59 --------- d-----w c:\program files\QuickTime
2008-12-07 01:59 --------- d-----w c:\program files\Apple Software Update
2008-12-07 01:54 --------- d-----w c:\programdata\McAfee
2008-12-07 01:45 --------- d-----w c:\programdata\SiteAdvisor
2008-12-07 01:40 512,096 ----a-w c:\windows\system32\drivers\amon.sys
2008-12-07 01:40 298,104 ----a-w c:\windows\System32\imon.dll
2008-12-07 01:40 15,424 ----a-w c:\windows\system32\drivers\nod32drv.sys
2008-12-07 01:11 --------- d-----w c:\program files\MSXML 4.0
2008-12-07 01:10 --------- d-----w c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-12-07 01:09 --------- d-----w c:\program files\Acer Incorporated
2008-12-07 01:08 --------- d-----w c:\program files\Northstar
2008-12-07 01:06 --------- d-----w c:\users\Bobby\AppData\Roaming\InstallShield
2008-12-07 01:04 --------- d-----w c:\program files\DIFX
2008-12-07 01:03 --------- d-----w c:\users\Bobby\AppData\Roaming\ATI
2008-12-07 01:03 --------- d-----w c:\users\Bobby\AppData\Roaming\Acer
2008-12-07 01:03 --------- d-----w c:\programdata\ATI
2008-12-07 01:03 --------- d-----w c:\program files\YUAN
2008-12-07 01:02 --------- d-----w c:\users\Bobby\AppData\Roaming\Leadertech
2008-12-07 00:57 --------- d-----w c:\program files\Acer
2008-12-07 00:53 --------- d-sh--w c:\programdata\Modèles
2008-12-07 00:53 --------- d-sh--w c:\programdata\Menu Démarrer
2008-12-07 00:53 --------- d-sh--w c:\programdata\Favoris
2008-12-07 00:53 --------- d-sh--w c:\programdata\Bureau
2008-12-07 00:53 --------- d-sh--w c:\program files\Fichiers communs
2008-12-06 20:47 --------- d-----w c:\program files\ATI Technologies
2008-12-06 20:46 --------- d-----w c:\program files\ATI
2008-12-06 20:45 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
2008-11-23 23:03 1784856 --a------ c:\program files\isoHunt\tbisoH.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbisoH.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= "c:\program files\isoHunt\tbisoH.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-15 342848]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-20 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-22 203720]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-12-29 2489280]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-06 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-06 949376]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-26 6707744]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SmartCopy.lnk - c:\program files\Northstar\SmartCopy\SmartCopy.exe [2008-12-06 319488]
SmartLauncher.lnk - c:\program files\Northstar\SmartLauncher\SmartLauncher.exe [2008-12-06 335872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{97131409-7267-47F7-A01C-175F514F0AEA}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{C476C174-0822-43AB-A0DB-F4775F70C806}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{D8D07BA7-CBAD-47CF-9758-5928BBEC2634}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{D4920BF4-1F12-49CB-827B-DC05B760F7F4}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{E9C6389F-CA52-4A11-B521-FD68D9D53C16}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{BDDE978D-324E-4920-A3B6-B145E9AA7E55}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{1FD570ED-38D8-4D88-BDD9-CAA6F909D85C}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{8AE22B3C-2666-4D3C-A275-B060F02B19F9}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{8AC9FA06-A713-4F72-8A82-2AA054715D28}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{4903336C-D69C-4292-9B06-6A930E36E932}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{E75465E3-8DEB-4317-A7AA-0698188A85E9}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{E1D148F8-035E-48CF-8C18-577BFEF73578}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{15BFA03F-08AE-4AD5-BE4D-32B9AEFE1FD5}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{344F6738-CC79-4EF2-B795-D493399AC38D}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{39F41C93-0425-4E4C-807E-30AE6939389F}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{E9BF821B-028E-4E19-B55C-8A52DCC46E32}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EA2B0365-5F5C-4194-860E-7A9CFFE9F8A7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{725D1786-4C49-4D88-83A8-608FC1C17F59}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BEC730BE-0CA7-4021-B35C-BAFBAC0B1DE0}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{37EDD29B-FC53-4FC8-B3FD-DB47396C547A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{24237328-5D95-40DD-9058-71F88431F8B7}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{393DB1C7-0008-42B5-AE37-83826A8D8D71}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{68FA0931-5D66-4CA5-9883-D23CBD769BF2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{84CCB58C-3517-412D-BAA2-E8B833E19E33}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{956CCF47-F1A8-49C2-835C-87E3EB4B1928}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{540ECB0F-E0BD-457C-B48B-D68FBD19A1D3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{036CC320-1183-4B1F-B453-FE3A1C193417}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{A46FAEC8-2AF7-45FD-A08D-6C7BA643D4FA}d:\\jeux\\steam\\steamapps\\bobbyseguin\\counter-strike source\\hl2.exe"= UDP:d:\jeux\steam\steamapps\bobbyseguin\counter-strike source\hl2.exe:hl2
"UDP Query User{B193A30A-0E33-4641-8295-7C6D0912D27C}d:\\jeux\\steam\\steamapps\\bobbyseguin\\counter-strike source\\hl2.exe"= TCP:d:\jeux\steam\steamapps\bobbyseguin\counter-strike source\hl2.exe:hl2
"{34D0FE7F-919F-45F4-A782-975D047E0A70}"= UDP:d:\jeux\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{5F94CBD8-9B1A-4440-B99A-91A4AC5781F7}"= TCP:d:\jeux\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{DBF9BD83-1BE8-48F1-912C-44CB5D53E56E}d:\\jeux\\trackmania united\\tmunited.exe"= UDP:d:\jeux\trackmania united\tmunited.exe:TmUnited
"UDP Query User{B05F55F8-7074-4787-8394-256F9F90ABC1}d:\\jeux\\trackmania united\\tmunited.exe"= TCP:d:\jeux\trackmania united\tmunited.exe:TmUnited
