Virus
king13-13
Messages postés
55
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
Voila mon antivirus ( antivir ) mannonce que j'ai plusieur virus :
TR/Vundo.gen
Voici le scan :
Logfile of HijackThis v1.99.1
Scan saved at 23:42:55, on 14/08/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\KaIzZ`\Program Files\DNA\btdna.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\TeamSpeak3\TeamSpeak.exe
C:\Windows\system32\rundll32.exe
C:\Users\KaIzZ`\Program Files\BitTorrent\BitTorrent.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Users\KaIzZ`\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfDtSli.dll,#1
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\KaIzZ`\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\KaIzZ`\AppData\Local\Temp\ljJDWPHb.dll,#1
O4 - HKCU\..\Run: [BM6f31460d] Rundll32.exe "C:\Users\KaIzZ`\AppData\Local\Temp\tsmyibrf.dll",s
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\KaIzZ`\AppData\Local\Temp\xxyyvVlk.dll,c
O4 - HKCU\..\Run: [6c027591] rundll32.exe "C:\Users\KaIzZ`\AppData\Local\Temp\aasqrtje.dll",b
O4 - Startup: adidas OM Widget.lnk = C:\Program Files\adidas OM Widget\adidas OM Widget.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
Voila mon antivirus ( antivir ) mannonce que j'ai plusieur virus :
TR/Vundo.gen
Voici le scan :
Logfile of HijackThis v1.99.1
Scan saved at 23:42:55, on 14/08/2008
Platform: Unknown Windows (WinNT 6.00.1905 SP1)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Razer\Diamondback 3G\razerhid.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\KaIzZ`\Program Files\DNA\btdna.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\TeamSpeak3\TeamSpeak.exe
C:\Windows\system32\rundll32.exe
C:\Users\KaIzZ`\Program Files\BitTorrent\BitTorrent.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Valve\Steam\Steam.exe
C:\Users\KaIzZ`\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Diamondback] C:\Program Files\Razer\Diamondback 3G\razerhid.exe
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfDtSli.dll,#1
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\KaIzZ`\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\KaIzZ`\AppData\Local\Temp\ljJDWPHb.dll,#1
O4 - HKCU\..\Run: [BM6f31460d] Rundll32.exe "C:\Users\KaIzZ`\AppData\Local\Temp\tsmyibrf.dll",s
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\KaIzZ`\AppData\Local\Temp\xxyyvVlk.dll,c
O4 - HKCU\..\Run: [6c027591] rundll32.exe "C:\Users\KaIzZ`\AppData\Local\Temp\aasqrtje.dll",b
O4 - Startup: adidas OM Widget.lnk = C:\Program Files\adidas OM Widget\adidas OM Widget.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCM Media Sharing.lnk = C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Unknown owner - C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
A voir également:
- Virus
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
4 réponses
Salut,
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
bonjour, avant d'aller plus loin il y a deux chose la première est que ta version hijackthis n'est plus d'actualité elle est périmée tu la désinstalles et tu refais un nouveau hijackthis et puis tu as la présence de deux antivirus avast et antivir il faudrait désinstaller celui qui ne te sert plus
postes un rapport hijackthis
HijackThis est un outil développé par merijn, capable de détecter les composants ajoutés à votre navigateur, les programmes lancés au démarrage du système, etc. Le programme vous permet de consulter tous les éléments et éventuellement de les retirer de l'ordinateur. HijackThis est, par exemple, en mesure de forcer le changement de la page d'accueil. Cette fonction est particulièrement utile lorsque votre navigateur ne vous permet plus de modifier la page d'accueil car un site se l'est appropriée ! Le logiciel peut également enregistrer des paramètres par défaut et ignorer certains éléments définis.
télécharge Hijackthis : http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
.cliques sur download
.cliques sur download Hijackthis installer
.enregistres le sur le bureau
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.installes le , il va s'installer par défaut dans C:\Program Files\Trend Micro\HijackThis
.Cliques sur "Do a system scan and save the logfile"
.Cela va t'ouvrir un bloc note à la fin du scan.
.Copie son contenu et poste le dans ton prochain message. sinon le rapport est dans C:\Program Files\Trend Micro\HijackThis\ hijackthis "document texte"
des expliquations en images : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
postes un rapport hijackthis
HijackThis est un outil développé par merijn, capable de détecter les composants ajoutés à votre navigateur, les programmes lancés au démarrage du système, etc. Le programme vous permet de consulter tous les éléments et éventuellement de les retirer de l'ordinateur. HijackThis est, par exemple, en mesure de forcer le changement de la page d'accueil. Cette fonction est particulièrement utile lorsque votre navigateur ne vous permet plus de modifier la page d'accueil car un site se l'est appropriée ! Le logiciel peut également enregistrer des paramètres par défaut et ignorer certains éléments définis.
télécharge Hijackthis : http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
.cliques sur download
.cliques sur download Hijackthis installer
.enregistres le sur le bureau
.Tu fermes tout les programmes ouverts y compris le navigateur. sauf ton anti-virus et pare-feux
.installes le , il va s'installer par défaut dans C:\Program Files\Trend Micro\HijackThis
.Cliques sur "Do a system scan and save the logfile"
.Cela va t'ouvrir un bloc note à la fin du scan.
.Copie son contenu et poste le dans ton prochain message. sinon le rapport est dans C:\Program Files\Trend Micro\HijackThis\ hijackthis "document texte"
des expliquations en images : http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
Re , Voili Voilou :
ComboFix 08-08-14.01 - KaIzZ` 2008-08-15 0:05:57.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2094 [GMT 2:00]
Endroit: C:\Users\KaIzZ`\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\KaIzZ`\AppData\Local\Temp\aasqrtje.dll
C:\Users\KaIzZ`\AppData\Local\Temp\tsmyibrf.dll
C:\Windows\system32\awTliJab.dll
C:\Windows\system32\cbXRIbCV.dll
C:\Windows\system32\fccBtRJA.dll
C:\Windows\system32\khfDtSli.dll
D:\install.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-14 to 2008-08-14 ))))))))))))))))))))))))))))))))))))
.
