A voir également:
- Infecté par un rootkit
- Anti rootkit - Télécharger - Antivirus & Antimalwares
- Rootkit hunter - Télécharger - Antivirus & Antimalwares
- L'ordinateur d'arthur a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? ✓ - Forum Antivirus
- L'ordinateur de samantha a été infecté par un virus répertorié récemment. son anti-virus ne l'a pas détecté. qu'a-t-il pu se passer ? ✓ - Forum Virus
- Infecte par un virus - Forum Virus
15 réponses
fabul
Messages postés
39602
Date d'inscription
dimanche 18 janvier 2009
Statut
Modérateur
Dernière intervention
25 janvier 2025
5 472
17 juil. 2009 à 23:13
17 juil. 2009 à 23:13
Essaie celui ci,attention,il est en anglais https://www.greatis.com/security/download.htm
Important:Edition platinum
Important:Edition platinum
cet utilitaire m'a l'air pas mal du tout , il a trouvé trois executable bad a 100% , sauf qu'a chaque fois ou je demande la suppresion il ne se supprime pas et reviennent a chaque fois , meme en mode sans echec en decochant la restauration systeme , ils réaparraisent. Bref je te remercie de ton aide , meme si ma gratitude vaut pas grand chose lol.
Utilisateur anonyme
18 juil. 2009 à 19:43
18 juil. 2009 à 19:43
bonsoir,
il y a toujours la possibilité de les fixer avec hijackthis
connais tu les noms des executables?
fais un log de hijackthis et avec les noms, on les trouve et les tue sur le champ
il y a toujours la possibilité de les fixer avec hijackthis
connais tu les noms des executables?
fais un log de hijackthis et avec les noms, on les trouve et les tue sur le champ
fabul
Messages postés
39602
Date d'inscription
dimanche 18 janvier 2009
Statut
Modérateur
Dernière intervention
25 janvier 2025
5 472
18 juil. 2009 à 21:29
18 juil. 2009 à 21:29
Je suis désolé si il n'est pas cappable d'effacer les coupables,as tu utilisé terminate et reboot now pour la suppression?
normalement,il devrait effacer mème des fichiers difficiles a effacer a moin qu'ils ne soient bons.
certains hackers au brésil avaient utilisé de ce système de façon trafiquée avec des commandes pour effacer des fichiers qu'une compagnie banquaire utilisait pour sécuriser leur clients.
article de symantec:https://community.broadcom.com/home#M4559
si ils ne sont pas effacés,ils ne sont peut ètre pas mauvais ou inutiles et restaurés?je n'en connais pas la raison.
si tu pouvait poster la partie du log qui spécifie ce qu'il a trouvé.
ce log est contenu dans tes doccuments rr2log ou quelque chose comme ça.
normalement,il devrait effacer mème des fichiers difficiles a effacer a moin qu'ils ne soient bons.
certains hackers au brésil avaient utilisé de ce système de façon trafiquée avec des commandes pour effacer des fichiers qu'une compagnie banquaire utilisait pour sécuriser leur clients.
article de symantec:https://community.broadcom.com/home#M4559
si ils ne sont pas effacés,ils ne sont peut ètre pas mauvais ou inutiles et restaurés?je n'en connais pas la raison.
si tu pouvait poster la partie du log qui spécifie ce qu'il a trouvé.
ce log est contenu dans tes doccuments rr2log ou quelque chose comme ça.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
18 juil. 2009 à 22:05
18 juil. 2009 à 22:05
si ce logiciel les reconnait comme fichier légitime, il ne les effacera pas, il faut le effecer manuellement.
on tente un truc si tu es d'accord
puisqu'il ne s'agit pas completement d'un virus et peut être d'un programme pour détourner ta connexion, on l'ance un nettoyage de ton pc, puis verra ce que ça donne.
1.Télécharges ComboFix à partir de ce lien :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Et important, enregistre le sur le bureau.
Avant d'utiliser ComboFix :
► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
2° Télécharge Malwarebytes' Anti-Malware: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
. sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
. enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. Une fois la mise à jour terminée,fermes Malwarebytes
. redemarres en mode sans échec pour savoir comment au cas ou tu ne saurrais pas regarde plus bas
. une fois en mode sans echec tu double-cliques sur l'icône de malwarebytes
. une fois ouvert rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. redemarre le pc
. une fois redémarré en mode normal double-cliques sur malwarebytes
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
3.Désactivation/Réactivation de la restauration système
Il est nécessaire de désactiver puis réactiver la restauration système pour la purger car les points de restauration peuvent être infectés :
Pour XP : http://www.commentcamarche.net/faq/sujet 5097 virus system volume information
Pour Vista : http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista
on tente un truc si tu es d'accord
puisqu'il ne s'agit pas completement d'un virus et peut être d'un programme pour détourner ta connexion, on l'ance un nettoyage de ton pc, puis verra ce que ça donne.
1.Télécharges ComboFix à partir de ce lien :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Et important, enregistre le sur le bureau.
Avant d'utiliser ComboFix :
► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
2° Télécharge Malwarebytes' Anti-Malware: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
. sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
. enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
. Une fois la mise à jour terminée,fermes Malwarebytes
. redemarres en mode sans échec pour savoir comment au cas ou tu ne saurrais pas regarde plus bas
. une fois en mode sans echec tu double-cliques sur l'icône de malwarebytes
. une fois ouvert rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre.
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, cliques sur Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
. redemarre le pc
. une fois redémarré en mode normal double-cliques sur malwarebytes
. rends toi dans l'onglet rapport/log
. tu cliques dessus pour l'afficher une fois affiché
. tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
. tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller
Si tu as besoin d'aide regarde ce tutoriel :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
3.Désactivation/Réactivation de la restauration système
Il est nécessaire de désactiver puis réactiver la restauration système pour la purger car les points de restauration peuvent être infectés :
Pour XP : http://www.commentcamarche.net/faq/sujet 5097 virus system volume information
Pour Vista : http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista
voila j'ai lancé combofix , et dans les premieres secondes une fenetre c'est ouvertes informant que la dll suivante etait malicieuse : c:\windows\system32\sockspy.dll
voici le fichier de log: (merci et bonne lecture :) )
ComboFix 09-07-14.08 - carvalho 18/07/2009 19:12.1.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.3070.1511 [GMT 2:00]
Running from: c:\users\carvalho\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active
.
The following files were disabled during the run:
c:\windows\system32\sockspy.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1052327313-1294781821-2582782959-500
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Installer\2d7eff.msi
----- BITS: Possible infected sites -----
hxxp://au.download.j+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cv
.
((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.
2009-07-18 17:18 . 2009-07-18 17:18 -------- d-----w- c:\users\carvalho\AppData\Local\temp
2009-07-18 09:29 . 2009-07-18 09:51 29584 ----a-w- c:\windows\system32\drivers\regguard.sys
2009-07-18 09:29 . 2009-07-18 09:29 2 --shatr- c:\windows\winstart.bat
2009-07-18 09:27 . 2009-07-18 09:27 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys
2009-07-18 09:27 . 2009-07-18 09:27 32480 ----a-w- c:\windows\system32\Partizan.exe
2009-07-18 09:24 . 2008-12-22 15:04 444128 ----a-w- c:\windows\RunGuard.exe
2009-07-18 09:24 . 2008-12-22 15:04 20192 ----a-w- c:\windows\WinBait.exe
2009-07-18 09:24 . 2009-07-18 09:24 -------- d-----w- c:\program files\Greatis
2009-07-17 17:48 . 2009-03-02 09:24 30136 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2009-07-17 17:48 . 2009-07-17 17:48 -------- d-----w- c:\program files\SanityCheck
2009-07-17 17:29 . 2008-08-25 10:36 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-07-17 17:29 . 2008-08-25 10:36 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-07-17 17:29 . 2008-08-25 10:36 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-07-17 17:29 . 2008-06-02 14:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-07-17 17:28 . 2009-07-17 17:30 -------- d-----w- c:\program files\Spyware Doctor
2009-07-17 17:28 . 2009-07-17 17:28 -------- d-----w- c:\users\carvalho\AppData\Roaming\PC Tools
2009-07-17 15:45 . 2009-07-17 15:45 3775175 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-16 07:20 . 2009-07-16 07:20 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-07-15 07:55 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 07:55 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 07:55 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 07:55 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 07:55 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-15 07:55 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-12 20:11 . 2009-07-12 20:15 -------- d-----w- c:\program files\Railroad Tycoon II
2009-07-12 20:11 . 1998-02-06 20:39 304128 ----a-w- c:\windows\unin040c.exe
2009-06-29 14:12 . 2009-06-30 02:11 -------- d-----w- C:\53875633e9e5fc2cddcc6dcf
2009-06-29 09:44 . 2008-06-20 01:17 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-29 09:44 . 2008-06-20 01:18 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-29 09:44 . 2008-06-20 01:18 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-29 09:44 . 2008-06-20 01:17 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-29 09:44 . 2008-06-20 01:17 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-29 09:44 . 2008-06-20 01:18 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-29 09:44 . 2008-06-20 01:18 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-29 09:37 . 2008-07-27 18:00 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-29 09:37 . 2008-07-27 18:00 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-29 09:37 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-29 09:37 . 2008-07-27 18:00 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-29 09:37 . 2008-07-27 18:00 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-29 09:36 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-29 09:36 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-20 14:53 . 2009-06-20 14:53 -------- d-----w- c:\program files\Xvid
2009-06-20 14:53 . 2006-11-01 12:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-20 14:53 . 2006-11-01 12:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2009-06-20 14:51 . 2009-06-20 14:51 -------- d-----w- c:\windows\system32\AGEIA