"{CEC4F8FF-08E1-43E6-9B29-59BBFED9392D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FF547C1F-4AC6-4AFB-B151-28A537AA270F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{42BC2104-EBA0-4311-B293-B69CD331F569}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E7CF281A-7252-4549-85C4-BD9B9E79C63B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{F4055F0F-FCDC-4F98-BC48-3F02CC04B57D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{93A34AA9-26F3-43F1-A5FA-81A3D42D8630}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{BEBBA3AA-0275-4AFE-AE9E-86165DD7F525}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{E0315D0E-A714-49A9-82B3-D326654E99ED}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{39656600-3496-4852-B673-E6D3F91C9D96}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{227632AE-9D9F-462F-AC51-A5E5D48F3488}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{0847679A-C093-46F2-B267-7C4A6E424FBF}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{734693EF-C188-4B8F-9A23-169DEAF97F9A}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{4467C229-CF11-4652-A5A1-B93037A85E58}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{33CC879C-3DBD-43F1-A101-34E12D53EC6F}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"{9A3EDDB8-E73F-4E08-99D0-C2A5ED0C0389}"= UDP:c:\program files\Realtek\8192U Wireless LAN Utility\RtWLan.exe:RtWlan
"{EB85DE8F-5605-4ED7-9702-6CE4B963B984}"= TCP:c:\program files\Realtek\8192U Wireless LAN Utility\RtWLan.exe:RtWlan
"{B34D67A7-A960-4B75-A5F0-0E83F6953A8F}"= UDP:1542:Realtek WPS TCP Prot
"{EA5F6B7A-94E6-4936-A161-3BED93AFBC61}"= TCP:1542:Realtek WPS UDP Prot
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 nod32drv;nod32drv;c:\windows\System32\drivers\nod32drv.sys [2008-12-06 15424]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [2009-01-18 25896]
R4 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-08-20 269448]
R4 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R4 Realtek92U;Realtek92U;c:\program files\Realtek\8192U Wireless LAN Utility\RtlService.exe [2009-01-18 36864]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
S3 MotDev;Motorola Inc. USB Device;c:\windows\System32\drivers\motodrv.sys [2006-12-14 40832]
S3 RTL8192U;Realtek RTL8192u 802.11n Wireless LAN USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8192u.sys [2009-01-18 410624]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - sptd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c5b0947-c635-11dd-a5fb-002268054185}]
\shell\AutoRun\command - Z:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c5b1019-c3d6-11dd-8fd2-806e6f6e6963}]
\shell\AutoRun\command - E:\CdAutoRun.exe
.
Contenu du dossier 'Tâches planifiées'
2009-01-26 c:\windows\Tasks\User_Feed_Synchronization-{C237E80D-5B3C-4342-8DC8-D04FE6BB0076}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 05:05]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-P2kAutostart - (no file)
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {FBAE113B-CFC0-424D-909A-A2A23B821FBF} = 24.200.243.189,24.201.245.77,24.200.241.37
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://ma-config.com/activex/hardwaredetection_3_1_0_4.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 22:34:01
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\So\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\program files\ESET\nod32krn.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Realtek\8192U Wireless LAN Utility\RtWLan.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2009-01-25 22:35:53 - La machine a redémarré [So]
ComboFix-quarantined-files.txt 2009-01-26 03:35:50
Avant-CF: 11,576,070,144 octets libres
Après-CF: 11,623,665,664 octets libres
440 --- E O F --- 2009-01-22 21:10:38
HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 22:38:33, on 2009-01-25
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Northstar\SmartCopy\SmartCopy.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Northstar\SmartLauncher\SmartLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\So\Desktop\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: SmartCopy.lnk = C:\Program Files\Northstar\SmartCopy\SmartCopy.exe
O4 - Global Startup: SmartLauncher.lnk = C:\Program Files\Northstar\SmartLauncher\SmartLauncher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\jeux\Party Poker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\jeux\Party Poker\PartyPoker\RunApp.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_1_0_4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBAE113B-CFC0-424D-909A-A2A23B821FBF}: NameServer = 24.200.243.189,24.201.245.77,24.200.241.37
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Realtek92U - Realtek - C:\Program Files\Realtek\8192U Wireless LAN Utility\RtlService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
ComboFix 09-01-21.04 - So 2009-01-25 21:57:32.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.3070.2164 [GMT -5:00]
Lancé depuis: c:\users\So\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)
.
[i] ADS - Windows: deleted 48 bytes in 1 streams. /i
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Bobby\AppData\Roaming\.#
c:\windows\System32\303350.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\drivers\senekawupbyvid.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\senekaftcotbed.dll
c:\windows\system32\senekaihvoegow.dll
c:\windows\system32\senekamoccdpft.dat
c:\windows\system32\senekavgiuiicn.dat
c:\windows\system32\SrchSTS.exe
c:\windows\system32\test.ttt
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\win32hlp.cnf
c:\windows\system32\WS2Fix.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat . . . . impossible à supprimer
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat . . . . impossible à supprimer
----- BITS: Il y a peut-être des sites infectés -----
hxxp://kakoitodomen.com
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SENEKA
-------\Service_SENEKA
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-26 au 2009-01-26 ))))))))))))))))))))))))))))))))))))
.