2008-08-15 00:03 . 2008-08-15 00:04 <REP> d-------- C:\327882R2FWJFW
2008-08-14 23:22 . 2008-08-14 23:22 <REP> d-------- C:\Users\All Users\Avira
2008-08-14 23:22 . 2008-08-14 23:22 <REP> d-------- C:\ProgramData\Avira
2008-08-14 23:22 . 2008-08-14 23:22 <REP> d-------- C:\Program Files\Avira
2008-08-14 11:46 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-14 01:44 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 01:44 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-14 01:44 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 01:38 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-14 01:18 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 00:37 . 2008-08-14 00:39 <REP> d-------- C:\Users\KaIzZ`\Program Files
2008-08-13 20:09 . 2008-08-13 20:10 <REP> d-------- C:\Program Files\BitTorrent Ultra Accelerator
2008-08-13 17:57 . 2008-08-15 00:08 <REP> d-------- C:\Users\KaIzZ`\AppData\Roaming\DNA
2008-08-13 17:57 . 2008-08-14 23:50 <REP> d-------- C:\Users\KaIzZ`\AppData\Roaming\BitTorrent
2008-08-13 17:57 . 2008-08-13 17:57 <REP> d-------- C:\Program Files\DNA
2008-08-13 17:57 . 2008-08-13 17:57 <REP> d-------- C:\Program Files\BitTorrent
2008-08-13 17:54 . 2008-08-13 17:54 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-13 17:22 . 2008-08-13 17:25 <REP> d-------- C:\Program Files\GameSpy Arcade
2008-08-13 17:13 . 2008-08-13 17:13 <REP> d-------- C:\Program Files\Sierra
2008-08-13 17:08 . 2008-08-13 17:08 <REP> d-------- C:\Program Files\MagicPic4
2008-08-08 11:15 . 2008-08-08 11:15 <REP> d-------- C:\cstrike
2008-08-08 10:56 . 2008-08-08 10:56 315,908 --a------ C:\Windows\CSSBScript - Version Full Uninstaller.exe
2008-08-07 15:06 . 2008-08-07 15:06 <REP> d-------- C:\Users\KaIzZ`\AppData\Roaming\com.adidas.widget.8DD3787205A936F604775F360BF9EE211D39EC38.1
2008-08-07 15:06 . 2008-08-07 15:06 <REP> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-03 15:02 . 2008-08-03 15:03 <REP> d-------- C:\Program Files\PopCap Games
2008-08-02 20:43 . 2008-08-02 20:43 <REP> d-------- C:\Program Files\Sun
2008-08-02 20:06 . 2008-08-02 20:06 252,713,458 --a------ C:\Windows\MEMORY.DMP
2008-08-02 13:08 . 2008-08-03 18:05 <REP> d-------- C:\Users\All Users\TrackMania
2008-08-02 13:08 . 2008-08-03 18:05 <REP> d-------- C:\ProgramData\TrackMania
2008-07-30 20:31 . 2008-07-30 21:17 <REP> d-------- C:\Users\All Users\Skype
2008-07-30 20:31 . 2008-07-30 21:17 <REP> d-------- C:\ProgramData\Skype
2008-07-24 16:32 . 2008-07-24 16:32 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-07-22 19:28 . 2008-07-22 19:28 <REP> d-------- C:\Program Files\KONAMI
2008-07-22 19:24 . 2008-07-22 19:24 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-07-22 19:24 . 2008-07-22 19:24 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-07-22 19:24 . 2008-07-22 19:24 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-22 18:59 . 2008-07-22 18:59 <REP> d-------- C:\Users\KaIzZ`\AppData\Roaming\DAEMON Tools
2008-07-22 18:59 . 2008-07-22 18:59 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-07-22 17:04 . 2008-07-22 17:04 <REP> d-------- C:\Program Files\CCleaner
2008-07-17 22:38 . 2008-07-17 22:38 <REP> d-------- C:\Program Files\Sony Setup
2008-07-14 00:49 . 2008-07-31 18:32 <REP> d-------- C:\Users\KaIzZ`\AppData\Roaming\Mumble
2008-07-14 00:48 . 2008-07-14 00:49 <REP> d-------- C:\Program Files\Mumble
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 20:44 --------- d-----w C:\Users\KaIzZ`\AppData\Roaming\LimeWire
2008-08-14 19:27 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 09:46 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-13 15:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-08 13:13 --------- d-----w C:\Users\KaIzZ`\AppData\Roaming\FileZilla
2008-08-06 20:33 --------- d-----w C:\Users\KaIzZ`\AppData\Roaming\teamspeak2
2008-08-05 21:19 --------- d-----w C:\Users\KaIzZ`\AppData\Roaming\mIRC
2008-08-04 17:04 136,888 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-08-02 18:43 --------- d-----w C:\Program Files\Java
2008-07-31 11:44 --------- d-----w C:\Program Files\Common Files\Steam
2008-07-22 15:04 --------- d-----w C:\Program Files\Yahoo!