2009-06-20 14:51 . 2009-06-20 14:51 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-20 14:50 . 2009-06-20 14:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-20 14:47 . 2009-06-20 14:47 -------- d-----w- c:\program files\Spellbound
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 17:15 . 2008-06-14 15:46 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-18 09:54 . 2009-02-23 12:17 -------- d-----w- c:\program files\Steam
2009-07-17 17:29 . 2009-02-18 18:42 -------- d-----w- c:\program files\Sophos
2009-07-17 15:46 . 2009-02-20 10:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-16 07:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-16 07:21 . 2007-12-03 08:38 -------- d-----w- c:\programdata\Microsoft Help
2009-07-13 14:54 . 2008-06-17 14:06 -------- d-----w- c:\program files\a-squared Free
2009-07-13 11:36 . 2009-02-20 10:08 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-02-20 10:08 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 13:43 . 2006-11-02 15:48 699984 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-09 13:43 . 2006-11-02 15:48 121814 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-02 21:00 . 2009-02-23 12:17 -------- d-----w- c:\program files\Common Files\Steam
2009-06-29 10:47 . 2008-06-14 15:20 101784 ----a-w- c:\users\carvalho\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-29 09:58 . 2007-12-03 08:40 -------- d-----w- c:\program files\Microsoft Works
2009-06-21 17:18 . 2008-09-13 16:19 -------- d-----w- c:\users\carvalho\AppData\Roaming\Skype
2009-06-21 16:22 . 2008-09-14 06:19 -------- d-----w- c:\users\carvalho\AppData\Roaming\skypePM
2009-06-20 14:47 . 2007-12-03 08:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 16:08 . 2009-05-15 18:40 -------- d-----w- c:\users\carvalho\AppData\Roaming\Grand Ages Rome
2009-06-09 19:03 . 2009-06-09 19:02 -------- d-----w- c:\program files\EasyPHP 2.0b1
2009-05-20 15:28 . 2009-05-20 15:28 -------- d-----w- c:\users\carvalho\AppData\Roaming\DivX
2009-04-30 12:52 . 2009-06-14 07:13 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:44 . 2009-06-14 07:13 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-04-30 12:42 . 2009-06-14 07:13 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-04-23 13:01 . 2009-06-11 19:50 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:56 . 2009-06-11 19:51 696832 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 12:04 . 2009-06-11 19:59 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-06-12 20:04 . 2008-08-31 11:35 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-06-16 1232896]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Steam"="c:\program files\steam\steam.exe" [2009-06-10 1217784]
"Regrun2"="c:\progra~1\Greatis\REGRUN~1\WatchDog.exe" [2008-12-22 384224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-12-03 1006264]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-09-07 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"BDMCon"="c:\program files\Softwin\BitDefender10\bdmcon.exe" [2009-01-16 290816]
"BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-06 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"MSConfig"="c:\windows\system32\msconfig.exe" [2006-11-02 222208]
"RegRun WinBait"="c:\windows\winbait.exe" [2008-12-22 20192]
"@RegRunOnSecure"="c:\progra~1\Greatis\REGRUN~1\OnSecure.exe" [2008-12-22 61664]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-11 4702208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-12-3 535336]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= "c:\progra~1\Greatis\REGRUN~1\RRShell.dll" [2008-10-20 335943]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DB9E81CD-E999-4D30-9431-905A8CDF3057}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{FDE3C5A9-20A2-4666-80CD-094CBF37C993}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{2ED47240-F206-4606-8CDA-2F141807082E}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{2C6EED45-7B25-44B1-8A9A-972EFE108A9F}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{BA7F183C-0260-4659-8C57-3CF842FF30AA}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{C2191F0A-02E1-4345-985F-D7EB0C11AAF1}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{F61E8216-CE21-44D7-A083-8FD9EF88C629}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{10B94AEA-31AD-4C63-85BE-BB4CF9766ED4}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{CE42DC5A-6B71-45AF-B868-CCC57AD146B9}"= UDP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{D3B25E92-00A6-46C8-A790-B5AC3C95011F}"= TCP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{500BC1D1-35DA-49C0-B213-C1926B2F8975}"= UDP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{33E4512B-0101-4AE6-A346-0144B113EFC7}"= TCP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{E10BAE57-780C-49BA-B65A-4616BBD7CACF}"= UDP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{896891A7-3DC3-4195-AAA5-F1AE4EB165FB}"= TCP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{2393A560-E05C-44C4-BBD8-B005481ED5BB}"= UDP:d:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{075B50CA-6793-4820-B513-89FE64BAD6AF}"= TCP:d:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{3A9F82A3-E5E7-44FC-934A-6F7D9AAB6283}"= UDP:d:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{3A3C1CB5-3FFD-47FC-AA90-C75A77BFA81E}"= TCP:d:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{00F71A71-12B8-40AA-95A2-17C8F91B3969}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{80463537-769A-4D6E-B64E-735268576C04}"= UDP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{AAFADC4B-757A-485B-BF57-7D84088E7D00}"= TCP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{6F71051E-65C9-427E-9714-2A9BD1CA9558}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{6B6BEE6C-8CD6-48EA-8B28-569FC9968892}e:\\program files\\call of duty\\coduomp.exe"= UDP:e:\program files\call of duty\coduomp.exe:CoDUOMP
"UDP Query User{C467FC26-87CC-4BE1-9BCD-ED5B6ABB383C}e:\\program files\\call of duty\\coduomp.exe"= TCP:e:\program files\call of duty\coduomp.exe:CoDUOMP
"{7B023CBE-53A0-4813-A8A4-F0E81E3A4ADA}"= UDP:d:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{F875232C-E72E-40A7-8CFB-25AE6514E321}"= TCP:d:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{73DB6AE4-F611-4F41-AE47-53546B222900}"= UDP:990:LocalSubnet:LocalSubnet|IF={14C28287-987D-4FDD-B262-38B26423ED50}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{9E5BDF6A-D21D-421A-8F49-39FB7CD34B27}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A3172CC2-E7C1-4E78-A1C6-CE039A80E01C}"= UDP:c:\program files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:LSDA, L'Avènement du Roi-sorcier™
"{F5A14797-1A04-4CFD-A8E8-DFEF0655D4A0}"= TCP:c:\program files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:LSDA, L'Avènement du Roi-sorcier™
"TCP Query User{0919228B-28E1-4416-B30B-D250353266C7}c:\\program files\\ubisoft\\heroes of might and magic v - tribes of the east\\bin\\h5_game.exe"= UDP:c:\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe:Heroes of Might and Magic V
"UDP Query User{C92F70D6-8CE5-40AE-AC23-AAA7E0BEBFA6}c:\\program files\\ubisoft\\heroes of might and magic v - tribes of the east\\bin\\h5_game.exe"= TCP:c:\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe:Heroes of Might and Magic V
"TCP Query User{E4024830-207F-4F28-B882-AD2F4B1389F2}c:\\program files\\easyphp 2.0b1\\mysql\\bin\\mysqld.exe"= UDP:c:\program files\easyphp 2.0b1\mysql\bin\mysqld.exe:mysqld
"UDP Query User{10F23D92-E984-4426-9821-6FB237AA5614}c:\\program files\\easyphp 2.0b1\\mysql\\bin\\mysqld.exe"= TCP:c:\program files\easyphp 2.0b1\mysql\bin\mysqld.exe:mysqld
"{032C073A-01E3-4EB7-A4E7-AE2B448A790E}"= UDP:c:\program files\Steam\steamapps\common\empire total war\Empire.exe:Empire: Total War
"{2E39C408-80B0-49E6-9A55-EA4589814C77}"= TCP:c:\program files\Steam\steamapps\common\empire total war\Empire.exe:Empire: Total War
"{4F71D3C7-DA05-4A79-B068-92CBF44374ED}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\srcds.exe:Left 4 Dead Dedicated Server
"{9FC21E83-51C4-4914-A017-780ED17EFB70}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\srcds.exe:Left 4 Dead Dedicated Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [03/12/2007 11:00 269448]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [16/06/2008 22:07 810320]
S0 Partizan;Partizan;c:\windows\System32\drivers\Partizan.sys [18/07/2009 11:27 34760]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [16/04/2009 23:16 33176]
S3 RegGuard;RegGuard;c:\windows\System32\drivers\regguard.sys [18/07/2009 11:29 29584]
S3 rspSanity;rspSanity;c:\windows\System32\drivers\rspSanity32.sys [17/07/2009 19:48 30136]
S3 rt70x86;RT2500 USB Wireless LAN Driver;c:\windows\System32\drivers\netr70.sys [15/06/2008 12:23 245248]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [17/07/2009 19:28 356920]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [26/02/2009 14:18 80744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {029773B8-1390-4664-A8F9-199F5833E602} = 212.30.96.108,213.203.124.146
TCP: {67B5A412-8B12-4D65-98E9-560BDC88673F} = 212.30.96.108,213.203.124.146
FF - ProfilePath - c:\users\carvalho\AppData\Roaming\Mozilla\Firefox\Profiles\4nybf1ef.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 19:18
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1052327313-1294781821-2582782959-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9e,e3,85,58,ac,7f,13,2c,53,45,ab,21,af,4f,5e,e0,50,bb,e2,b6,33,e1,31,
9e,ba,6c,ef,fd,2d,71,7a,19,1e,45,22,9b,7f,52,0a,32,75,4b,78,99,9e,09,e2,0e,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
[HKEY_USERS\S-1-5-21-1052327313-1294781821-2582782959-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:fb,1c,84,92,90,16,cc,69,d5,df,be,76,72,22,29,7e,17,71,31,b0,a9,
70,08,32,0a,9d,6c,cf,c1,35,75,6a,58,3e,a3,b8,07,eb,f3,00,b1,ed,9d,70,52,04,\
"rkeysecu"=hex:fa,45,e0,cb,42,e5,d3,b3,85,6b,99,a2,3e,f3,27,c3
.
Completion time: 2009-07-18 19:21
ComboFix-quarantined-files.txt 2009-07-18 17:21
Pre-Run: 106 378 649 600 octets libres
Post-Run: 106 365 796 352 octets libres
257 --- E O F --- 2009-07-17 06:55
voici le fichier de log: (merci et bonne lecture :) )
ComboFix 09-07-14.08 - carvalho 18/07/2009 19:12.1.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.3070.1511 [GMT 2:00]
Running from: c:\users\carvalho\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Bitdefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active
.
The following files were disabled during the run:
c:\windows\system32\sockspy.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1052327313-1294781821-2582782959-500
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Installer\2d7eff.msi
----- BITS: Possible infected sites -----
hxxp://au.download.j+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cv
.
((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
.