2009-01-25 22:01 . 2009-01-25 22:01 1,006 --a------ c:\windows\System32\senekahcptnsrf.dat
2009-01-25 22:01 . 2009-01-25 22:01 414 --a------ c:\windows\System32\senekalog.dat
2009-01-25 22:00 . 2009-01-25 22:00 0 --a------ c:\windows\System32\senekapop.dll
2009-01-25 22:00 . 2009-01-25 22:00 0 --a------ c:\windows\System32\drivers\seneka.sys
2009-01-25 21:07 . 2009-01-25 21:07 <REP> d-------- c:\users\All Users\Windows Genuine Advantage
2009-01-25 18:11 . 2009-01-25 18:11 <REP> d-------- c:\users\So\AppData\Roaming\Malwarebytes
2009-01-25 18:11 . 2009-01-25 18:11 <REP> d-------- c:\users\All Users\Malwarebytes
2009-01-25 18:11 . 2009-01-25 18:11 <REP> d-------- c:\programdata\Malwarebytes
2009-01-25 18:11 . 2009-01-25 18:11 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-25 18:11 . 2009-01-14 16:11 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-01-25 18:11 . 2009-01-14 16:11 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-01-25 18:00 . 2009-01-25 18:00 691 --a------ c:\users\So\AppData\Roaming\GetValue.vbs
2009-01-25 18:00 . 2009-01-25 18:00 35 --a------ c:\users\So\AppData\Roaming\SetValue.bat
2009-01-24 12:57 . 2009-01-25 20:03 <REP> d--hs---- c:\windows\System32\twain32
2009-01-24 12:57 . 2009-01-24 12:57 94,208 --a------ c:\windows\System32\winlogon2.exe
2009-01-23 16:56 . 2009-01-23 16:56 0 --a------ c:\windows\System32\drivers\senekannplmype.sys
2009-01-23 13:05 . 2009-01-23 13:05 41,472 --a------ c:\windows\System32\chert6-303350.exe
2009-01-23 13:05 . 2009-01-23 13:05 41,472 --a------ c:\windows\Jnabexemexiz.dll
2009-01-23 13:02 . 2009-01-23 13:03 <REP> d-------- c:\users\Bobby\AppData\Roaming\ForgottenRiddles
2009-01-20 00:05 . 2009-01-20 00:05 <REP> d-------- c:\users\All Users\Awem
2009-01-20 00:05 . 2009-01-20 00:05 <REP> d-------- c:\programdata\Awem
2009-01-18 17:43 . 2009-01-18 17:43 <REP> d-------- c:\windows\System32\REALTEK RTL8192U Wireless LAN Driver and Utility
2009-01-18 17:43 . 2009-01-18 17:43 <REP> d-------- c:\windows\OPTIONS
2009-01-18 17:43 . 2008-06-30 08:14 410,624 -ra------ c:\windows\System32\drivers\rtl8192u.sys
2009-01-18 17:43 . 2007-04-23 10:50 25,896 --a------ c:\windows\System32\drivers\RtlProt.sys
2009-01-17 23:26 . 2009-01-17 23:26 <REP> d-------- c:\users\Jeux\Gros jeux
2009-01-17 23:26 . 2009-01-18 21:59 <REP> dr------- c:\users\Jeux
2009-01-17 21:42 . 2009-01-17 21:42 <REP> d-------- c:\users\Bobby\AppData\Roaming\Incredible Ink
2009-01-17 21:28 . 2005-11-07 19:14 802,816 --a------ c:\windows\FeedingFrenzy.scr
2009-01-17 20:59 . 2009-01-17 20:59 <REP> d-------- c:\users\Bobby\AppData\Roaming\EA
2009-01-17 20:58 . 2009-01-17 20:58 <REP> d-------- c:\users\All Users\EA
2009-01-17 20:58 . 2009-01-17 20:58 <REP> d-------- c:\programdata\EA
2009-01-17 20:55 . 2009-01-17 20:55 <REP> d-------- c:\users\Bobby\AppData\Roaming\funkitron
2009-01-17 20:40 . 2009-01-17 20:40 16 --a------ c:\windows\popcinfo.dat
2009-01-17 20:35 . 2009-01-17 21:30 <REP> d-------- c:\program files\GameHouse
2009-01-17 20:35 . 2005-08-03 13:48 389,120 --a------ c:\windows\System32\Adventure Inlay.scr
2009-01-17 20:31 . 2009-01-17 20:31 <REP> d-------- c:\windows\The Tuttles - Madcap Misadventures
2009-01-17 20:28 . 2009-01-17 20:28 <REP> d--hs---- c:\windows\ftpcache
2009-01-17 20:24 . 2009-01-17 20:24 <REP> d-------- c:\windows\Snowy Treasure Hunter 3
2009-01-17 20:23 . 2009-01-17 20:23 <REP> d-------- c:\windows\Sir Arthur in the Dragonland
2009-01-17 20:22 . 2009-01-17 20:22 <REP> d-------- c:\windows\Secrets Of Great Art
2009-01-17 20:19 . 2009-01-17 20:19 <REP> d-------- c:\windows\Paradise Pet Salon
2009-01-17 20:17 . 2009-01-17 20:17 <REP> d-------- c:\windows\The Treasures Of Montezuma
2009-01-17 20:17 . 2009-01-17 20:17 <REP> d-------- c:\windows\Mysteryville
2009-01-17 20:13 . 2009-01-17 20:13 <REP> d-------- c:\windows\Mystery in London
2009-01-17 19:57 . 2009-01-17 19:57 <REP> d-------- c:\windows\Little Shop - Big City
2009-01-17 19:55 . 2009-01-17 19:55 <REP> d-------- c:\windows\Hidden Secrets - The Nightmare
2009-01-17 19:50 . 2009-01-17 19:50 <REP> d-------- c:\windows\Hidden Expedition - Everest
2009-01-17 19:49 . 2009-01-17 19:49 <REP> d-------- c:\users\Bobby\AppData\Roaming\GameHouse
2009-01-17 19:47 . 2009-01-17 19:47 <REP> d-------- c:\windows\Forgotten Riddles - The Mayan Princess
2009-01-17 19:42 . 2009-01-17 19:42 <REP> d-------- c:\windows\Dream Day - First Home
2009-01-17 19:40 . 2009-01-17 19:40 125 --a------ C:\ioSpecial.ini
2009-01-17 19:39 . 2009-01-17 19:39 <REP> d-------- c:\windows\Dream Chronicles