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-11 19:55 --------- d-----w C:\Program Files\TeamSpeak3
2008-07-09 17:51 --------- d-----w C:\Users\KaIzZ`\AppData\Roaming\InstallShield
2008-07-09 17:51 --------- d-----w C:\Program Files\Razer
2008-07-08 23:18 22,328 ----a-w C:\Users\KaIzZ`\AppData\Roaming\PnkBstrK.sys
2008-07-08 23:03 --------- d-----w C:\Program Files\Activision
2008-07-03 16:45 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-03 15:44 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-28 21:53 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-06-27 17:28 --------- d-----w C:\ProgramData\CheckPoint
2008-06-15 22:11 --------- d-----w C:\Users\KaIzZ`\AppData\Roaming\Digital Joy
2008-06-14 11:15 174 --sha-w C:\Program Files\desktop.ini
2008-06-14 11:09 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-14 11:09 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-14 11:09 --------- d-----w C:\Program Files\Windows Journal
2008-06-14 11:09 --------- d-----w C:\Program Files\Windows Defender
2008-06-14 11:09 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-14 11:09 --------- d-----w C:\Program Files\Windows Calendar
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-10 20:17 84 ----a-w C:\Users\KaIzZ`\AppData\Roaming\wklnhst.dat
2008-06-05 21:31 74,752 ----a-w C:\Windows\ST6UNST.EXE
2008-06-05 21:31 253,952 ------w C:\Windows\Setup1.exe
2008-05-28 23:04 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-28 23:04 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-28 23:04 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-28 23:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-17 14:20 490952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"BitTorrent DNA"="C:\Users\KaIzZ`\Program Files\DNA\btdna.exe" [2008-08-14 00:37 341824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"Diamondback"="C:\Program Files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 14:07 147456]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 09:38 4390912 C:\Windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-24 14:53:40 528384]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-04-24 14:32:04 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F95798C9-BF0A-4D20-BD7C-6B38E7FF9FEE}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{A5333138-7820-4A45-A0F8-9FD93BB4D627}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{D585109C-A3E9-47A0-B1F8-BEF827E9F6D7}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{31A60708-F002-42F4-9908-B33BD16550DD}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{932D4E56-6D5F-4909-A913-8B5947834283}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{B4E3A7E7-6249-4309-B05F-B68B9B030828}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{383C1570-BA3C-4015-8188-2C4B6D3284C4}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{96FB5B8F-6D95-4F7A-809C-7952FC936ACB}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{4FF06BD9-4370-4B76-ACF7-40542F1CF716}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{A3545E1B-C746-447F-9041-B38D5406AB1D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B27F2B2A-F1C3-4E65-8725-F857C07B7BEF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BBF0272F-F7B6-4B87-9533-740238F091DE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{0A5C080A-BB08-4A76-8128-384B08D07D4D}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{DF89A78A-2D21-4CCC-8D09-C39BCBBE855D}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{A928C0D0-859C-40F8-86F0-04B176E0DAC3}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{5977C167-4B71-4DAB-8A2D-2B3B11C2690A}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{172012A8-11FB-4E0F-8395-11CFE16758C3}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\counter-strike source\hl2.exe:hl2
"UDP Query User{3538A696-16CC-4999-B0CB-9D7B6147003F}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\counter-strike source\hl2.exe:hl2
"TCP Query User{54617CD7-1C9E-46EC-A205-CD09A0A4EFCD}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{CFD5C1E7-2445-4CC1-A922-6EE2B62DD9F5}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{2A1EEC47-86C4-4DD5-8878-4730377A2F20}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\condition zero\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{174D049A-4DDA-43F7-BF68-8468B0C12585}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\condition zero\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{7F14E439-E500-4B4F-A1E6-1971B4A39C6A}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\day of defeat\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{D92689E8-7183-454D-9FEF-4620DC936EEF}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\day of defeat\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\day of defeat\hl.exe:Half-Life Launcher
"{F87767AA-AC42-45BC-9E8A-FE1C0CAEAA7F}"= UDP:27015:sd
"TCP Query User{C35EBAC0-9E5F-4165-9583-157924576CB7}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{FB89165A-74B9-4541-A7DC-2757AC0DA1E3}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{6414BEE3-330E-4601-9786-CD4A145141DB}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\source dedicated server\\srcds.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\source dedicated server\srcds.exe:srcds
"UDP Query User{60560432-A2D1-4E10-B99A-4214E2261E1A}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\source dedicated server\\srcds.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\source dedicated server\srcds.exe:srcds
"TCP Query User{35657D73-2E6D-4E6F-81A4-5EFB59AE9304}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= UDP:C:\program files\teamspeak2_rc2\server_windows.exe:Server
"UDP Query User{88C5A000-21E6-4282-B5B6-CBF26876B2FD}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= TCP:C:\program files\teamspeak2_rc2\server_windows.exe:Server
"{B0EC9D67-F468-4F43-8B72-963AA531B24C}"= TCP:21000:ts or dédie
"{3BBDBF39-3D7B-496E-99EE-D6B1903AF4A4}"= UDP:21001:gfgffg
"TCP Query User{F0758A5B-89B1-4F1D-A89E-BDA2732C1731}C:\\srcds\\srcds.exe"= UDP:C:\srcds\srcds.exe:srcds
"UDP Query User{F132073E-DB0E-4D93-A76D-0BD6C2E0110C}C:\\srcds\\srcds.exe"= TCP:C:\srcds\srcds.exe:srcds
"TCP Query User{19EEAC91-EBE9-49D3-B9D3-B4E6C84749E3}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{7448A096-F85F-4FF4-B54F-AB3633D9BED6}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{B72918E2-258B-476E-AF01-9A98B2DF5AED}C:\\program files\\valve\\steam\\steamapps\\mateutaque\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\mateutaque\counter-strike source\hl2.exe:hl2
"UDP Query User{B330A12B-98D8-45D3-9DB4-A32DB7DF5D6F}C:\\program files\\valve\\steam\\steamapps\\mateutaque\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\mateutaque\counter-strike source\hl2.exe:hl2
"TCP Query User{AD0FDF75-1F19-4A7C-B502-ED69CC7431C2}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{21AA4775-9B47-4C5E-830D-6442EE65E440}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{B49DC0DE-259F-42AE-9473-D0FAB56B1763}"= UDP:C:\Users\KaIzZ`\Desktop\VDownloader.exe:VDownloader
"{D1CBDD0C-CF16-43FC-9E51-4BAED08E58C1}"= TCP:C:\Users\KaIzZ`\Desktop\VDownloader.exe:VDownloader
"TCP Query User{03A2D62E-4F07-4574-B096-040067D4C3E6}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\team fortress 2\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\team fortress 2\hl2.exe:hl2