2009-07-18 17:18 . 2009-07-18 17:18 -------- d-----w- c:\users\carvalho\AppData\Local\temp
2009-07-18 09:29 . 2009-07-18 09:51 29584 ----a-w- c:\windows\system32\drivers\regguard.sys
2009-07-18 09:29 . 2009-07-18 09:29 2 --shatr- c:\windows\winstart.bat
2009-07-18 09:27 . 2009-07-18 09:27 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys
2009-07-18 09:27 . 2009-07-18 09:27 32480 ----a-w- c:\windows\system32\Partizan.exe
2009-07-18 09:24 . 2008-12-22 15:04 444128 ----a-w- c:\windows\RunGuard.exe
2009-07-18 09:24 . 2008-12-22 15:04 20192 ----a-w- c:\windows\WinBait.exe
2009-07-18 09:24 . 2009-07-18 09:24 -------- d-----w- c:\program files\Greatis
2009-07-17 17:48 . 2009-03-02 09:24 30136 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
2009-07-17 17:48 . 2009-07-17 17:48 -------- d-----w- c:\program files\SanityCheck
2009-07-17 17:29 . 2008-08-25 10:36 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-07-17 17:29 . 2008-08-25 10:36 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-07-17 17:29 . 2008-08-25 10:36 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-07-17 17:29 . 2008-06-02 14:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-07-17 17:28 . 2009-07-17 17:30 -------- d-----w- c:\program files\Spyware Doctor
2009-07-17 17:28 . 2009-07-17 17:28 -------- d-----w- c:\users\carvalho\AppData\Roaming\PC Tools
2009-07-17 15:45 . 2009-07-17 15:45 3775175 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-16 07:20 . 2009-07-16 07:20 -------- d-sh--w- c:\windows\system32\%APPDATA%
2009-07-15 07:55 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 07:55 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
2009-07-15 07:55 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 07:55 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 07:55 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2009-07-15 07:55 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-12 20:11 . 2009-07-12 20:15 -------- d-----w- c:\program files\Railroad Tycoon II
2009-07-12 20:11 . 1998-02-06 20:39 304128 ----a-w- c:\windows\unin040c.exe
2009-06-29 14:12 . 2009-06-30 02:11 -------- d-----w- C:\53875633e9e5fc2cddcc6dcf
2009-06-29 09:44 . 2008-06-20 01:17 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-06-29 09:44 . 2008-06-20 01:18 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-06-29 09:44 . 2008-06-20 01:18 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-06-29 09:44 . 2008-06-20 01:17 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-06-29 09:44 . 2008-06-20 01:17 11264 ----a-w- c:\windows\system32\icardres.dll
2009-06-29 09:44 . 2008-06-20 01:18 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-06-29 09:44 . 2008-06-20 01:18 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-06-29 09:37 . 2008-07-27 18:00 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-06-29 09:37 . 2008-07-27 18:00 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-06-29 09:37 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-06-29 09:37 . 2008-07-27 18:00 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-06-29 09:37 . 2008-07-27 18:00 83968 ----a-w- c:\windows\system32\mscories.dll
2009-06-29 09:36 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-29 09:36 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-20 14:53 . 2009-06-20 14:53 -------- d-----w- c:\program files\Xvid
2009-06-20 14:53 . 2006-11-01 12:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-06-20 14:53 . 2006-11-01 12:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
2009-06-20 14:51 . 2009-06-20 14:51 -------- d-----w- c:\windows\system32\AGEIA
2009-06-20 14:51 . 2009-06-20 14:51 -------- d-----w- c:\program files\AGEIA Technologies
2009-06-20 14:50 . 2009-06-20 14:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-20 14:47 . 2009-06-20 14:47 -------- d-----w- c:\program files\Spellbound
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-18 17:15 . 2008-06-14 15:46 81984 ----a-w- c:\windows\system32\bdod.bin
2009-07-18 09:54 . 2009-02-23 12:17 -------- d-----w- c:\program files\Steam
2009-07-17 17:29 . 2009-02-18 18:42 -------- d-----w- c:\program files\Sophos
2009-07-17 15:46 . 2009-02-20 10:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-16 07:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-16 07:21 . 2007-12-03 08:38 -------- d-----w- c:\programdata\Microsoft Help
2009-07-13 14:54 . 2008-06-17 14:06 -------- d-----w- c:\program files\a-squared Free
2009-07-13 11:36 . 2009-02-20 10:08 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-02-20 10:08 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 13:43 . 2006-11-02 15:48 699984 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-09 13:43 . 2006-11-02 15:48 121814 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-02 21:00 . 2009-02-23 12:17 -------- d-----w- c:\program files\Common Files\Steam
2009-06-29 10:47 . 2008-06-14 15:20 101784 ----a-w- c:\users\carvalho\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-29 09:58 . 2007-12-03 08:40 -------- d-----w- c:\program files\Microsoft Works
2009-06-21 17:18 . 2008-09-13 16:19 -------- d-----w- c:\users\carvalho\AppData\Roaming\Skype
2009-06-21 16:22 . 2008-09-14 06:19 -------- d-----w- c:\users\carvalho\AppData\Roaming\skypePM
2009-06-20 14:47 . 2007-12-03 08:34 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-18 16:08 . 2009-05-15 18:40 -------- d-----w- c:\users\carvalho\AppData\Roaming\Grand Ages Rome
2009-06-09 19:03 . 2009-06-09 19:02 -------- d-----w- c:\program files\EasyPHP 2.0b1
2009-05-20 15:28 . 2009-05-20 15:28 -------- d-----w- c:\users\carvalho\AppData\Roaming\DivX
2009-04-30 12:52 . 2009-06-14 07:13 292352 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:44 . 2009-06-14 07:13 1244672 ----a-w- c:\windows\system32\mcmde.dll
2009-04-30 12:42 . 2009-06-14 07:13 428032 ----a-w- c:\windows\system32\EncDec.dll
2009-04-23 13:01 . 2009-06-11 19:50 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:56 . 2009-06-11 19:51 696832 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 12:04 . 2009-06-11 19:59 2028032 ----a-w- c:\windows\system32\win32k.sys
2009-06-12 20:04 . 2008-08-31 11:35 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-06-16 1232896]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Steam"="c:\program files\steam\steam.exe" [2009-06-10 1217784]
"Regrun2"="c:\progra~1\Greatis\REGRUN~1\WatchDog.exe" [2008-12-22 384224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-12-03 1006264]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-09-07 326176]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
"BDMCon"="c:\program files\Softwin\BitDefender10\bdmcon.exe" [2009-01-16 290816]
"BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-06 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"MSConfig"="c:\windows\system32\msconfig.exe" [2006-11-02 222208]
"RegRun WinBait"="c:\windows\winbait.exe" [2008-12-22 20192]
"@RegRunOnSecure"="c:\progra~1\Greatis\REGRUN~1\OnSecure.exe" [2008-12-22 61664]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-11 4702208]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-12-3 535336]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{F552DDE6-2090-4bf4-B924-6141E87789A5}"= "c:\progra~1\Greatis\REGRUN~1\RRShell.dll" [2008-10-20 335943]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{DB9E81CD-E999-4D30-9431-905A8CDF3057}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
"{FDE3C5A9-20A2-4666-80CD-094CBF37C993}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
"{2ED47240-F206-4606-8CDA-2F141807082E}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
"{2C6EED45-7B25-44B1-8A9A-972EFE108A9F}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
"{BA7F183C-0260-4659-8C57-3CF842FF30AA}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
"{C2191F0A-02E1-4345-985F-D7EB0C11AAF1}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
"{F61E8216-CE21-44D7-A083-8FD9EF88C629}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
"{10B94AEA-31AD-4C63-85BE-BB4CF9766ED4}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{CE42DC5A-6B71-45AF-B868-CCC57AD146B9}"= UDP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{D3B25E92-00A6-46C8-A790-B5AC3C95011F}"= TCP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"{500BC1D1-35DA-49C0-B213-C1926B2F8975}"= UDP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{33E4512B-0101-4AE6-A346-0144B113EFC7}"= TCP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
"{E10BAE57-780C-49BA-B65A-4616BBD7CACF}"= UDP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{896891A7-3DC3-4195-AAA5-F1AE4EB165FB}"= TCP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
"{2393A560-E05C-44C4-BBD8-B005481ED5BB}"= UDP:d:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{075B50CA-6793-4820-B513-89FE64BAD6AF}"= TCP:d:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
"{3A9F82A3-E5E7-44FC-934A-6F7D9AAB6283}"= UDP:d:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{3A3C1CB5-3FFD-47FC-AA90-C75A77BFA81E}"= TCP:d:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
"{00F71A71-12B8-40AA-95A2-17C8F91B3969}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{80463537-769A-4D6E-B64E-735268576C04}"= UDP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{AAFADC4B-757A-485B-BF57-7D84088E7D00}"= TCP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
"{6F71051E-65C9-427E-9714-2A9BD1CA9558}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{6B6BEE6C-8CD6-48EA-8B28-569FC9968892}e:\\program files\\call of duty\\coduomp.exe"= UDP:e:\program files\call of duty\coduomp.exe:CoDUOMP
"UDP Query User{C467FC26-87CC-4BE1-9BCD-ED5B6ABB383C}e:\\program files\\call of duty\\coduomp.exe"= TCP:e:\program files\call of duty\coduomp.exe:CoDUOMP
"{7B023CBE-53A0-4813-A8A4-F0E81E3A4ADA}"= UDP:d:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{F875232C-E72E-40A7-8CFB-25AE6514E321}"= TCP:d:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
"{73DB6AE4-F611-4F41-AE47-53546B222900}"= UDP:990:LocalSubnet:LocalSubnet|IF={14C28287-987D-4FDD-B262-38B26423ED50}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{9E5BDF6A-D21D-421A-8F49-39FB7CD34B27}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A3172CC2-E7C1-4E78-A1C6-CE039A80E01C}"= UDP:c:\program files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:LSDA, L'Avènement du Roi-sorcier™
"{F5A14797-1A04-4CFD-A8E8-DFEF0655D4A0}"= TCP:c:\program files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:LSDA, L'Avènement du Roi-sorcier™
"TCP Query User{0919228B-28E1-4416-B30B-D250353266C7}c:\\program files\\ubisoft\\heroes of might and magic v - tribes of the east\\bin\\h5_game.exe"= UDP:c:\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe:Heroes of Might and Magic V
"UDP Query User{C92F70D6-8CE5-40AE-AC23-AAA7E0BEBFA6}c:\\program files\\ubisoft\\heroes of might and magic v - tribes of the east\\bin\\h5_game.exe"= TCP:c:\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe:Heroes of Might and Magic V
"TCP Query User{E4024830-207F-4F28-B882-AD2F4B1389F2}c:\\program files\\easyphp 2.0b1\\mysql\\bin\\mysqld.exe"= UDP:c:\program files\easyphp 2.0b1\mysql\bin\mysqld.exe:mysqld
"UDP Query User{10F23D92-E984-4426-9821-6FB237AA5614}c:\\program files\\easyphp 2.0b1\\mysql\\bin\\mysqld.exe"= TCP:c:\program files\easyphp 2.0b1\mysql\bin\mysqld.exe:mysqld
"{032C073A-01E3-4EB7-A4E7-AE2B448A790E}"= UDP:c:\program files\Steam\steamapps\common\empire total war\Empire.exe:Empire: Total War
"{2E39C408-80B0-49E6-9A55-EA4589814C77}"= TCP:c:\program files\Steam\steamapps\common\empire total war\Empire.exe:Empire: Total War
"{4F71D3C7-DA05-4A79-B068-92CBF44374ED}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\srcds.exe:Left 4 Dead Dedicated Server
"{9FC21E83-51C4-4914-A017-780ED17EFB70}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\srcds.exe:Left 4 Dead Dedicated Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [03/12/2007 11:00 269448]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [16/06/2008 22:07 810320]
S0 Partizan;Partizan;c:\windows\System32\drivers\Partizan.sys [18/07/2009 11:27 34760]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [16/04/2009 23:16 33176]
S3 RegGuard;RegGuard;c:\windows\System32\drivers\regguard.sys [18/07/2009 11:29 29584]
S3 rspSanity;rspSanity;c:\windows\System32\drivers\rspSanity32.sys [17/07/2009 19:48 30136]
S3 rt70x86;RT2500 USB Wireless LAN Driver;c:\windows\System32\drivers\netr70.sys [15/06/2008 12:23 245248]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [17/07/2009 19:28 356920]
S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [26/02/2009 14:18 80744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://fr.fr.acer.yahoo.com
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {029773B8-1390-4664-A8F9-199F5833E602} = 212.30.96.108,213.203.124.146
TCP: {67B5A412-8B12-4D65-98E9-560BDC88673F} = 212.30.96.108,213.203.124.146
FF - ProfilePath - c:\users\carvalho\AppData\Roaming\Mozilla\Firefox\Profiles\4nybf1ef.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-18 19:18
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1052327313-1294781821-2582782959-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:9e,e3,85,58,ac,7f,13,2c,53,45,ab,21,af,4f,5e,e0,50,bb,e2,b6,33,e1,31,
9e,ba,6c,ef,fd,2d,71,7a,19,1e,45,22,9b,7f,52,0a,32,75,4b,78,99,9e,09,e2,0e,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12
[HKEY_USERS\S-1-5-21-1052327313-1294781821-2582782959-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:fb,1c,84,92,90,16,cc,69,d5,df,be,76,72,22,29,7e,17,71,31,b0,a9,
70,08,32,0a,9d,6c,cf,c1,35,75,6a,58,3e,a3,b8,07,eb,f3,00,b1,ed,9d,70,52,04,\
"rkeysecu"=hex:fa,45,e0,cb,42,e5,d3,b3,85,6b,99,a2,3e,f3,27,c3
.