2009-01-17 19:37 . 2009-01-17 19:37 <REP> d-------- c:\users\Bobby\AppData\Roaming\CaribbeanHideaway
2009-01-17 19:36 . 2009-01-17 19:36 4,096 --a------ c:\windows\d3dx.dat
2009-01-17 19:05 . 2009-01-17 19:05 <REP> d-------- c:\users\All Users\SpinTop Games
2009-01-17 19:05 . 2009-01-17 19:05 <REP> d-------- c:\programdata\SpinTop Games
2009-01-17 19:02 . 2009-01-17 19:02 <REP> d-------- c:\users\All Users\Trymedia
2009-01-17 19:02 . 2009-01-17 19:02 <REP> d-------- c:\programdata\Trymedia
2009-01-15 22:36 . 2009-01-15 22:36 <REP> d-------- c:\users\Bobby\AppData\Roaming\PlayFirst
2009-01-15 22:36 . 2009-01-15 22:36 <REP> d-------- c:\users\All Users\PlayFirst
2009-01-15 22:36 . 2009-01-15 22:36 <REP> d-------- c:\programdata\PlayFirst
2009-01-15 22:34 . 2009-01-15 22:34 <REP> d-------- c:\program files\ReflexiveArcade
2009-01-15 22:28 . 2009-01-15 22:28 <REP> d-------- c:\windows\Mahjong Fortuna 2 Deluxe
2009-01-15 22:22 . 2009-01-15 22:22 <REP> d-------- c:\windows\Build A Lot
2009-01-15 22:17 . 2009-01-17 19:11 <REP> d-------- c:\program files\BFG
2009-01-14 19:18 . 2009-01-14 19:18 <REP> d-------- c:\program files\MSECache
2009-01-14 19:18 . 2009-01-14 19:18 <REP> d-------- c:\program files\Microsoft Office Outlook Connector
2009-01-14 18:12 . 2009-01-14 18:12 <REP> d-------- c:\users\Bobby\AppData\Roaming\eSobi
2009-01-14 16:30 . 2009-01-14 16:30 <REP> d-------- c:\users\Bobby\AppData\Roaming\FloodLightGames
2009-01-14 16:16 . 2009-01-14 16:16 <REP> d-------- c:\users\Public\MediaServer
2009-01-14 13:15 . 2008-12-15 21:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-13 20:25 . 2009-01-13 20:26 <REP> d-------- c:\program files\SopCast
2009-01-13 20:23 . 2009-01-13 20:24 <REP> d-------- c:\users\Bobby\AppData\Roaming\vlc
2009-01-13 20:23 . 2009-01-13 20:23 <REP> d-------- c:\program files\VideoLAN
2009-01-11 20:21 . 2009-01-11 20:21 <REP> d-------- c:\windows\Prefs
2009-01-09 21:05 . 2009-01-09 21:05 <REP> d-------- c:\users\So\AppData\Roaming\Atari
2009-01-09 05:10 . 2008-12-13 01:23 1,659,392 --a------ c:\windows\System32\mshtml.tlb
2009-01-09 00:28 . 2009-01-09 00:28 <REP> d-------- c:\windows\System32\briblo dir
2009-01-09 00:28 . 2009-01-09 00:29 2,841,342 --a------ c:\windows\Bacura.exe
2009-01-09 00:28 . 2009-01-09 00:28 532,480 --a------ c:\windows\System32\briblo.scr
2009-01-09 00:28 . 2009-01-09 00:29 402,208 --a------ c:\windows\Bacura.scr
2009-01-09 00:28 . 2009-01-09 00:29 29,696 --a------ c:\windows\mickey32.dll
2009-01-09 00:25 . 2009-01-09 00:25 <REP> d-------- c:\program files\Mickey Mouse
2009-01-08 23:45 . 2009-01-08 23:45 102,400 --a------ c:\windows\DreamAquarium.scr
2009-01-08 23:27 . 2009-01-09 00:25 <REP> d-------- c:\windows\System32\FLIQLO dir
2009-01-08 23:27 . 2009-01-08 23:27 <REP> d-------- c:\program files\Liquid Screen Saver
2009-01-08 23:27 . 2009-01-09 00:21 <REP> d-------- c:\program files\Dream Aquarium
2009-01-08 23:27 . 2009-01-08 23:27 532,480 --a------ c:\windows\System32\FLIQLO.scr
2009-01-07 20:01 . 2009-01-25 22:33 <REP> d-------- c:\users\So\AppData\Roaming\DNA
2009-01-06 20:06 . 2009-01-06 20:06 <REP> d-------- c:\users\All Users\ma-config.com
2009-01-06 20:06 . 2009-01-06 20:06 <REP> d-------- c:\programdata\ma-config.com
2009-01-06 20:06 . 2009-01-06 20:07 <REP> d-------- c:\program files\ma-config.com
2009-01-06 19:34 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2009-01-06 19:33 . 2009-01-06 19:33 <REP> d-------- c:\windows\System32\RTCOM
2009-01-06 19:32 . 2009-01-18 17:43 <REP> d-------- c:\program files\Realtek
2009-01-06 19:22 . 2009-01-06 19:37 <REP> d--h----- c:\program files\Temp
2009-01-06 18:02 . 2009-01-06 18:02 <REP> d-------- c:\users\All Users\NetZero
2009-01-06 18:02 . 2009-01-06 18:02 <REP> d-------- c:\programdata\NetZero
2009-01-06 13:43 . 2009-01-06 13:43 <REP> d-------- c:\users\All Users\Recisio
2009-01-06 13:43 . 2009-01-06 13:43 <REP> d-------- c:\programdata\Recisio
2009-01-06 13:43 . 2009-01-06 13:43 <REP> d-------- c:\program files\KaraFun
2009-01-06 00:10 . 2009-01-06 00:10 <REP> d-------- c:\program files\GXTranscoderv5
2009-01-04 17:04 . 2009-01-04 17:27 <REP> d-------- c:\program files\Audacity
2009-01-02 15:12 . 2009-01-02 16:03 <REP> d-------- c:\users\Bobby\AppData\Roaming\Vso
2009-01-02 15:12 . 2009-01-02 15:12 <REP> d-------- c:\program files\vso
2009-01-02 15:12 . 2009-01-02 15:12 81,920 --a------ c:\users\Bobby\AppData\Roaming\ezpinst.exe
2009-01-02 15:12 . 2009-01-02 15:12 47,360 --a------ c:\windows\System32\drivers\pcouffin.sys