"UDP Query User{8C34AEA1-8BD7-490F-B79D-FCA066F26C3B}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\team fortress 2\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\team fortress 2\hl2.exe:hl2
"TCP Query User{0199ED8F-42A7-4160-8CBD-065EC761210F}C:\\program files\\valve\\steam\\steamapps\\anto29400\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\anto29400\counter-strike source\hl2.exe:hl2
"UDP Query User{02D12068-630D-4702-9364-9914C44CCF63}C:\\program files\\valve\\steam\\steamapps\\anto29400\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\anto29400\counter-strike source\hl2.exe:hl2
"TCP Query User{01AD8C1C-EF66-4194-A070-CB8BE7D20106}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\day of defeat source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\day of defeat source\hl2.exe:hl2
"UDP Query User{5892FF04-106C-451F-8A0E-2A96E1A0F968}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\day of defeat source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\day of defeat source\hl2.exe:hl2
"TCP Query User{4CA21FA8-9CAE-4CD0-948A-994EF89A464D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{82A1936B-719B-4E74-A6E4-63CC6D7F9A8C}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{A3316C47-49A1-4C1B-8EDA-75EC96722711}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\condition zero deleted scenes\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\condition zero deleted scenes\hl.exe:Half-Life Launcher
"UDP Query User{BFCAE916-2974-4556-A47E-355D23F48598}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\condition zero deleted scenes\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\condition zero deleted scenes\hl.exe:Half-Life Launcher
"{B70EE104-5A74-4E7D-A306-E2D1DA9E9A50}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{8C2C3067-0A78-46A5-B4EC-FB4315DB5719}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{9027D6BF-E0C1-4C8E-9826-72C256438D14}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{1E8EFBBB-BEEE-4495-834F-3D91C655EF51}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{E1A02D85-F54F-4CD0-A340-0AABF628DE4A}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{C31616E4-ADED-457B-9881-44B4B7F45DBE}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{F19DCCBA-D761-4580-BC6C-B39237EB06E2}C:\\program files\\valve\\steam\\steamapps\\loloyd\\team fortress 2\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\loloyd\team fortress 2\hl2.exe:hl2
"UDP Query User{DB0630CA-4841-416A-B591-C69D3C88B464}C:\\program files\\valve\\steam\\steamapps\\loloyd\\team fortress 2\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\loloyd\team fortress 2\hl2.exe:hl2
"TCP Query User{660179DE-6835-46D8-BA81-F2ABA9A0533E}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\garrysmod\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\garrysmod\hl2.exe:hl2
"UDP Query User{5EAB0D2E-4AA9-4C89-8DDD-2BC98EA1F881}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\garrysmod\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\garrysmod\hl2.exe:hl2
"TCP Query User{86F4615A-9B36-4E82-A9DB-8591AD614DE2}C:\\users\\kaizz`\\desktop\\teamspeak spam\\spamer.exe"= UDP:C:\users\kaizz`\desktop\teamspeak spam\spamer.exe:spamer.exe
"UDP Query User{A50901CA-C318-4AA6-B8D8-867E97434D76}C:\\users\\kaizz`\\desktop\\teamspeak spam\\spamer.exe"= TCP:C:\users\kaizz`\desktop\teamspeak spam\spamer.exe:spamer.exe
"TCP Query User{EDF7D398-1461-4B08-963A-B24ECF745538}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\ricochet\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\ricochet\hl.exe:Half-Life Launcher
"UDP Query User{EAD6D22B-4CF0-4D5A-A356-405EE830628A}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\ricochet\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\ricochet\hl.exe:Half-Life Launcher
"TCP Query User{AD01B71D-044E-44C7-97AE-448CFCC6F6EE}C:\\program files\\valve\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:C:\program files\valve\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{AC77AF50-4995-4D3B-85EC-8E96C04B3C91}C:\\program files\\valve\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:C:\program files\valve\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"TCP Query User{2F828406-9A5B-4F02-AE20-2872B97762AE}C:\\program files\\gamespy arcade\\aphex.exe"= UDP:C:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.4
"UDP Query User{F71A3DDB-C93F-4E0B-A246-16AF65BD9A09}C:\\program files\\gamespy arcade\\aphex.exe"= TCP:C:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.4
"{7576794C-C25D-4199-938E-531578C4BD2A}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{9112207D-11C8-428B-A13B-D5988FAEEA21}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"{BFFAA7C5-1B13-4CDD-9D77-82BC392F7265}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{A1BB9F71-E76E-474E-B05F-7947465591F2}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{1414AE0A-2E6A-40CA-8843-6DCA4E5CA41B}C:\\users\\kaizz`\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\users\kaizz`\program files\bittorrent\bittorrent.exe:bittorrent.exe
"UDP Query User{A7461B8B-4CF1-436F-877C-EB2DAF94296E}C:\\users\\kaizz`\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\users\kaizz`\program files\bittorrent\bittorrent.exe:bittorrent.exe
"TCP Query User{EE057B85-A8FA-435C-A70F-EDDEF94290E6}C:\\users\\kaizz`\\program files\\dna\\btdna.exe"= UDP:C:\users\kaizz`\program files\dna\btdna.exe:btdna.exe
"UDP Query User{87088814-1CA5-4DFB-93E8-95A4DE1B9C56}C:\\users\\kaizz`\\program files\\dna\\btdna.exe"= TCP:C:\users\kaizz`\program files\dna\btdna.exe:btdna.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-28 01:36]
R3 Razerlow;Diamondback 3G USB Filter Driver;C:\Windows\system32\Drivers\DB3G.sys [2005-04-24 22:43]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-07-31 00:24]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbb98bce-2ccc-11dd-b21a-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d54ff02d-5812-11dd-baec-001d920d211b}]
\shell\AutoRun\command - J:\Autorun.exe
*Newly Created Service* - SSMDRV
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MSServer - C:\Windows\system32\khfDtSli.dll
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
ShellExecuteHooks-{F6A9C779-4730-42F7-9142-432860D0B778} - C:\Windows\system32\khfDtSli.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\KaIzZ`\AppData\Roaming\Mozilla\Firefox\Profiles\v48k4e71.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Yahoo!\common\npyaxmpb.dll
FF -: plugin - C:\Users\KaIzZ`\Program Files\DNA\plugins\npbtdna.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 00:10:52
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-15 0:14:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-14 22:14:54
Pre-Run: 106,655,584,256 octets libres
Post-Run: 127,633,207,296 octets libres
300 --- E O F --- 2008-08-14 09:47:13
ComboFix 08-08-14.01 - KaIzZ` 2008-08-15 0:05:57.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2094 [GMT 2:00]
Endroit: C:\Users\KaIzZ`\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\KaIzZ`\AppData\Local\Temp\aasqrtje.dll
C:\Users\KaIzZ`\AppData\Local\Temp\tsmyibrf.dll
C:\Windows\system32\awTliJab.dll
C:\Windows\system32\cbXRIbCV.dll
C:\Windows\system32\fccBtRJA.dll
C:\Windows\system32\khfDtSli.dll
D:\install.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-14 to 2008-08-14 ))))))))))))))))))))))))))))))))))))
.