Completion time: 2009-07-18 19:21
ComboFix-quarantined-files.txt 2009-07-18 17:21
Pre-Run: 106 378 649 600 octets libres
Post-Run: 106 365 796 352 octets libres
257 --- E O F --- 2009-07-17 06:55
Utilisateur anonyme
19 juil. 2009 à 13:12
19 juil. 2009 à 13:12
Edit,
je supçonne que ça soit juste un trojan :
hxxp://au.download.j+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cv
il n'est pas arrivé par internet.
ça été introduit par je ne sais quel moyen dans ton pc, un mail peut être, va savoir
suis le poste n° 5
je supçonne que ça soit juste un trojan :
hxxp://au.download.j+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cv
il n'est pas arrivé par internet.
ça été introduit par je ne sais quel moyen dans ton pc, un mail peut être, va savoir
suis le poste n° 5
Merci d'avoir répondu mais j'ai déja fait cela, et le probleme reste identique.Cependant j'arrive meme plus a me conecter sur Internet a travers mon pc de mon domicile, et ce matin en me réveillant pour me nargué il a changer mon fond d'ecran, (histoire de marqué sa presence).
De plus, je pense avoir trouvé un keyloger catchme.sys, que je pense a voir effacé mais j'en suis pas sur.
De plus, je pense avoir trouvé un keyloger catchme.sys, que je pense a voir effacé mais j'en suis pas sur.
fabul
Messages postés
39602
Date d'inscription
dimanche 18 janvier 2009
Statut
Modérateur
Dernière intervention
25 janvier 2025
5 472
19 juil. 2009 à 20:47
19 juil. 2009 à 20:47
mickportugais
>
fabul
Messages postés
39602
Date d'inscription
dimanche 18 janvier 2009
Statut
Modérateur
Dernière intervention
25 janvier 2025
19 juil. 2009 à 20:54
19 juil. 2009 à 20:54
Salut Fabul
c est ce que j ai utilise (REGRun) pour supprimer le fichier catchme.sys . Au debut, après suppression il revenait après démarrage, depuis cela le fait plus. Qu'en penses tu? Comment etre sur qu'il ne soit plus là?? (j'ai deja fait une recherche avec les fichiers cachés cela le retrouve plus).
c est ce que j ai utilise (REGRun) pour supprimer le fichier catchme.sys . Au debut, après suppression il revenait après démarrage, depuis cela le fait plus. Qu'en penses tu? Comment etre sur qu'il ne soit plus là?? (j'ai deja fait une recherche avec les fichiers cachés cela le retrouve plus).
fabul
Messages postés
39602
Date d'inscription
dimanche 18 janvier 2009
Statut
Modérateur
Dernière intervention
25 janvier 2025
5 472
>
mickportugais
19 juil. 2009 à 20:59
19 juil. 2009 à 20:59
Mème en regardant les fichiers cachés et protégés du système d'exploitation,certains rootkits ne sont pas visibles.si regrun ne le détecte plus,il ne doit plus exister,en théorie,
continue ton investigation.
as tu fait une analyse avec malwarebytes?
continue ton investigation.
as tu fait une analyse avec malwarebytes?
Utilisateur anonyme
19 juil. 2009 à 19:24
19 juil. 2009 à 19:24
tu n'as fait que combofix, pas le reste, continue et poste moi les rapports au fur et a mesure
merci
merci
Utilisateur anonyme
19 juil. 2009 à 19:40
19 juil. 2009 à 19:40
ça serai bien que tu me postes les rapports ici, je varrais les problèmes et te proposerais des solutions.
Suite : RR2LOG
Anti Spyware... Start check 19.07.2009 at:12:44:23
Prohibited:3 Suspicious:25 Warnings:1
Prohibited:Auto Services
ProtexisLicensing=D:\WINDOWS\system32\PSIService.exe
Internal Name: ProtexisLicensing. Status: service running. Actual File: D:\WINDOWS\system32\PSIService.exe * Protexis Licensing Service nTitles PSIService PSIService 2.0.0.1
******************************
Prohibited:Running Processes
PSIService.exe=D:\WINDOWS\SYSTEM32\PSISERVICE.EXE
nTitles PSIService PSIService 2.0.0.1
******************************
Prohibited:Running Processes
ccc.exe=D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE
Catalyst Control Centre: Host application ATI Technologies Inc. Catalyst Control Centre 2.0.0.0
******************************
Suspicious:Toolbars
{381FFDE8-2394-4f90-B10D-FC6124A40F8C}=D:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
BitDefender IE Toolbar Bitdefender BitDefender IE Toolbar 11.0.0.16
******************************
Suspicious:Auto Services
57xx SteelVine Manager=D:\Program Files\ASUS\Drive Xpert\SteelVine.exe
Internal Name: 57xx SteelVine Manager. Status: service running. Actual File: D:\Program Files\ASUS\Drive Xpert\SteelVine.exe * SteelVine Volume Management Service
******************************
Suspicious:Auto Services
ASKUpgrade=D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
Internal Name: ASKUpgrade. Status: service stopped. Actual File: D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe * ASK ToolBar Upgrade Engine
******************************
Suspicious:Auto Services
FreeAgentGoNext Service="D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe"
Internal Name: FreeAgentGoNext Service. Status: service running. Actual File: "D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe" * Seagate Service Sync Windows Services Seagate Technology LLC Sync 4, 7, 0, 1
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
Suspicious:Registry Run
AOLSAV=D:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
Agent TechCity Solutions France TechCity Solutions France Agent 1.0.0.1766
******************************
Suspicious:Registry Run
Ai Nap="D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
******************************
Suspicious:Registry Run
QFan Help="D:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
1.0.0.0
******************************
Suspicious:Registry Run
Cpu Level Up help=D:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
1.0.0.0
******************************
Suspicious:Registry Run
Launch Direct Link="D:\Program Files\ASUS\AI Direct Link\AsShare.exe"
1.0.0.0
******************************
Suspicious:Registry Run
Launch As Cmd Runner="D:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg
******************************
Suspicious:Registry Run
Ask and Record FLV Service="D:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
FLV Service for Ask and Record Toolbar Applian Technologies, Inc. Applian Technologies, Inc. FLVSrvc 1, 1, 0, 0
******************************
Suspicious:Registry Run
Corel File Shell Monitor=D:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
******************************
Suspicious:Registry Run
Six Engine="D:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
1.0.0.0
******************************
Suspicious:Registry Run
BDAgent="D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
BitDefender Agent BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Running Processes
SteelVine.exe=D:\PROGRAM FILES\ASUS\DRIVE XPERT\STEELVINE.EXE
******************************
Suspicious:Running Processes
WLService.exe=D:\PROGRAM FILES\WIRELESS 802.11G MONITOR\WLSERVICE.EXE
******************************
Suspicious:Running Processes
WLanCfgG.exe=D:\PROGRAM FILES\WIRELESS 802.11G MONITOR\WLANCFGG.EXE
******************************
Suspicious:Running Processes
AiNap.exe=D:\PROGRAM FILES\ASUS\AI SUITE\AINAP\AINAP.EXE
******************************
Suspicious:Running Processes
CorelIOMonitor.exe=D:\PROGRAM FILES\COREL\COREL MEDIAONE\CORELIOMONITOR.EXE
******************************
Suspicious:Running Processes
waol.exe=D:\PROGRAM FILES\AOL 9.0 VR\WAOL.EXE
******************************
Suspicious:Running Processes
shellmon.exe=D:\PROGRAM FILES\AOL 9.0 VR\SHELLMON.EXE
******************************
Warnings:Drivers
mc25.tmp=D:\WINDOWS\TEMP\MC25.TMP
******************************
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:12:44:34
Prohibited:3 Suspicious:25 Warnings:1
Prohibited:Auto Services
ProtexisLicensing=D:\WINDOWS\system32\PSIService.exe
Internal Name: ProtexisLicensing. Status: service running. Actual File: D:\WINDOWS\system32\PSIService.exe * Protexis Licensing Service nTitles PSIService PSIService 2.0.0.1
******************************
Prohibited:Running Processes
PSIService.exe=D:\WINDOWS\SYSTEM32\PSISERVICE.EXE
nTitles PSIService PSIService 2.0.0.1
******************************
Prohibited:Running Processes
ccc.exe=D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE
Catalyst Control Centre: Host application ATI Technologies Inc. Catalyst Control Centre 2.0.0.0
******************************
Suspicious:Toolbars
{381FFDE8-2394-4f90-B10D-FC6124A40F8C}=D:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
BitDefender IE Toolbar Bitdefender BitDefender IE Toolbar 11.0.0.16
******************************
Suspicious:Auto Services
57xx SteelVine Manager=D:\Program Files\ASUS\Drive Xpert\SteelVine.exe
Internal Name: 57xx SteelVine Manager. Status: service running. Actual File: D:\Program Files\ASUS\Drive Xpert\SteelVine.exe * SteelVine Volume Management Service
******************************
Suspicious:Auto Services
ASKUpgrade=D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
Internal Name: ASKUpgrade. Status: service stopped. Actual File: D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe * ASK ToolBar Upgrade Engine
******************************
Suspicious:Auto Services
FreeAgentGoNext Service="D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe"
Internal Name: FreeAgentGoNext Service. Status: service running. Actual File: "D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe" * Seagate Service Sync Windows Services Seagate Technology LLC Sync 4, 7, 0, 1
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
Suspicious:Registry Run
AOLSAV=D:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
Agent TechCity Solutions France TechCity Solutions France Agent 1.0.0.1766
******************************
Suspicious:Registry Run
Ai Nap="D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
******************************
Suspicious:Registry Run
QFan Help="D:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
1.0.0.0
******************************
Suspicious:Registry Run
Cpu Level Up help=D:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
1.0.0.0
******************************
Suspicious:Registry Run
Launch Direct Link="D:\Program Files\ASUS\AI Direct Link\AsShare.exe"
1.0.0.0
******************************
Suspicious:Registry Run
Launch As Cmd Runner="D:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg
******************************
Suspicious:Registry Run
Ask and Record FLV Service="D:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
FLV Service for Ask and Record Toolbar Applian Technologies, Inc. Applian Technologies, Inc. FLVSrvc 1, 1, 0, 0
******************************
Suspicious:Registry Run
Corel File Shell Monitor=D:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
******************************
Suspicious:Registry Run
Six Engine="D:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
1.0.0.0
******************************
Suspicious:Registry Run
BDAgent="D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
BitDefender Agent BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Running Processes
SteelVine.exe=D:\PROGRAM FILES\ASUS\DRIVE XPERT\STEELVINE.EXE
******************************
Suspicious:Running Processes
WLService.exe=D:\PROGRAM FILES\WIRELESS 802.11G MONITOR\WLSERVICE.EXE
******************************
Suspicious:Running Processes
WLanCfgG.exe=D:\PROGRAM FILES\WIRELESS 802.11G MONITOR\WLANCFGG.EXE
******************************
Suspicious:Running Processes
AiNap.exe=D:\PROGRAM FILES\ASUS\AI SUITE\AINAP\AINAP.EXE
******************************
Suspicious:Running Processes
CorelIOMonitor.exe=D:\PROGRAM FILES\COREL\COREL MEDIAONE\CORELIOMONITOR.EXE
******************************
Suspicious:Running Processes
waol.exe=D:\PROGRAM FILES\AOL 9.0 VR\WAOL.EXE
******************************
Suspicious:Running Processes
shellmon.exe=D:\PROGRAM FILES\AOL 9.0 VR\SHELLMON.EXE
******************************
Warnings:Drivers
mc25.tmp=D:\WINDOWS\TEMP\MC25.TMP
******************************
-------------------------------------------------------
Terminate:D:\PROGRAM FILES\WIRELESS 802.11G. Unknown error
Safe Deleting:D:\PROGRAM FILES\WIRELESS 802.11G. You must restart your computer to fully delete this file.