2009-01-02 15:12 . 2009-01-02 15:12 47,360 --a------ c:\users\Bobby\AppData\Roaming\pcouffin.sys
2008-12-30 16:48 . 2008-12-30 16:48 <REP> d-------- c:\users\All Users\SlySoft
2008-12-30 16:48 . 2008-12-30 16:48 <REP> d-------- c:\programdata\SlySoft
2008-12-30 16:45 . 2008-12-30 16:45 <REP> d-------- c:\program files\SlySoft
2008-12-29 18:08 . 2008-12-29 18:08 <REP> d-------- c:\users\All Users\Elaborate Bytes
2008-12-29 18:08 . 2008-12-29 18:08 <REP> d-------- c:\programdata\Elaborate Bytes
2008-12-29 16:06 . 2008-12-29 16:06 103,360 --a------ c:\windows\System32\drivers\AnyDVD.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-26 03:33 --------- d-----w c:\program files\DNA
2009-01-26 02:56 35,840 ------w c:\windows\System32\senekaihvoegow.dll
2009-01-26 01:57 --------- d-----w c:\program files\isoHunt
2009-01-24 23:52 --------- d-----w c:\users\Bobby\AppData\Roaming\DNA
2009-01-23 18:01 --------- d---a-w c:\programdata\TEMP
2009-01-20 07:31 --------- d-----w c:\users\Bobby\AppData\Roaming\LimeWire
2009-01-19 22:21 --------- d-----w c:\program files\Common Files\Steam
2009-01-18 22:43 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-16 15:26 --------- d-----w c:\users\Bobby\AppData\Roaming\BitTorrent
2009-01-14 23:22 --------- d-----w c:\programdata\Microsoft Help
2009-01-14 23:22 --------- d-----w c:\program files\Windows Mail
2009-01-14 23:12 --------- d-----w c:\programdata\eSobi
2009-01-07 00:32 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-01-06 18:35 --------- d-----w c:\program files\MediaCoder
2008-12-29 23:08 --------- d-----w c:\program files\Elaborate Bytes
2008-12-26 23:13 965,664 ----a-w c:\windows\System32\RtkPgExt.dll
2008-12-26 23:13 44,064 ----a-w c:\windows\System32\RtkCoInst.dll
2008-12-26 23:12 322,080 ----a-w c:\windows\System32\RtkApoApi.dll
2008-12-26 23:12 2,510,368 ----a-w c:\windows\System32\RtkAPO.dll
2008-12-26 22:26 2,259,296 ----a-w c:\windows\system32\drivers\RTKVHDA.sys
2008-12-26 04:05 --------- d-----w c:\program files\Microsoft Silverlight
2008-12-20 02:07 --------- d-----w c:\program files\Chuzzle Deluxe
2008-12-20 01:39 --------- d-----w c:\users\So\AppData\Roaming\Leadertech
2008-12-20 01:39 --------- d-----w c:\users\So\AppData\Roaming\ATI
2008-12-20 01:39 --------- d-----w c:\users\So\AppData\Roaming\Acer
2008-12-18 14:13 --------- d-----w c:\program files\LimeWire
2008-12-18 13:06 --------- d-----w c:\program files\Google
2008-12-16 23:15 --------- d-----w c:\program files\Bonjour
2008-12-16 21:55 --------- d-----w c:\program files\MagicISO
2008-12-15 21:14 --------- d-----w c:\program files\Conduit
2008-12-13 02:08 --------- d-----w c:\users\Bobby\AppData\Roaming\PeerNetworking
2008-12-12 16:33 --------- d-----w c:\programdata\TrackMania United
2008-12-12 16:18 87,336 ----a-w c:\windows\System32\dns-sd.exe
2008-12-12 16:11 61,440 ----a-w c:\windows\System32\dnssd.dll
2008-12-12 08:03 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-11 14:51 --------- d-----w c:\program files\Xvid
2008-12-11 14:40 --------- d-----w c:\program files\Windows Live Safety Center
2008-12-11 13:23 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-12-10 17:54 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-12-10 17:54 --------- d-----w c:\program files\Java
2008-12-10 06:47 --------- d-----w c:\users\Bobby\AppData\Roaming\Atari
2008-12-10 06:18 --------- d-----w c:\program files\ESET
2008-12-10 05:51 --------- d-----w c:\program files\Common Files\Java
2008-12-10 01:09 --------- d-----w c:\users\Bobby\AppData\Roaming\My Games
2008-12-09 23:14 --------- d-----w c:\program files\PowerISO
2008-12-09 22:58 --------- d-----w c:\program files\Common Files\PocketSoft
2008-12-09 21:07 --------- d-----w c:\program files\Alcohol Soft
2008-12-09 21:05 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-12-09 21:04 --------- d-----w c:\program files\Common Files\Adobe
2008-12-08 06:03 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-08 04:08 --------- d-----w c:\program files\Common Files\Motorola Shared
2008-12-08 00:41 2,829 ----a-w c:\windows\DIIUnin.pif
2008-12-08 00:41 102,400 ----a-w c:\windows\DIIUnin.exe
2008-12-07 23:55 --------- d-----w c:\program files\MSBuild
2008-12-07 23:52 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-12-07 21:29 --------- d-----w c:\users\Bobby\AppData\Roaming\CyberLink
2008-12-07 21:29 --------- d-----w c:\programdata\CyberLink
2008-12-07 21:29 --------- d-----w c:\program files\Common Files\SWF Studio
2008-12-07 21:17 --------- d-----w c:\program files\BitTorrent
2008-12-07 20:38 --------- d-----w c:\programdata\Messenger Plus!