2008-08-15 00:03 . 2008-08-15 00:04 <REP> d-------- C:\327882R2FWJFW
2008-08-14 23:22 . 2008-08-14 23:22 <REP> d-------- C:\Users\All Users\Avira
2008-08-14 23:22 . 2008-08-14 23:22 <REP> d-------- C:\ProgramData\Avira
2008-08-14 23:22 . 2008-08-14 23:22 <REP> d-------- C:\Program Files\Avira
2008-08-14 11:46 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-14 01:44 . 2008-06-27 03:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-14 01:44 . 2008-06-27 06:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-14 01:44 . 2008-06-19 05:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-14 01:38 . 2008-04-18 07:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-14 01:18 . 2008-04-10 07:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-14 00:37 . 2008-08-14 00:39 <REP> d-------- C:\Users\KaIzZ`\Program Files
2008-08-13 20:09 . 2008-08-13 20:10 <REP> d-------- C:\Program Files\BitTorrent Ultra Accelerator
2008-08-13 17:57 . 2008-08-15 00:08 <REP> d-------- C:\Users\KaIzZ`\AppData\Roaming\DNA
2008-08-13 17:57 . 2008-08-14 23:50 <REP> d-------- C:\Users\KaIzZ`\AppData\Roaming\BitTorrent
2008-08-13 17:57 . 2008-08-13 17:57 <REP> d-------- C:\Program Files\DNA
2008-08-13 17:57 . 2008-08-13 17:57 <REP> d-------- C:\Program Files\BitTorrent
2008-08-13 17:54 . 2008-08-13 17:54 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-13 17:22 . 2008-08-13 17:25 <REP> d-------- C:\Program Files\GameSpy Arcade
2008-08-13 17:13 . 2008-08-13 17:13 <REP> d-------- C:\Program Files\Sierra
2008-08-13 17:08 . 2008-08-13 17:08 <REP> d-------- C:\Program Files\MagicPic4
2008-08-08 11:15 . 2008-08-08 11:15 <REP> d-------- C:\cstrike
2008-08-08 10:56 . 2008-08-08 10:56 315,908 --a------ C:\Windows\CSSBScript - Version Full Uninstaller.exe
2008-08-07 15:06 . 2008-08-07 15:06 <REP> d-------- C:\Users\KaIzZ`\AppData\Roaming\com.adidas.widget.8DD3787205A936F604775F360BF9EE211D39EC38.1
2008-08-07 15:06 . 2008-08-07 15:06 <REP> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-03 15:02 . 2008-08-03 15:03 <REP> d-------- C:\Program Files\PopCap Games
2008-08-02 20:43 . 2008-08-02 20:43 <REP> d-------- C:\Program Files\Sun
2008-08-02 20:06 . 2008-08-02 20:06 252,713,458 --a------ C:\Windows\MEMORY.DMP
2008-08-02 13:08 . 2008-08-03 18:05 <REP> d-------- C:\Users\All Users\TrackMania
2008-08-02 13:08 . 2008-08-03 18:05 <REP> d-------- C:\ProgramData\TrackMania
2008-07-30 20:31 . 2008-07-30 21:17 <REP> d-------- C:\Users\All Users\Skype
2008-07-30 20:31 . 2008-07-30 21:17 <REP> d-------- C:\ProgramData\Skype
2008-07-24 16:32 . 2008-07-24 16:32 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-07-22 19:28 . 2008-07-22 19:28 <REP> d-------- C:\Program Files\KONAMI
2008-07-22 19:24 . 2008-07-22 19:24 <REP> d-------- C:\Users\All Users\Yahoo! Companion
2008-07-22 19:24 . 2008-07-22 19:24 <REP> d-------- C:\ProgramData\Yahoo! Companion
2008-07-22 19:24 . 2008-07-22 19:24 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-07-22 18:59 . 2008-07-22 18:59 <REP> d-------- C:\Users\KaIzZ`\AppData\Roaming\DAEMON Tools
2008-07-22 18:59 . 2008-07-22 18:59 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-07-22 17:04 . 2008-07-22 17:04 <REP> d-------- C:\Program Files\CCleaner
2008-07-17 22:38 . 2008-07-17 22:38 <REP> d-------- C:\Program Files\Sony Setup
2008-07-14 00:49 . 2008-07-31 18:32 <REP> d-------- C:\Users\KaIzZ`\AppData\Roaming\Mumble
2008-07-14 00:48 . 2008-07-14 00:49 <REP> d-------- C:\Program Files\Mumble
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-14 20:44 --------- d-----w C:\Users\KaIzZ`\AppData\Roaming\LimeWire
2008-08-14 19:27 --------- d-----w C:\Program Files\Windows Mail
2008-08-14 09:46 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-13 15:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-08 13:13 --------- d-----w C:\Users\KaIzZ`\AppData\Roaming\FileZilla
2008-08-06 20:33 --------- d-----w C:\Users\KaIzZ`\AppData\Roaming\teamspeak2
2008-08-05 21:19 --------- d-----w C:\Users\KaIzZ`\AppData\Roaming\mIRC
2008-08-04 17:04 136,888 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-08-02 18:43 --------- d-----w C:\Program Files\Java
2008-07-31 11:44 --------- d-----w C:\Program Files\Common Files\Steam
2008-07-22 15:04 --------- d-----w C:\Program Files\Yahoo!