Terminate:D:\PROGRAM FILES\WIRELESS 802.11G. Unknown error
Safe Deleting:D:\PROGRAM FILES\WIRELESS 802.11G. You must restart your computer to fully delete this file.
Terminate:D:\WINDOWS\TEMP\MC25.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC25.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Auto Services. R54G Wireless Service=D:\Program Files\Wireless 802.11g Monitor\WLService.exe
Safe Deleting:D:\PROGRAM FILES\WIRELESS 802.11G. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc25.tmp=D:\WINDOWS\TEMP\MC25.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC25.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc25.tmp=D:\WINDOWS\TEMP\MC25.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC25.TMP. You must restart your computer to fully delete this file.
Delete Marked Items In memory->Running Services. R54G Wireless Service=D:\Program Files\Wireless 802.11g Monitor\WLService.exe
Safe Deleting:D:\PROGRAM FILES\WIRELESS 802.11G. You must restart your computer to fully delete this file.
Anti Spyware... Start check 19.07.2009 at:12:57:31
Prohibited:3 Suspicious:6 Warnings:0
Prohibited:Services detected by Partizan
catchme=\??\D:\DOCUME~1\pedroo\LOCALS~1\Temp\catchme.sys
Driver Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
******************************
Prohibited:Services detected by Partizan
mchInjDrv=\??\D:\WINDOWS\TEMP\mc25.tmp
File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
******************************
Prohibited:Services detected by Partizan
R54G Wireless Service=D:\Program Files\Wireless 802.11g Monitor\WLService.exe
File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
Suspicious:Services detected by Partizan
Profos=\??\D:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys
Driver Profos Start Type: loaded manually on demand
******************************
Suspicious:Services detected by Partizan
Trufos=\??\D:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys
Driver Trufos Start Type: loaded manually on demand
******************************
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:13:00:26
Prohibited:1 Suspicious:6 Warnings:0
Prohibited:Services detected by Partizan
catchme=\??\D:\DOCUME~1\pedroo\LOCALS~1\Temp\catchme.sys
Driver Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
Suspicious:Services detected by Partizan
Profos=\??\D:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys
Driver Profos Start Type: loaded manually on demand
******************************
Suspicious:Services detected by Partizan
Trufos=\??\D:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys
Driver Trufos Start Type: loaded manually on demand
******************************
-------------------------------------------------------
Terminate:D:\DOCUME~1\PEDROO\LOCALS~1\TEMP\CATCHME.SYS. Unknown error
Safe Deleting:D:\DOCUME~1\PEDROO\LOCALS~1\TEMP\CATCHME.SYS. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Services detected by Partizan. catchme=\??\D:\DOCUME~1\pedroo\LOCALS~1\Temp\catchme.sys
The service has been marked for deletion->Partizan:catchme
Anti Spyware... Start check 19.07.2009 at:13:04:35
Prohibited:0 Suspicious:4 Warnings:0
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:13:05:38
Prohibited:0 Suspicious:4 Warnings:0
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Start check 19.07.2009 at:13:06:56
Anti Spyware... Start check 19.07.2009 at:13:09:05
Prohibited:0 Suspicious:4 Warnings:1
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
Warnings:Drivers
mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Anti Spyware... Start check 19.07.2009 at:13:12:03
Prohibited:1 Suspicious:4 Warnings:0
Prohibited:Drivers
mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Anti Spyware... Start check 19.07.2009 at:13:13:23
Prohibited:1 Suspicious:4 Warnings:0
Prohibited:Drivers
mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Anti Spyware... Start check 19.07.2009 at:13:14:44
Prohibited:1 Suspicious:4 Warnings:0
Prohibited:Drivers
mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
End check at:13:19:17
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:13:23:01
Prohibited:1 Suspicious:4 Warnings:0
Prohibited:Services detected by Partizan
mchInjDrv=\??\D:\WINDOWS\TEMP\mc220.tmp
File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:13:32:10
Prohibited:0 Suspicious:4 Warnings:0
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Start check 19.07.2009 at:13:38:42
Anti Spyware... Start check 19.07.2009 at:13:39:47
Prohibited:1 Suspicious:4 Warnings:0
Prohibited:Drivers
mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
End check at:13:41:04
-------------------------------------------------------
Start check 19.07.2009 at:14:23:18
Anti Spyware... Start check 19.07.2009 at:14:24:19
Prohibited:1 Suspicious:4 Warnings:0
Prohibited:Drivers
mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
It is good for me!:D:\PROGRAM FILES\JAVA\JRE6\BIN\JQS.EXE
It is good for me!:D:\PROGRAM FILES\FICHIERS COMMUNS\BITDEFENDER\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
It is good for me!:D:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2008\VSSERV.EXE
It is good for me!:D:\PROGRAM FILES\FICHIERS COMMUNS\BITDEFENDER\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
End check at:14:24:53
-------------------------------------------------------
Start check 19.07.2009 at:14:24:59
End check at:14:25:05
-------------------------------------------------------
Start check 19.07.2009 at:14:49:50
End check at:14:49:56
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:14:50:45
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Drivers
mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Anti Spyware... Start check 19.07.2009 at:14:51:23
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Drivers
mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
******************************
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:14:54:52
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Services detected by Partizan
mchInjDrv=\??\D:\WINDOWS\TEMP\mc220.tmp
File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
******************************
-------------------------------------------------------
Start check 19.07.2009 at:17:12:55
End check at:17:13:01
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:17:13:38
Prohibited:0 Suspicious:0 Warnings:1
Warnings:Drivers
mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC21E.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
Anti Spyware... Start check 19.07.2009 at:17:14:50
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Drivers
mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
******************************
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:17:16:13
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Drivers
mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
******************************
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:17:19:04
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Services detected by Partizan
mchInjDrv=\??\D:\WINDOWS\TEMP\mc21E.tmp
File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC21E.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Services detected by Partizan. mchInjDrv=\??\D:\WINDOWS\TEMP\mc21E.tmp
The service has been marked for deletion->Partizan:mchInjDrv
Start check 19.07.2009 at:17:33:41
The changes found in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-------------------------------------------------------
"D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
D:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
D:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
"D:\Program Files\QuickTime\qttask.exe" -atboottime
"D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
"D:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
D:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
"D:\Program Files\ASUS\AI Direct Link\AsShare.exe"
"D:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg
"D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"D:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
"D:\Program Files\Java\jre6\bin\jusched.exe"
D:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
RTHDCPL.EXE
"D:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
"D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
- D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
D:\WINDOWS\winbait.exe
D:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
-------------------------------------------------------
The changes found in HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-------------------------------------------------------
D:\WINDOWS\system32\ctfmon.exe
"D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
- "D:\Program Files\AOL 9.0 VR\AOL.EXE" -b
D:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
"D:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "D:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
-------------------------------------------------------
End check at:17:36:05
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:17:36:58
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Drivers
mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC21E.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
Anti Spyware... Start check 19.07.2009 at:17:38:04
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Drivers
mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
******************************
-------------------------------------------------------
Start check 19.07.2009 at:17:40:14
End check at:17:40:19
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:17:40:56
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Drivers
mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
******************************
-------------------------------------------------------
Could not start service
Anti Spyware... Start check 19.07.2009 at:17:45:30
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Services detected by Partizan
mchInjDrv=\??\D:\WINDOWS\TEMP\mc21E.tmp
File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
******************************
-------------------------------------------------------
Could not start service
Start check 19.07.2009 at:17:57:45
End check at:17:57:53
-------------------------------------------------------
Start check 19.07.2009 at:18:00:25
End check at:18:00:30
-------------------------------------------------------
Start check 19.07.2009 at:20:27:42
End check at:20:28:02
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:12:44:23
Prohibited:3 Suspicious:25 Warnings:1
Prohibited:Auto Services
ProtexisLicensing=D:\WINDOWS\system32\PSIService.exe
Internal Name: ProtexisLicensing. Status: service running. Actual File: D:\WINDOWS\system32\PSIService.exe * Protexis Licensing Service nTitles PSIService PSIService 2.0.0.1
******************************
Prohibited:Running Processes
PSIService.exe=D:\WINDOWS\SYSTEM32\PSISERVICE.EXE
nTitles PSIService PSIService 2.0.0.1
******************************
Prohibited:Running Processes
ccc.exe=D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE
Catalyst Control Centre: Host application ATI Technologies Inc. Catalyst Control Centre 2.0.0.0
******************************
Suspicious:Toolbars
{381FFDE8-2394-4f90-B10D-FC6124A40F8C}=D:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
BitDefender IE Toolbar Bitdefender BitDefender IE Toolbar 11.0.0.16
******************************
Suspicious:Auto Services
57xx SteelVine Manager=D:\Program Files\ASUS\Drive Xpert\SteelVine.exe
Internal Name: 57xx SteelVine Manager. Status: service running. Actual File: D:\Program Files\ASUS\Drive Xpert\SteelVine.exe * SteelVine Volume Management Service
******************************
Suspicious:Auto Services
ASKUpgrade=D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
Internal Name: ASKUpgrade. Status: service stopped. Actual File: D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe * ASK ToolBar Upgrade Engine
******************************
Suspicious:Auto Services
FreeAgentGoNext Service="D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe"
Internal Name: FreeAgentGoNext Service. Status: service running. Actual File: "D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe" * Seagate Service Sync Windows Services Seagate Technology LLC Sync 4, 7, 0, 1
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
Suspicious:Registry Run
AOLSAV=D:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
Agent TechCity Solutions France TechCity Solutions France Agent 1.0.0.1766
******************************
Suspicious:Registry Run
Ai Nap="D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
******************************
Suspicious:Registry Run
QFan Help="D:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
1.0.0.0
******************************
Suspicious:Registry Run
Cpu Level Up help=D:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
1.0.0.0
******************************
Suspicious:Registry Run
Launch Direct Link="D:\Program Files\ASUS\AI Direct Link\AsShare.exe"
1.0.0.0
******************************
Suspicious:Registry Run
Launch As Cmd Runner="D:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg
******************************
Suspicious:Registry Run
Ask and Record FLV Service="D:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
FLV Service for Ask and Record Toolbar Applian Technologies, Inc. Applian Technologies, Inc. FLVSrvc 1, 1, 0, 0
******************************
Suspicious:Registry Run
Corel File Shell Monitor=D:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
******************************
Suspicious:Registry Run
Six Engine="D:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
1.0.0.0
******************************
Suspicious:Registry Run
BDAgent="D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
BitDefender Agent BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Running Processes
SteelVine.exe=D:\PROGRAM FILES\ASUS\DRIVE XPERT\STEELVINE.EXE
******************************
Suspicious:Running Processes
WLService.exe=D:\PROGRAM FILES\WIRELESS 802.11G MONITOR\WLSERVICE.EXE
******************************
Suspicious:Running Processes
WLanCfgG.exe=D:\PROGRAM FILES\WIRELESS 802.11G MONITOR\WLANCFGG.EXE
******************************
Suspicious:Running Processes
AiNap.exe=D:\PROGRAM FILES\ASUS\AI SUITE\AINAP\AINAP.EXE
******************************
Suspicious:Running Processes
CorelIOMonitor.exe=D:\PROGRAM FILES\COREL\COREL MEDIAONE\CORELIOMONITOR.EXE
******************************
Suspicious:Running Processes