2008-12-07 03:25 --------- d-----w c:\program files\Microsoft Works
2008-12-07 03:08 --------- d-----w c:\program files\PhotoFiltre
2008-12-07 02:47 --------- d-----w c:\program files\Windows Live
2008-12-07 02:47 --------- d-----w c:\program files\Messenger Plus! Live
2008-12-07 02:46 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-12-07 02:45 --------- d-----w c:\programdata\WLInstaller
2008-12-07 02:01 --------- d-----w c:\users\Bobby\AppData\Roaming\Apple Computer
2008-12-07 02:00 --------- d-----w c:\programdata\Apple Computer
2008-12-07 02:00 --------- d-----w c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-07 02:00 --------- d-----w c:\program files\iTunes
2008-12-07 02:00 --------- d-----w c:\program files\iPod
2008-12-07 02:00 --------- d-----w c:\program files\Common Files\Apple
2008-12-07 01:59 --------- d-----w c:\programdata\Apple
2008-12-07 01:59 --------- d-----w c:\program files\QuickTime
2008-12-07 01:59 --------- d-----w c:\program files\Apple Software Update
2008-12-07 01:54 --------- d-----w c:\programdata\McAfee
2008-12-07 01:45 --------- d-----w c:\programdata\SiteAdvisor
2008-12-07 01:40 512,096 ----a-w c:\windows\system32\drivers\amon.sys
2008-12-07 01:40 298,104 ----a-w c:\windows\System32\imon.dll
2008-12-07 01:40 15,424 ----a-w c:\windows\system32\drivers\nod32drv.sys
2008-12-07 01:11 --------- d-----w c:\program files\MSXML 4.0
2008-12-07 01:10 --------- d-----w c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2008-12-07 01:09 --------- d-----w c:\program files\Acer Incorporated
2008-12-07 01:08 --------- d-----w c:\program files\Northstar
2008-12-07 01:06 --------- d-----w c:\users\Bobby\AppData\Roaming\InstallShield
2008-12-07 01:04 --------- d-----w c:\program files\DIFX
2008-12-07 01:03 --------- d-----w c:\users\Bobby\AppData\Roaming\ATI
2008-12-07 01:03 --------- d-----w c:\users\Bobby\AppData\Roaming\Acer
2008-12-07 01:03 --------- d-----w c:\programdata\ATI
2008-12-07 01:03 --------- d-----w c:\program files\YUAN
2008-12-07 01:02 --------- d-----w c:\users\Bobby\AppData\Roaming\Leadertech
2008-12-07 00:57 --------- d-----w c:\program files\Acer
2008-12-07 00:53 --------- d-sh--w c:\programdata\Modèles
2008-12-07 00:53 --------- d-sh--w c:\programdata\Menu Démarrer
2008-12-07 00:53 --------- d-sh--w c:\programdata\Favoris
2008-12-07 00:53 --------- d-sh--w c:\programdata\Bureau
2008-12-07 00:53 --------- d-sh--w c:\program files\Fichiers communs
2008-12-06 20:47 --------- d-----w c:\program files\ATI Technologies
2008-12-06 20:46 --------- d-----w c:\program files\ATI
2008-12-06 20:45 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
2008-11-23 23:03 1784856 --a------ c:\program files\isoHunt\tbisoH.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a6e4a4eb-d169-4e99-8988-250fcbafe767}"= "c:\program files\isoHunt\tbisoH.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= "c:\program files\isoHunt\tbisoH.dll" [2008-11-23 1784856]
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-20 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2008-12-15 342848]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-20 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-11-22 203720]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-12-29 2489280]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-20 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-06 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-05-20 204908]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Acer Product Registration"="c:\program files\Acer\Acer Registration\ACE1.exe" [2007-11-26 3387392]
"Acer Assist Launcher"="c:\program files\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-12-06 949376]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-10 136600]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-26 6707744]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SmartCopy.lnk - c:\program files\Northstar\SmartCopy\SmartCopy.exe [2008-12-06 319488]
SmartLauncher.lnk - c:\program files\Northstar\SmartLauncher\SmartLauncher.exe [2008-12-06 335872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{97131409-7267-47F7-A01C-175F514F0AEA}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{C476C174-0822-43AB-A0DB-F4775F70C806}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{D8D07BA7-CBAD-47CF-9758-5928BBEC2634}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{D4920BF4-1F12-49CB-827B-DC05B760F7F4}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{E9C6389F-CA52-4A11-B521-FD68D9D53C16}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{BDDE978D-324E-4920-A3B6-B145E9AA7E55}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{1FD570ED-38D8-4D88-BDD9-CAA6F909D85C}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{8AE22B3C-2666-4D3C-A275-B060F02B19F9}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{8AC9FA06-A713-4F72-8A82-2AA054715D28}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{4903336C-D69C-4292-9B06-6A930E36E932}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe:SchedulerSvc.exe
"{E75465E3-8DEB-4317-A7AA-0698188A85E9}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{E1D148F8-035E-48CF-8C18-577BFEF73578}"= UDP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{15BFA03F-08AE-4AD5-BE4D-32B9AEFE1FD5}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe:BackupSvc.exe