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-11 19:55 --------- d-----w C:\Program Files\TeamSpeak3
2008-07-09 17:51 --------- d-----w C:\Users\KaIzZ`\AppData\Roaming\InstallShield
2008-07-09 17:51 --------- d-----w C:\Program Files\Razer
2008-07-08 23:18 22,328 ----a-w C:\Users\KaIzZ`\AppData\Roaming\PnkBstrK.sys
2008-07-08 23:03 --------- d-----w C:\Program Files\Activision
2008-07-03 16:45 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-07-03 15:44 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-06-28 21:53 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-06-27 17:28 --------- d-----w C:\ProgramData\CheckPoint
2008-06-15 22:11 --------- d-----w C:\Users\KaIzZ`\AppData\Roaming\Digital Joy
2008-06-14 11:15 174 --sha-w C:\Program Files\desktop.ini
2008-06-14 11:09 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-14 11:09 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-14 11:09 --------- d-----w C:\Program Files\Windows Journal
2008-06-14 11:09 --------- d-----w C:\Program Files\Windows Defender
2008-06-14 11:09 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-14 11:09 --------- d-----w C:\Program Files\Windows Calendar
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-10 20:17 84 ----a-w C:\Users\KaIzZ`\AppData\Roaming\wklnhst.dat
2008-06-05 21:31 74,752 ----a-w C:\Windows\ST6UNST.EXE
2008-06-05 21:31 253,952 ------w C:\Windows\Setup1.exe
2008-05-28 23:04 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-28 23:04 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-28 23:04 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-28 23:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-17 14:20 490952]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"BitTorrent DNA"="C:\Users\KaIzZ`\Program Files\DNA\btdna.exe" [2008-08-14 00:37 341824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 10:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 00:04 464168]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"Diamondback"="C:\Program Files\Razer\Diamondback 3G\razerhid.exe" [2007-08-01 14:07 147456]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 09:38 4390912 C:\Windows\RtHDVCpl.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-02-15 18:39 151552]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-04-24 14:53:40 528384]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
PCM Media Sharing.lnk - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-04-24 14:32:04 200812]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\ACERAR~1\ACERVI~1\Kernel\Burner\MKDMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F95798C9-BF0A-4D20-BD7C-6B38E7FF9FEE}"= C:\Program Files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
"{A5333138-7820-4A45-A0F8-9FD93BB4D627}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\ARAWP.exe:DV Magician ARA workprocess
"{D585109C-A3E9-47A0-B1F8-BEF827E9F6D7}"= C:\Program Files\Acer Arcade Live\Acer DV Magician\Component\DVAX2Process.exe:DV Magician AVAX workprocess
"{31A60708-F002-42F4-9908-B33BD16550DD}"= C:\Program Files\Acer Arcade Live\SlideShow DVD\Component\CLSLDVD.exe:SlideShow DVD workprocess
"{932D4E56-6D5F-4909-A913-8B5947834283}"= C:\Program Files\Acer Arcade Live\Acer VideoMagician\VideoMagician.exe:VideoMagician
"{B4E3A7E7-6249-4309-B05F-B68B9B030828}"= C:\Program Files\Acer Arcade Live\Acer DVDivine\DVDivine.exe:DVDivine
"{383C1570-BA3C-4015-8188-2C4B6D3284C4}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia\HomeMedia.exe:HomeMedia
"{96FB5B8F-6D95-4F7A-809C-7952FC936ACB}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\HomeMedia Connect.exe:HomeMedia Connect
"{4FF06BD9-4370-4B76-ACF7-40542F1CF716}"= C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:HomeMedia Connect Service
"{A3545E1B-C746-447F-9041-B38D5406AB1D}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B27F2B2A-F1C3-4E65-8725-F857C07B7BEF}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{BBF0272F-F7B6-4B87-9533-740238F091DE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{0A5C080A-BB08-4A76-8128-384B08D07D4D}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{DF89A78A-2D21-4CCC-8D09-C39BCBBE855D}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{A928C0D0-859C-40F8-86F0-04B176E0DAC3}C:\\program files\\windows sidebar\\sidebar.exe"= UDP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"UDP Query User{5977C167-4B71-4DAB-8A2D-2B3B11C2690A}C:\\program files\\windows sidebar\\sidebar.exe"= TCP:C:\program files\windows sidebar\sidebar.exe:Volet Windows
"TCP Query User{172012A8-11FB-4E0F-8395-11CFE16758C3}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\counter-strike source\hl2.exe:hl2
"UDP Query User{3538A696-16CC-4999-B0CB-9D7B6147003F}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\counter-strike source\hl2.exe:hl2
"TCP Query User{54617CD7-1C9E-46EC-A205-CD09A0A4EFCD}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\counter-strike\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{CFD5C1E7-2445-4CC1-A922-6EE2B62DD9F5}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\counter-strike\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{2A1EEC47-86C4-4DD5-8878-4730377A2F20}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\condition zero\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\condition zero\hl.exe:Half-Life Launcher
"UDP Query User{174D049A-4DDA-43F7-BF68-8468B0C12585}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\condition zero\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\condition zero\hl.exe:Half-Life Launcher