waol.exe=D:\PROGRAM FILES\AOL 9.0 VR\WAOL.EXE
******************************
Suspicious:Running Processes
shellmon.exe=D:\PROGRAM FILES\AOL 9.0 VR\SHELLMON.EXE
******************************
Warnings:Drivers
mc25.tmp=D:\WINDOWS\TEMP\MC25.TMP
******************************
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:12:44:34
Prohibited:3 Suspicious:25 Warnings:1
Prohibited:Auto Services
ProtexisLicensing=D:\WINDOWS\system32\PSIService.exe
Internal Name: ProtexisLicensing. Status: service running. Actual File: D:\WINDOWS\system32\PSIService.exe * Protexis Licensing Service nTitles PSIService PSIService 2.0.0.1
******************************
Prohibited:Running Processes
PSIService.exe=D:\WINDOWS\SYSTEM32\PSISERVICE.EXE
nTitles PSIService PSIService 2.0.0.1
******************************
Prohibited:Running Processes
ccc.exe=D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE
Catalyst Control Centre: Host application ATI Technologies Inc. Catalyst Control Centre 2.0.0.0
******************************
Suspicious:Toolbars
{381FFDE8-2394-4f90-B10D-FC6124A40F8C}=D:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
BitDefender IE Toolbar Bitdefender BitDefender IE Toolbar 11.0.0.16
******************************
Suspicious:Auto Services
57xx SteelVine Manager=D:\Program Files\ASUS\Drive Xpert\SteelVine.exe
Internal Name: 57xx SteelVine Manager. Status: service running. Actual File: D:\Program Files\ASUS\Drive Xpert\SteelVine.exe * SteelVine Volume Management Service
******************************
Suspicious:Auto Services
ASKUpgrade=D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
Internal Name: ASKUpgrade. Status: service stopped. Actual File: D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe * ASK ToolBar Upgrade Engine
******************************
Suspicious:Auto Services
FreeAgentGoNext Service="D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe"
Internal Name: FreeAgentGoNext Service. Status: service running. Actual File: "D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe" * Seagate Service Sync Windows Services Seagate Technology LLC Sync 4, 7, 0, 1
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
Suspicious:Registry Run
AOLSAV=D:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
Agent TechCity Solutions France TechCity Solutions France Agent 1.0.0.1766
******************************
Suspicious:Registry Run
Ai Nap="D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
******************************
Suspicious:Registry Run
QFan Help="D:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
1.0.0.0
******************************
Suspicious:Registry Run
Cpu Level Up help=D:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
1.0.0.0
******************************
Suspicious:Registry Run
Launch Direct Link="D:\Program Files\ASUS\AI Direct Link\AsShare.exe"
1.0.0.0
******************************
Suspicious:Registry Run
Launch As Cmd Runner="D:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg
******************************
Suspicious:Registry Run
Ask and Record FLV Service="D:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
FLV Service for Ask and Record Toolbar Applian Technologies, Inc. Applian Technologies, Inc. FLVSrvc 1, 1, 0, 0
******************************
Suspicious:Registry Run
Corel File Shell Monitor=D:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
******************************
Suspicious:Registry Run
Six Engine="D:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
1.0.0.0
******************************
Suspicious:Registry Run
BDAgent="D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
BitDefender Agent BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Running Processes
SteelVine.exe=D:\PROGRAM FILES\ASUS\DRIVE XPERT\STEELVINE.EXE
******************************
Suspicious:Running Processes
WLService.exe=D:\PROGRAM FILES\WIRELESS 802.11G MONITOR\WLSERVICE.EXE
******************************
Suspicious:Running Processes
WLanCfgG.exe=D:\PROGRAM FILES\WIRELESS 802.11G MONITOR\WLANCFGG.EXE
******************************
Suspicious:Running Processes
AiNap.exe=D:\PROGRAM FILES\ASUS\AI SUITE\AINAP\AINAP.EXE
******************************
Suspicious:Running Processes
CorelIOMonitor.exe=D:\PROGRAM FILES\COREL\COREL MEDIAONE\CORELIOMONITOR.EXE
******************************
Suspicious:Running Processes
waol.exe=D:\PROGRAM FILES\AOL 9.0 VR\WAOL.EXE
******************************
Suspicious:Running Processes
shellmon.exe=D:\PROGRAM FILES\AOL 9.0 VR\SHELLMON.EXE
******************************
Warnings:Drivers
mc25.tmp=D:\WINDOWS\TEMP\MC25.TMP
******************************
-------------------------------------------------------
Terminate:D:\PROGRAM FILES\WIRELESS 802.11G. Unknown error
Safe Deleting:D:\PROGRAM FILES\WIRELESS 802.11G. You must restart your computer to fully delete this file.
Terminate:D:\PROGRAM FILES\WIRELESS 802.11G. Unknown error
Safe Deleting:D:\PROGRAM FILES\WIRELESS 802.11G. You must restart your computer to fully delete this file.
Terminate:D:\WINDOWS\TEMP\MC25.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC25.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Auto Services. R54G Wireless Service=D:\Program Files\Wireless 802.11g Monitor\WLService.exe
Safe Deleting:D:\PROGRAM FILES\WIRELESS 802.11G. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc25.tmp=D:\WINDOWS\TEMP\MC25.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC25.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc25.tmp=D:\WINDOWS\TEMP\MC25.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC25.TMP. You must restart your computer to fully delete this file.
Delete Marked Items In memory->Running Services. R54G Wireless Service=D:\Program Files\Wireless 802.11g Monitor\WLService.exe
Safe Deleting:D:\PROGRAM FILES\WIRELESS 802.11G. You must restart your computer to fully delete this file.
Anti Spyware... Start check 19.07.2009 at:12:57:31
Prohibited:3 Suspicious:6 Warnings:0
Prohibited:Services detected by Partizan
catchme=\??\D:\DOCUME~1\pedroo\LOCALS~1\Temp\catchme.sys
Driver Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
******************************
Prohibited:Services detected by Partizan
mchInjDrv=\??\D:\WINDOWS\TEMP\mc25.tmp
File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
******************************
Prohibited:Services detected by Partizan
R54G Wireless Service=D:\Program Files\Wireless 802.11g Monitor\WLService.exe
File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
Suspicious:Services detected by Partizan
Profos=\??\D:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys
Driver Profos Start Type: loaded manually on demand
******************************
Suspicious:Services detected by Partizan
Trufos=\??\D:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys
Driver Trufos Start Type: loaded manually on demand
******************************
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:13:00:26
Prohibited:1 Suspicious:6 Warnings:0
Prohibited:Services detected by Partizan
catchme=\??\D:\DOCUME~1\pedroo\LOCALS~1\Temp\catchme.sys
Driver Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
Suspicious:Services detected by Partizan
Profos=\??\D:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys
Driver Profos Start Type: loaded manually on demand
******************************
Suspicious:Services detected by Partizan
Trufos=\??\D:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys
Driver Trufos Start Type: loaded manually on demand
******************************
-------------------------------------------------------
Terminate:D:\DOCUME~1\PEDROO\LOCALS~1\TEMP\CATCHME.SYS. Unknown error
Safe Deleting:D:\DOCUME~1\PEDROO\LOCALS~1\TEMP\CATCHME.SYS. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Services detected by Partizan. catchme=\??\D:\DOCUME~1\pedroo\LOCALS~1\Temp\catchme.sys
The service has been marked for deletion->Partizan:catchme
Anti Spyware... Start check 19.07.2009 at:13:04:35
Prohibited:0 Suspicious:4 Warnings:0
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:13:05:38
Prohibited:0 Suspicious:4 Warnings:0
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Start check 19.07.2009 at:13:06:56
Anti Spyware... Start check 19.07.2009 at:13:09:05
Prohibited:0 Suspicious:4 Warnings:1
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
Warnings:Drivers
mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Anti Spyware... Start check 19.07.2009 at:13:12:03
Prohibited:1 Suspicious:4 Warnings:0
Prohibited:Drivers
mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Anti Spyware... Start check 19.07.2009 at:13:13:23
Prohibited:1 Suspicious:4 Warnings:0
Prohibited:Drivers
mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Anti Spyware... Start check 19.07.2009 at:13:14:44
Prohibited:1 Suspicious:4 Warnings:0
Prohibited:Drivers
mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
End check at:13:19:17
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:13:23:01
Prohibited:1 Suspicious:4 Warnings:0
Prohibited:Services detected by Partizan
mchInjDrv=\??\D:\WINDOWS\TEMP\mc220.tmp
File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:13:32:10
Prohibited:0 Suspicious:4 Warnings:0
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Start check 19.07.2009 at:13:38:42
Anti Spyware... Start check 19.07.2009 at:13:39:47
Prohibited:1 Suspicious:4 Warnings:0
Prohibited:Drivers
mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
End check at:13:41:04
-------------------------------------------------------
Start check 19.07.2009 at:14:23:18
Anti Spyware... Start check 19.07.2009 at:14:24:19
Prohibited:1 Suspicious:4 Warnings:0
Prohibited:Drivers
mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
******************************
Suspicious:Auto Services
JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
******************************
Suspicious:Auto Services
LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
******************************
Suspicious:Auto Services
VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
******************************
Suspicious:Auto Services
XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
It is good for me!:D:\PROGRAM FILES\JAVA\JRE6\BIN\JQS.EXE
It is good for me!:D:\PROGRAM FILES\FICHIERS COMMUNS\BITDEFENDER\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
It is good for me!:D:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2008\VSSERV.EXE
It is good for me!:D:\PROGRAM FILES\FICHIERS COMMUNS\BITDEFENDER\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
End check at:14:24:53
-------------------------------------------------------
Start check 19.07.2009 at:14:24:59
End check at:14:25:05
-------------------------------------------------------
Start check 19.07.2009 at:14:49:50
End check at:14:49:56
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:14:50:45
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Drivers
mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
Anti Spyware... Start check 19.07.2009 at:14:51:23
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Drivers
mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
******************************
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:14:54:52
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Services detected by Partizan
mchInjDrv=\??\D:\WINDOWS\TEMP\mc220.tmp
File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
******************************
-------------------------------------------------------
Start check 19.07.2009 at:17:12:55
End check at:17:13:01
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:17:13:38
Prohibited:0 Suspicious:0 Warnings:1
Warnings:Drivers
mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC21E.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
Anti Spyware... Start check 19.07.2009 at:17:14:50
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Drivers
mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
******************************
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:17:16:13
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Drivers
mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
******************************
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:17:19:04
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Services detected by Partizan
mchInjDrv=\??\D:\WINDOWS\TEMP\mc21E.tmp
File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC21E.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Services detected by Partizan. mchInjDrv=\??\D:\WINDOWS\TEMP\mc21E.tmp
The service has been marked for deletion->Partizan:mchInjDrv
Start check 19.07.2009 at:17:33:41
The changes found in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-------------------------------------------------------
"D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
D:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
D:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
"D:\Program Files\QuickTime\qttask.exe" -atboottime
"D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
"D:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
D:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
"D:\Program Files\ASUS\AI Direct Link\AsShare.exe"
"D:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg
"D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"D:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
"D:\Program Files\Java\jre6\bin\jusched.exe"
D:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
RTHDCPL.EXE
"D:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
"D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
- D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
D:\WINDOWS\winbait.exe
D:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
-------------------------------------------------------
The changes found in HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-------------------------------------------------------
D:\WINDOWS\system32\ctfmon.exe
"D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
- "D:\Program Files\AOL 9.0 VR\AOL.EXE" -b
D:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
"D:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "D:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
-------------------------------------------------------
End check at:17:36:05
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:17:36:58
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Drivers
mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
******************************
-------------------------------------------------------