"{344F6738-CC79-4EF2-B795-D493399AC38D}"= TCP:c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe:AgentSvc.exe
"{39F41C93-0425-4E4C-807E-30AE6939389F}"= c:\program files\Acer Arcade Live\Acer HomeMedia Trial Creator\Acer HomeMedia Trial Creator.exe:Acer HomeMedia Trial Creator
"{E9BF821B-028E-4E19-B55C-8A52DCC46E32}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EA2B0365-5F5C-4194-860E-7A9CFFE9F8A7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{725D1786-4C49-4D88-83A8-608FC1C17F59}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{BEC730BE-0CA7-4021-B35C-BAFBAC0B1DE0}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{37EDD29B-FC53-4FC8-B3FD-DB47396C547A}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{24237328-5D95-40DD-9058-71F88431F8B7}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{393DB1C7-0008-42B5-AE37-83826A8D8D71}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{68FA0931-5D66-4CA5-9883-D23CBD769BF2}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{84CCB58C-3517-412D-BAA2-E8B833E19E33}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{956CCF47-F1A8-49C2-835C-87E3EB4B1928}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{540ECB0F-E0BD-457C-B48B-D68FBD19A1D3}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{036CC320-1183-4B1F-B453-FE3A1C193417}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{A46FAEC8-2AF7-45FD-A08D-6C7BA643D4FA}d:\\jeux\\steam\\steamapps\\bobbyseguin\\counter-strike source\\hl2.exe"= UDP:d:\jeux\steam\steamapps\bobbyseguin\counter-strike source\hl2.exe:hl2
"UDP Query User{B193A30A-0E33-4641-8295-7C6D0912D27C}d:\\jeux\\steam\\steamapps\\bobbyseguin\\counter-strike source\\hl2.exe"= TCP:d:\jeux\steam\steamapps\bobbyseguin\counter-strike source\hl2.exe:hl2
"{34D0FE7F-919F-45F4-A782-975D047E0A70}"= UDP:d:\jeux\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{5F94CBD8-9B1A-4440-B99A-91A4AC5781F7}"= TCP:d:\jeux\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"TCP Query User{DBF9BD83-1BE8-48F1-912C-44CB5D53E56E}d:\\jeux\\trackmania united\\tmunited.exe"= UDP:d:\jeux\trackmania united\tmunited.exe:TmUnited
"UDP Query User{B05F55F8-7074-4787-8394-256F9F90ABC1}d:\\jeux\\trackmania united\\tmunited.exe"= TCP:d:\jeux\trackmania united\tmunited.exe:TmUnited
"{CEC4F8FF-08E1-43E6-9B29-59BBFED9392D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FF547C1F-4AC6-4AFB-B151-28A537AA270F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{42BC2104-EBA0-4311-B293-B69CD331F569}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E7CF281A-7252-4549-85C4-BD9B9E79C63B}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{F4055F0F-FCDC-4F98-BC48-3F02CC04B57D}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{93A34AA9-26F3-43F1-A5FA-81A3D42D8630}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{BEBBA3AA-0275-4AFE-AE9E-86165DD7F525}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{E0315D0E-A714-49A9-82B3-D326654E99ED}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{39656600-3496-4852-B673-E6D3F91C9D96}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{227632AE-9D9F-462F-AC51-A5E5D48F3488}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"TCP Query User{0847679A-C093-46F2-B267-7C4A6E424FBF}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{734693EF-C188-4B8F-9A23-169DEAF97F9A}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{4467C229-CF11-4652-A5A1-B93037A85E58}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{33CC879C-3DBD-43F1-A101-34E12D53EC6F}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"{9A3EDDB8-E73F-4E08-99D0-C2A5ED0C0389}"= UDP:c:\program files\Realtek\8192U Wireless LAN Utility\RtWLan.exe:RtWlan
"{EB85DE8F-5605-4ED7-9702-6CE4B963B984}"= TCP:c:\program files\Realtek\8192U Wireless LAN Utility\RtWLan.exe:RtWlan
"{B34D67A7-A960-4B75-A5F0-0E83F6953A8F}"= UDP:1542:Realtek WPS TCP Prot
"{EA5F6B7A-94E6-4936-A161-3BED93AFBC61}"= TCP:1542:Realtek WPS UDP Prot
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 nod32drv;nod32drv;c:\windows\System32\drivers\nod32drv.sys [2008-12-06 15424]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [2009-01-18 25896]
R4 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-08-20 269448]
R4 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
R4 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
R4 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R4 Realtek92U;Realtek92U;c:\program files\Realtek\8192U Wireless LAN Utility\RtlService.exe [2009-01-18 36864]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [2007-09-25 15152]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2008-12-19 195752]
S3 MotDev;Motorola Inc. USB Device;c:\windows\System32\drivers\motodrv.sys [2006-12-14 40832]
S3 RTL8192U;Realtek RTL8192u 802.11n Wireless LAN USB 2.0 Network Adapter;c:\windows\System32\drivers\rtl8192u.sys [2009-01-18 410624]
--- Autres Services/Pilotes en mémoire ---
*Deregistered* - sptd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c5b0947-c635-11dd-a5fb-002268054185}]
\shell\AutoRun\command - Z:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4c5b1019-c3d6-11dd-8fd2-806e6f6e6963}]
\shell\AutoRun\command - E:\CdAutoRun.exe
.