"TCP Query User{7F14E439-E500-4B4F-A1E6-1971B4A39C6A}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\day of defeat\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\day of defeat\hl.exe:Half-Life Launcher
"UDP Query User{D92689E8-7183-454D-9FEF-4620DC936EEF}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\day of defeat\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\day of defeat\hl.exe:Half-Life Launcher
"{F87767AA-AC42-45BC-9E8A-FE1C0CAEAA7F}"= UDP:27015:sd
"TCP Query User{C35EBAC0-9E5F-4165-9583-157924576CB7}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{FB89165A-74B9-4541-A7DC-2757AC0DA1E3}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{6414BEE3-330E-4601-9786-CD4A145141DB}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\source dedicated server\\srcds.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\source dedicated server\srcds.exe:srcds
"UDP Query User{60560432-A2D1-4E10-B99A-4214E2261E1A}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\source dedicated server\\srcds.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\source dedicated server\srcds.exe:srcds
"TCP Query User{35657D73-2E6D-4E6F-81A4-5EFB59AE9304}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= UDP:C:\program files\teamspeak2_rc2\server_windows.exe:Server
"UDP Query User{88C5A000-21E6-4282-B5B6-CBF26876B2FD}C:\\program files\\teamspeak2_rc2\\server_windows.exe"= TCP:C:\program files\teamspeak2_rc2\server_windows.exe:Server
"{B0EC9D67-F468-4F43-8B72-963AA531B24C}"= TCP:21000:ts or dédie
"{3BBDBF39-3D7B-496E-99EE-D6B1903AF4A4}"= UDP:21001:gfgffg
"TCP Query User{F0758A5B-89B1-4F1D-A89E-BDA2732C1731}C:\\srcds\\srcds.exe"= UDP:C:\srcds\srcds.exe:srcds
"UDP Query User{F132073E-DB0E-4D93-A76D-0BD6C2E0110C}C:\\srcds\\srcds.exe"= TCP:C:\srcds\srcds.exe:srcds
"TCP Query User{19EEAC91-EBE9-49D3-B9D3-B4E6C84749E3}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC
"UDP Query User{7448A096-F85F-4FF4-B54F-AB3633D9BED6}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC
"TCP Query User{B72918E2-258B-476E-AF01-9A98B2DF5AED}C:\\program files\\valve\\steam\\steamapps\\mateutaque\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\mateutaque\counter-strike source\hl2.exe:hl2
"UDP Query User{B330A12B-98D8-45D3-9DB4-A32DB7DF5D6F}C:\\program files\\valve\\steam\\steamapps\\mateutaque\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\mateutaque\counter-strike source\hl2.exe:hl2
"TCP Query User{AD0FDF75-1F19-4A7C-B502-ED69CC7431C2}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{21AA4775-9B47-4C5E-830D-6442EE65E440}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{B49DC0DE-259F-42AE-9473-D0FAB56B1763}"= UDP:C:\Users\KaIzZ`\Desktop\VDownloader.exe:VDownloader
"{D1CBDD0C-CF16-43FC-9E51-4BAED08E58C1}"= TCP:C:\Users\KaIzZ`\Desktop\VDownloader.exe:VDownloader
"TCP Query User{03A2D62E-4F07-4574-B096-040067D4C3E6}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\team fortress 2\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\team fortress 2\hl2.exe:hl2
"UDP Query User{8C34AEA1-8BD7-490F-B79D-FCA066F26C3B}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\team fortress 2\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\team fortress 2\hl2.exe:hl2
"TCP Query User{0199ED8F-42A7-4160-8CBD-065EC761210F}C:\\program files\\valve\\steam\\steamapps\\anto29400\\counter-strike source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\anto29400\counter-strike source\hl2.exe:hl2
"UDP Query User{02D12068-630D-4702-9364-9914C44CCF63}C:\\program files\\valve\\steam\\steamapps\\anto29400\\counter-strike source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\anto29400\counter-strike source\hl2.exe:hl2
"TCP Query User{01AD8C1C-EF66-4194-A070-CB8BE7D20106}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\day of defeat source\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\day of defeat source\hl2.exe:hl2
"UDP Query User{5892FF04-106C-451F-8A0E-2A96E1A0F968}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\day of defeat source\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\day of defeat source\hl2.exe:hl2
"TCP Query User{4CA21FA8-9CAE-4CD0-948A-994EF89A464D}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{82A1936B-719B-4E74-A6E4-63CC6D7F9A8C}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{A3316C47-49A1-4C1B-8EDA-75EC96722711}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\condition zero deleted scenes\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\condition zero deleted scenes\hl.exe:Half-Life Launcher
"UDP Query User{BFCAE916-2974-4556-A47E-355D23F48598}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\condition zero deleted scenes\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\condition zero deleted scenes\hl.exe:Half-Life Launcher
"{B70EE104-5A74-4E7D-A306-E2D1DA9E9A50}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{8C2C3067-0A78-46A5-B4EC-FB4315DB5719}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{9027D6BF-E0C1-4C8E-9826-72C256438D14}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{1E8EFBBB-BEEE-4495-834F-3D91C655EF51}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{E1A02D85-F54F-4CD0-A340-0AABF628DE4A}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{C31616E4-ADED-457B-9881-44B4B7F45DBE}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{F19DCCBA-D761-4580-BC6C-B39237EB06E2}C:\\program files\\valve\\steam\\steamapps\\loloyd\\team fortress 2\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\loloyd\team fortress 2\hl2.exe:hl2