Terminate:D:\WINDOWS\TEMP\MC21E.TMP. Unknown error
Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Drivers. mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
Anti Spyware... Start check 19.07.2009 at:17:38:04
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Drivers
mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
******************************
-------------------------------------------------------
Start check 19.07.2009 at:17:40:14
End check at:17:40:19
-------------------------------------------------------
Anti Spyware... Start check 19.07.2009 at:17:40:56
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Drivers
mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
******************************
-------------------------------------------------------
Could not start service
Anti Spyware... Start check 19.07.2009 at:17:45:30
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Services detected by Partizan
mchInjDrv=\??\D:\WINDOWS\TEMP\mc21E.tmp
File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
******************************
-------------------------------------------------------
Could not start service
Start check 19.07.2009 at:17:57:45
End check at:17:57:53
-------------------------------------------------------
Start check 19.07.2009 at:18:00:25
End check at:18:00:30
-------------------------------------------------------
Start check 19.07.2009 at:20:27:42
End check at:20:28:02
-------------------------------------------------------
Re,
Voila les autres rapports
1) HIJACK
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:42, on 19/07/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Greatis\RegRunSuite\WatchDog.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
K:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [RegRun WinBait] C:\Windows\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{029773B8-1390-4664-A8F9-199F5833E602}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{029773B8-1390-4664-A8F9-199F5833E602}: NameServer = 212.30.96.108,213.203.124.146
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
Voila les autres rapports
1) HIJACK
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:42, on 19/07/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Greatis\RegRunSuite\WatchDog.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
K:\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [RegRun WinBait] C:\Windows\winbait.exe
O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{029773B8-1390-4664-A8F9-199F5833E602}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{029773B8-1390-4664-A8F9-199F5833E602}: NameServer = 212.30.96.108,213.203.124.146
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
Voila RGG2
Anti Spyware... Start check 18.07.2009 at:11:30:16
Prohibited:1 Suspicious:14 Warnings:0
Prohibited:Running Processes
SysMonitor.exe=C:\ACER\EMPOWERING TECHNOLOGY\SYSMONITOR.EXE
1.0.1.0
******************************
Suspicious:Main File Extensions
.html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
******************************
Suspicious:Auto Services
a2free="C:\Program Files\a-squared Free\a2service.exe"
Internal Name: a2free. Status: service running. Actual File: "C:\Program Files\a-squared Free\a2service.exe" * Scans the PC for unwanted software and provides protection from malicious code a-squared Service Emsi Software GmbH a-squared 4.5.0.0
******************************
Suspicious:Auto Services
Acer HomeMedia Connect Service="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe"
Internal Name: Acer HomeMedia Connect Service. Status: service running. Actual File: "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" * Acer HomeMedia Connect Service. CLMSServer CyberLink CyberLink CLMSServer 1.5.4204
******************************
Suspicious:Auto Services
bdss="C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
Internal Name: bdss. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service * Analyse contre les virus et autres menaces
******************************
Suspicious:Auto Services
CLTNetCnService="c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Internal Name: CLTNetCnService. Status: service stopped. Actual File: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon * Symantec Lic NetConnect Service
******************************
Suspicious:Auto Services
eDataSecurity Service="C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"
Internal Name: eDataSecurity Service. Status: service running. Actual File: "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" * eDSService.exe eDataSecurity Service HiTRSUT eDataSecurity Management 2, 5, 2, 32
******************************
Suspicious:Auto Services
eRecoveryService=C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
Internal Name: eRecoveryService. Status: service running. Actual File: C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe * Acer eRecovery Management eRecoveryService Acer Inc. eRecoveryService 2.5.4.4
******************************
Suspicious:Auto Services
LIVESRV="C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 19
******************************
Suspicious:Auto Services
SBSDWSCService=C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
Internal Name: SBSDWSCService. Status: service running. Actual File: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe * Spybot-S&D Security Center integration Safer Networking Ltd. Spybot - Search & Destroy 1, 5, 2, 0
******************************
Suspicious:Auto Services
Schedule=C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
Internal Name: SBSDWSCService. Status: service running. Actual File: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe * Spybot-S&D Security Center integration Safer Networking Ltd. Spybot - Search & Destroy 1, 5, 2, 0
******************************
Suspicious:Auto Services
VSSERV="C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 157
******************************
Suspicious:Auto Services
XCOMM="C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server SOFTWIN S.R.L Softwin BitDefender Communicator Server 1, 8, 11, 0
******************************
Suspicious:Registry Run
PCMMediaSharing=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
******************************
Suspicious:Registry Run
BDAgent="C:\Program Files\Softwin\BitDefender10\bdagent.exe"
BDAgent Application SOFTWIN S.R.L. Bitdefender 10 10, 2, 0, 16
******************************
-------------------------------------------------------
Terminate:-OSINT. Unknown error
Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
Terminate:-URL. Unknown error
Safe Deleting:-URL. You must restart your computer to fully delete this file.
Terminate:-REQUESTPENDING. Unknown error
Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
Start check 18.07.2009 at:11:38:05
End check at:11:38:10
-------------------------------------------------------
Anti Spyware... Start check 18.07.2009 at:11:42:46
Prohibited:1 Suspicious:6 Warnings:0
Prohibited:Main File Extensions
.html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
******************************
Suspicious:Auto Services
bdss="C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
Internal Name: bdss. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service * Analyse contre les virus et autres menaces
******************************
Suspicious:Auto Services
CLTNetCnService="c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Internal Name: CLTNetCnService. Status: service stopped. Actual File: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon * Symantec Lic NetConnect Service
******************************
Suspicious:Auto Services
LIVESRV="C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 19
******************************
Suspicious:Auto Services
VSSERV="C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 157
******************************
Suspicious:Auto Services
XCOMM="C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server SOFTWIN S.R.L Softwin BitDefender Communicator Server 1, 8, 11, 0
******************************
Suspicious:Registry Run
PCMMediaSharing=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
******************************
-------------------------------------------------------
Terminate:-OSINT. Unknown error
Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
Terminate:-URL. Unknown error
Safe Deleting:-URL. You must restart your computer to fully delete this file.
Terminate:-REQUESTPENDING. Unknown error
Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
Anti Spyware... Start check 18.07.2009 at:11:48:08
Prohibited:1 Suspicious:5 Warnings:0
Prohibited:Main File Extensions
.html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
******************************
Suspicious:Auto Services
bdss="C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
Internal Name: bdss. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service * Analyse contre les virus et autres menaces
******************************
Suspicious:Auto Services
CLTNetCnService="c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Internal Name: CLTNetCnService. Status: service stopped. Actual File: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon * Symantec Lic NetConnect Service
******************************
Suspicious:Auto Services
LIVESRV="C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 19
******************************
Suspicious:Auto Services
VSSERV="C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 157
******************************
Suspicious:Auto Services
XCOMM="C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server SOFTWIN S.R.L Softwin BitDefender Communicator Server 1, 8, 11, 0
******************************
-------------------------------------------------------
Terminate:-OSINT. Unknown error
Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
Terminate:-URL. Unknown error
Safe Deleting:-URL. You must restart your computer to fully delete this file.
Terminate:-REQUESTPENDING. Unknown error
Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
Could not start service
Anti Spyware... Start check 18.07.2009 at:11:52:16
Prohibited:1 Suspicious:5 Warnings:0
Prohibited:Main File Extensions
.html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
******************************
Suspicious:Auto Services
bdss="C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
Internal Name: bdss. Status: service stopped. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service * Analyse contre les virus et autres menaces
******************************
Suspicious:Auto Services
CLTNetCnService="c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Internal Name: CLTNetCnService. Status: service stopped. Actual File: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon * Symantec Lic NetConnect Service
******************************
Suspicious:Auto Services
LIVESRV="C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service stopped. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 19
******************************
Suspicious:Auto Services
VSSERV="C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
Internal Name: VSSERV. Status: service stopped. Actual File: "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 157
******************************
Suspicious:Auto Services
XCOMM="C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service stopped. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server SOFTWIN S.R.L Softwin BitDefender Communicator Server 1, 8, 11, 0
******************************
-------------------------------------------------------
Terminate:-OSINT. Unknown error
Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
Terminate:-URL. Unknown error
Safe Deleting:-URL. You must restart your computer to fully delete this file.
Terminate:-REQUESTPENDING. Unknown error
Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
It is good for me!:C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
It is good for me!:C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSVCHST.EXE
It is good for me!:C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
It is good for me!:C:\PROGRAM FILES\SOFTWIN\BITDEFENDER10\VSSERV.EXE
It is good for me!:C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
Start check 18.07.2009 at:12:04:23
End check at:19:04:41
-------------------------------------------------------
Start check 19.07.2009 at:09:31:44
Anti Spyware... Start check 19.07.2009 at:09:35:08
Prohibited:2 Suspicious:0 Warnings:0
Prohibited:Main File Extensions
.html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
******************************
Prohibited:Services detected by Partizan
catchme=\??\C:\Users\carvalho\AppData\Local\Temp\catchme.sys
Driver Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
******************************
-------------------------------------------------------
Terminate:-OSINT. Unknown error
Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
Terminate:-URL. Unknown error
Safe Deleting:-URL. You must restart your computer to fully delete this file.
Terminate:-REQUESTPENDING. Unknown error
Terminate:C:\USERS\CARVALHO\APPDATA\LOCAL\TEMP\CATCHME.SYS. Unknown error
Safe Deleting:C:\USERS\CARVALHO\APPDATA\LOCAL\TEMP\CATCHME.SYS. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Services detected by Partizan. catchme=\??\C:\Users\carvalho\AppData\Local\Temp\catchme.sys
The service has been marked for deletion->Partizan:catchme
Anti Spyware... Start check 19.07.2009 at:09:38:15
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Main File Extensions
.html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
******************************
-------------------------------------------------------
Terminate:-OSINT. Unknown error
Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
Terminate:-URL. Unknown error
Safe Deleting:-URL. You must restart your computer to fully delete this file.
Terminate:-REQUESTPENDING. Unknown error
Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
Anti Spyware... Start check 19.07.2009 at:09:41:51
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Main File Extensions
.html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
******************************
-------------------------------------------------------
Terminate:%1. Unknown error
Safe Deleting:%1. You must restart your computer to fully delete this file.
Terminate:-OSINT. Unknown error
Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
Terminate:-URL. Unknown error
Safe Deleting:-URL. You must restart your computer to fully delete this file.