Contenu du dossier 'Tâches planifiées'
2009-01-26 c:\windows\Tasks\User_Feed_Synchronization-{C237E80D-5B3C-4342-8DC8-D04FE6BB0076}.job
- c:\windows\system32\msfeedssync.exe [2008-08-22 05:05]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-P2kAutostart - (no file)
.
------- Examen supplémentaire -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {FBAE113B-CFC0-424D-909A-A2A23B821FBF} = 24.200.243.189,24.201.245.77,24.200.241.37
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://ma-config.com/activex/hardwaredetection_3_1_0_4.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-25 22:34:01
Windows 6.0.6001 Service Pack 1 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
c:\users\So\AppData\Local\Temp\catchme.dll 53248 bytes executable
Scan terminé avec succès
Fichiers cachés: 1
**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\program files\ESET\nod32krn.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Realtek\8192U Wireless LAN Utility\RtWLan.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Heure de fin: 2009-01-25 22:35:53 - La machine a redémarré [So]
ComboFix-quarantined-files.txt 2009-01-26 03:35:50
Avant-CF: 11,576,070,144 octets libres
Après-CF: 11,623,665,664 octets libres
440 --- E O F --- 2009-01-22 21:10:38
HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 22:38:33, on 2009-01-25
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Northstar\SmartCopy\SmartCopy.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Northstar\SmartLauncher\SmartLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\So\Desktop\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: isoHunt Toolbar - {a6e4a4eb-d169-4e99-8988-250fcbafe767} - C:\Program Files\isoHunt\tbisoH.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: SmartCopy.lnk = C:\Program Files\Northstar\SmartCopy\SmartCopy.exe
O4 - Global Startup: SmartLauncher.lnk = C:\Program Files\Northstar\SmartLauncher\SmartLauncher.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\jeux\Party Poker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - d:\jeux\Party Poker\PartyPoker\RunApp.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://ma-config.com/activex/hardwaredetection_3_1_0_4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FBAE113B-CFC0-424D-909A-A2A23B821FBF}: NameServer = 24.200.243.189,24.201.245.77,24.200.241.37
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Realtek92U - Realtek - C:\Program Files\Realtek\8192U Wireless LAN Utility\RtlService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
a première vue tout semble bien aller, mon IE 8 va déja comme avant et l'ordi a repris de la vitesse et Antivirus XP Pro 2009 n'est plus la a me narguer
alors pour moi tout semble reglé...
alors un grand merci a toi Geoffrey5, merci pour ta patience, ton travail professionnel, ton support soutenu et compréhensif!
s'il y a quoi que ce soit dans ces rapport, laisse moi un message, je ne metterais pas mon topic Résolu au cas où!
MERCI ;)
alors un grand merci a toi Geoffrey5, merci pour ta patience, ton travail professionnel, ton support soutenu et compréhensif!
s'il y a quoi que ce soit dans ces rapport, laisse moi un message, je ne metterais pas mon topic Résolu au cas où!
MERCI ;)
Bonjour,
Pour s'assurer, fais quand même ceci stp :
▶ Télécharge Toolbar-S&D (de Team IDN) sur ton Bureau
▶ Lance l'installation du programme en exécutant le fichier téléchargé.
▶ Double-clique maintenant sur le raccourci de Toolbar-S&D.
▶ Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
▶ Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
▶ Poste le rapport généré. (C:\TB.txt)
Pour s'assurer, fais quand même ceci stp :
▶ Télécharge Toolbar-S&D (de Team IDN) sur ton Bureau
▶ Lance l'installation du programme en exécutant le fichier téléchargé.
▶ Double-clique maintenant sur le raccourci de Toolbar-S&D.
▶ Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
▶ Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
▶ Poste le rapport généré. (C:\TB.txt)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
bonjour
est il possible que ce méchant virus ai été supprimé directement avec le scan du logiciel Malwarebytes?
ou est ce seulement une impression et faut il quandmême que je continue a suivre les conseils d'après ?
merci d'avance :)
est il possible que ce méchant virus ai été supprimé directement avec le scan du logiciel Malwarebytes?
ou est ce seulement une impression et faut il quandmême que je continue a suivre les conseils d'après ?
merci d'avance :)
Bonsoir Ghazig,
Merci de créer ton propre topic en cliquant sur le lien ci-dessous pour ne pas avoir de conflit entres les réponses de celui qui a crée celui ci...Tout en bas de la page, tu pourras créer ton propre sujet et y exposer ton problème :
http://www.commentcamarche.net/forum/forum 7 virus securite
merci pour ta compréhension ;-)
Merci de créer ton propre topic en cliquant sur le lien ci-dessous pour ne pas avoir de conflit entres les réponses de celui qui a crée celui ci...Tout en bas de la page, tu pourras créer ton propre sujet et y exposer ton problème :
http://www.commentcamarche.net/forum/forum 7 virus securite
merci pour ta compréhension ;-)