Terminate:-REQUESTPENDING. Unknown error
Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
Could not start service
Could not start service
Start check 19.07.2009 at:10:02:09
End check at:10:02:17
-------------------------------------------------------
Could not start service
Start check 19.07.2009 at:10:03:07
End check at:10:03:09
-------------------------------------------------------
Anti Spyware... Start check 18.07.2009 at:11:30:16
Prohibited:1 Suspicious:14 Warnings:0
Prohibited:Running Processes
SysMonitor.exe=C:\ACER\EMPOWERING TECHNOLOGY\SYSMONITOR.EXE
1.0.1.0
******************************
Suspicious:Main File Extensions
.html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
******************************
Suspicious:Auto Services
a2free="C:\Program Files\a-squared Free\a2service.exe"
Internal Name: a2free. Status: service running. Actual File: "C:\Program Files\a-squared Free\a2service.exe" * Scans the PC for unwanted software and provides protection from malicious code a-squared Service Emsi Software GmbH a-squared 4.5.0.0
******************************
Suspicious:Auto Services
Acer HomeMedia Connect Service="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe"
Internal Name: Acer HomeMedia Connect Service. Status: service running. Actual File: "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" * Acer HomeMedia Connect Service. CLMSServer CyberLink CyberLink CLMSServer 1.5.4204
******************************
Suspicious:Auto Services
bdss="C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
Internal Name: bdss. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service * Analyse contre les virus et autres menaces
******************************
Suspicious:Auto Services
CLTNetCnService="c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Internal Name: CLTNetCnService. Status: service stopped. Actual File: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon * Symantec Lic NetConnect Service
******************************
Suspicious:Auto Services
eDataSecurity Service="C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"
Internal Name: eDataSecurity Service. Status: service running. Actual File: "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" * eDSService.exe eDataSecurity Service HiTRSUT eDataSecurity Management 2, 5, 2, 32
******************************
Suspicious:Auto Services
eRecoveryService=C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
Internal Name: eRecoveryService. Status: service running. Actual File: C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe * Acer eRecovery Management eRecoveryService Acer Inc. eRecoveryService 2.5.4.4
******************************
Suspicious:Auto Services
LIVESRV="C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 19
******************************
Suspicious:Auto Services
SBSDWSCService=C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
Internal Name: SBSDWSCService. Status: service running. Actual File: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe * Spybot-S&D Security Center integration Safer Networking Ltd. Spybot - Search & Destroy 1, 5, 2, 0
******************************
Suspicious:Auto Services
Schedule=C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
Internal Name: SBSDWSCService. Status: service running. Actual File: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe * Spybot-S&D Security Center integration Safer Networking Ltd. Spybot - Search & Destroy 1, 5, 2, 0
******************************
Suspicious:Auto Services
VSSERV="C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 157
******************************
Suspicious:Auto Services
XCOMM="C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server SOFTWIN S.R.L Softwin BitDefender Communicator Server 1, 8, 11, 0
******************************
Suspicious:Registry Run
PCMMediaSharing=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
******************************
Suspicious:Registry Run
BDAgent="C:\Program Files\Softwin\BitDefender10\bdagent.exe"
BDAgent Application SOFTWIN S.R.L. Bitdefender 10 10, 2, 0, 16
******************************
-------------------------------------------------------
Terminate:-OSINT. Unknown error
Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
Terminate:-URL. Unknown error
Safe Deleting:-URL. You must restart your computer to fully delete this file.
Terminate:-REQUESTPENDING. Unknown error
Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
Start check 18.07.2009 at:11:38:05
End check at:11:38:10
-------------------------------------------------------
Anti Spyware... Start check 18.07.2009 at:11:42:46
Prohibited:1 Suspicious:6 Warnings:0
Prohibited:Main File Extensions
.html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
******************************
Suspicious:Auto Services
bdss="C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
Internal Name: bdss. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service * Analyse contre les virus et autres menaces
******************************
Suspicious:Auto Services
CLTNetCnService="c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Internal Name: CLTNetCnService. Status: service stopped. Actual File: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon * Symantec Lic NetConnect Service
******************************
Suspicious:Auto Services
LIVESRV="C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 19
******************************
Suspicious:Auto Services
VSSERV="C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 157
******************************
Suspicious:Auto Services
XCOMM="C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server SOFTWIN S.R.L Softwin BitDefender Communicator Server 1, 8, 11, 0
******************************
Suspicious:Registry Run
PCMMediaSharing=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
******************************
-------------------------------------------------------
Terminate:-OSINT. Unknown error
Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
Terminate:-URL. Unknown error
Safe Deleting:-URL. You must restart your computer to fully delete this file.
Terminate:-REQUESTPENDING. Unknown error
Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
Anti Spyware... Start check 18.07.2009 at:11:48:08
Prohibited:1 Suspicious:5 Warnings:0
Prohibited:Main File Extensions
.html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
******************************
Suspicious:Auto Services
bdss="C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
Internal Name: bdss. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service * Analyse contre les virus et autres menaces
******************************
Suspicious:Auto Services
CLTNetCnService="c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Internal Name: CLTNetCnService. Status: service stopped. Actual File: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon * Symantec Lic NetConnect Service
******************************
Suspicious:Auto Services
LIVESRV="C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 19
******************************
Suspicious:Auto Services
VSSERV="C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
Internal Name: VSSERV. Status: service running. Actual File: "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 157
******************************
Suspicious:Auto Services
XCOMM="C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server SOFTWIN S.R.L Softwin BitDefender Communicator Server 1, 8, 11, 0
******************************
-------------------------------------------------------
Terminate:-OSINT. Unknown error
Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
Terminate:-URL. Unknown error
Safe Deleting:-URL. You must restart your computer to fully delete this file.
Terminate:-REQUESTPENDING. Unknown error
Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
Could not start service
Anti Spyware... Start check 18.07.2009 at:11:52:16
Prohibited:1 Suspicious:5 Warnings:0
Prohibited:Main File Extensions
.html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
******************************
Suspicious:Auto Services
bdss="C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
Internal Name: bdss. Status: service stopped. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service * Analyse contre les virus et autres menaces
******************************
Suspicious:Auto Services
CLTNetCnService="c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
Internal Name: CLTNetCnService. Status: service stopped. Actual File: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon * Symantec Lic NetConnect Service
******************************
Suspicious:Auto Services
LIVESRV="C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
Internal Name: LIVESRV. Status: service stopped. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 19
******************************
Suspicious:Auto Services
VSSERV="C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
Internal Name: VSSERV. Status: service stopped. Actual File: "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 157
******************************
Suspicious:Auto Services
XCOMM="C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
Internal Name: XCOMM. Status: service stopped. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server SOFTWIN S.R.L Softwin BitDefender Communicator Server 1, 8, 11, 0
******************************
-------------------------------------------------------
Terminate:-OSINT. Unknown error
Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
Terminate:-URL. Unknown error
Safe Deleting:-URL. You must restart your computer to fully delete this file.
Terminate:-REQUESTPENDING. Unknown error
Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
It is good for me!:C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
It is good for me!:C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSVCHST.EXE
It is good for me!:C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
It is good for me!:C:\PROGRAM FILES\SOFTWIN\BITDEFENDER10\VSSERV.EXE
It is good for me!:C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
Start check 18.07.2009 at:12:04:23
End check at:19:04:41
-------------------------------------------------------
Start check 19.07.2009 at:09:31:44
Anti Spyware... Start check 19.07.2009 at:09:35:08
Prohibited:2 Suspicious:0 Warnings:0
Prohibited:Main File Extensions
.html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
******************************
Prohibited:Services detected by Partizan
catchme=\??\C:\Users\carvalho\AppData\Local\Temp\catchme.sys
Driver Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
******************************
-------------------------------------------------------
Terminate:-OSINT. Unknown error
Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
Terminate:-URL. Unknown error
Safe Deleting:-URL. You must restart your computer to fully delete this file.
Terminate:-REQUESTPENDING. Unknown error
Terminate:C:\USERS\CARVALHO\APPDATA\LOCAL\TEMP\CATCHME.SYS. Unknown error
Safe Deleting:C:\USERS\CARVALHO\APPDATA\LOCAL\TEMP\CATCHME.SYS. You must restart your computer to fully delete this file.
Delete Marked Items Kernel Auto Boot->Services detected by Partizan. catchme=\??\C:\Users\carvalho\AppData\Local\Temp\catchme.sys
The service has been marked for deletion->Partizan:catchme
Anti Spyware... Start check 19.07.2009 at:09:38:15
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Main File Extensions
.html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
******************************
-------------------------------------------------------
Terminate:-OSINT. Unknown error
Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
Terminate:-URL. Unknown error
Safe Deleting:-URL. You must restart your computer to fully delete this file.
Terminate:-REQUESTPENDING. Unknown error
Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
Anti Spyware... Start check 19.07.2009 at:09:41:51
Prohibited:1 Suspicious:0 Warnings:0
Prohibited:Main File Extensions
.html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
******************************
-------------------------------------------------------
Terminate:%1. Unknown error
Safe Deleting:%1. You must restart your computer to fully delete this file.
Terminate:-OSINT. Unknown error
Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
Terminate:-URL. Unknown error
Safe Deleting:-URL. You must restart your computer to fully delete this file.
Terminate:-REQUESTPENDING. Unknown error
Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
Could not start service
Could not start service
Start check 19.07.2009 at:10:02:09
End check at:10:02:17
-------------------------------------------------------
Could not start service
Start check 19.07.2009 at:10:03:07
End check at:10:03:09
-------------------------------------------------------
fabul
Messages postés
39602
Date d'inscription
dimanche 18 janvier 2009
Statut
Modérateur
Dernière intervention
25 janvier 2025
5 472
20 juil. 2009 à 02:22
20 juil. 2009 à 02:22
Si tu veux,démarre regrun,dans l'onglet security,clic sur check for rootkit/check me now,
si il y a quelque chose a supprimer,utilise terminate et reboot now
ensuite,supprime le log rr2log,va dans l'onglet Startup/Start control,et ferme les fenètres jusqu'a ce qu'apparaisse la fenètre "regrun user assistant" clic sur scan for viruses,coche la case "use deep level scanning once" et clic sur reboot pour redémarrer,si tu voit quelque chose qui te tracasse,poste la chose en question,
NOTE:Quand l'évaluation de 30 jour tirera a sa fin ou lors que tu décidera de le désinstaller,utilise dans cette mème fenètre "regrun user assistant" l'onglet "Uninstall Partizan".ensuite,désinstalle regrun.
et fais un scan malwarebytes.
ps:ton log hijackthis paraissait assez normal a part ceci.
tu a utilisé msconfig avant?
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
et cela.
O17 - HKLM\System\CCS\Services\Tcpip\..\{029773B8-1390-4664-A8F9-199F5833E602}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{029773B8-1390-4664-A8F9-199F5833E602}: NameServer = 212.30.96.108,213.203.124.146
je crois que tu pourrait fixer ces lignes avec hijackthis.
si quelqu'un d'autre a un avis,
si il y a quelque chose a supprimer,utilise terminate et reboot now
ensuite,supprime le log rr2log,va dans l'onglet Startup/Start control,et ferme les fenètres jusqu'a ce qu'apparaisse la fenètre "regrun user assistant" clic sur scan for viruses,coche la case "use deep level scanning once" et clic sur reboot pour redémarrer,si tu voit quelque chose qui te tracasse,poste la chose en question,
NOTE:Quand l'évaluation de 30 jour tirera a sa fin ou lors que tu décidera de le désinstaller,utilise dans cette mème fenètre "regrun user assistant" l'onglet "Uninstall Partizan".ensuite,désinstalle regrun.
et fais un scan malwarebytes.
ps:ton log hijackthis paraissait assez normal a part ceci.
tu a utilisé msconfig avant?
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
et cela.
O17 - HKLM\System\CCS\Services\Tcpip\..\{029773B8-1390-4664-A8F9-199F5833E602}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CCS\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: NameServer = 212.30.96.108,213.203.124.146
O17 - HKLM\System\CS1\Services\Tcpip\..\{029773B8-1390-4664-A8F9-199F5833E602}: NameServer = 212.30.96.108,213.203.124.146
je crois que tu pourrait fixer ces lignes avec hijackthis.
si quelqu'un d'autre a un avis,