"UDP Query User{DB0630CA-4841-416A-B591-C69D3C88B464}C:\\program files\\valve\\steam\\steamapps\\loloyd\\team fortress 2\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\loloyd\team fortress 2\hl2.exe:hl2
"TCP Query User{660179DE-6835-46D8-BA81-F2ABA9A0533E}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\garrysmod\\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\garrysmod\hl2.exe:hl2
"UDP Query User{5EAB0D2E-4AA9-4C89-8DDD-2BC98EA1F881}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\garrysmod\\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\garrysmod\hl2.exe:hl2
"TCP Query User{86F4615A-9B36-4E82-A9DB-8591AD614DE2}C:\\users\\kaizz`\\desktop\\teamspeak spam\\spamer.exe"= UDP:C:\users\kaizz`\desktop\teamspeak spam\spamer.exe:spamer.exe
"UDP Query User{A50901CA-C318-4AA6-B8D8-867E97434D76}C:\\users\\kaizz`\\desktop\\teamspeak spam\\spamer.exe"= TCP:C:\users\kaizz`\desktop\teamspeak spam\spamer.exe:spamer.exe
"TCP Query User{EDF7D398-1461-4B08-963A-B24ECF745538}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\ricochet\\hl.exe"= UDP:C:\program files\valve\steam\steamapps\bastdemars\ricochet\hl.exe:Half-Life Launcher
"UDP Query User{EAD6D22B-4CF0-4D5A-A356-405EE830628A}C:\\program files\\valve\\steam\\steamapps\\bastdemars\\ricochet\\hl.exe"= TCP:C:\program files\valve\steam\steamapps\bastdemars\ricochet\hl.exe:Half-Life Launcher
"TCP Query User{AD01B71D-044E-44C7-97AE-448CFCC6F6EE}C:\\program files\\valve\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= UDP:C:\program files\valve\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"UDP Query User{AC77AF50-4995-4D3B-85EC-8E96C04B3C91}C:\\program files\\valve\\steam\\steamapps\\common\\trackmania nations forever\\tmforever.exe"= TCP:C:\program files\valve\steam\steamapps\common\trackmania nations forever\tmforever.exe:TmForever
"TCP Query User{2F828406-9A5B-4F02-AE20-2872B97762AE}C:\\program files\\gamespy arcade\\aphex.exe"= UDP:C:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.4
"UDP Query User{F71A3DDB-C93F-4E0B-A246-16AF65BD9A09}C:\\program files\\gamespy arcade\\aphex.exe"= TCP:C:\program files\gamespy arcade\aphex.exe:GameSpy Arcade 1.4
"{7576794C-C25D-4199-938E-531578C4BD2A}"= UDP:C:\Program Files\DNA\btdna.exe:DNA (TCP-In)
"{9112207D-11C8-428B-A13B-D5988FAEEA21}"= TCP:C:\Program Files\DNA\btdna.exe:DNA (UDP-In)
"{BFFAA7C5-1B13-4CDD-9D77-82BC392F7265}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{A1BB9F71-E76E-474E-B05F-7947465591F2}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{1414AE0A-2E6A-40CA-8843-6DCA4E5CA41B}C:\\users\\kaizz`\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\users\kaizz`\program files\bittorrent\bittorrent.exe:bittorrent.exe
"UDP Query User{A7461B8B-4CF1-436F-877C-EB2DAF94296E}C:\\users\\kaizz`\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\users\kaizz`\program files\bittorrent\bittorrent.exe:bittorrent.exe
"TCP Query User{EE057B85-A8FA-435C-A70F-EDDEF94290E6}C:\\users\\kaizz`\\program files\\dna\\btdna.exe"= UDP:C:\users\kaizz`\program files\dna\btdna.exe:btdna.exe
"UDP Query User{87088814-1CA5-4DFB-93E8-95A4DE1B9C56}C:\\users\\kaizz`\\program files\\dna\\btdna.exe"= TCP:C:\users\kaizz`\program files\dna\btdna.exe:btdna.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 18:54]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-28 01:36]
R3 Razerlow;Diamondback 3G USB Filter Driver;C:\Windows\system32\Drivers\DB3G.sys [2005-04-24 22:43]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-07-31 00:24]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-06 09:51]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bbb98bce-2ccc-11dd-b21a-806e6f6e6963}]
\shell\AutoRun\command - E:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d54ff02d-5812-11dd-baec-001d920d211b}]
\shell\AutoRun\command - J:\Autorun.exe
*Newly Created Service* - SSMDRV
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MSServer - C:\Windows\system32\khfDtSli.dll
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
ShellExecuteHooks-{F6A9C779-4730-42F7-9142-432860D0B778} - C:\Windows\system32\khfDtSli.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\KaIzZ`\AppData\Roaming\Mozilla\Firefox\Profiles\v48k4e71.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Yahoo!\common\npyaxmpb.dll
FF -: plugin - C:\Users\KaIzZ`\Program Files\DNA\plugins\npbtdna.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 00:10:52
Windows 6.0.6001 Service Pack 1 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Razer\Diamondback 3G\razertra.exe
C:\Program Files\Razer\Diamondback 3G\razerofa.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-15 0:14:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-14 22:14:54
Pre-Run: 106,655,584,256 octets libres
Post-Run: 127,633,207,296 octets libres
300 --- E O F --- 2008-08-14 09:47:13
Télécharge ToolsCleaner sur ton bureau.
-->
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
Ensuite :
Télécharge HijackThis ici :
-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe
-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
-> Clique sur Install ensuite sur I Accept
-> Clique sur Do a scan system and save log file
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
-->
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
Ensuite :
Télécharge HijackThis ici :
-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe
-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
-> Clique sur Install ensuite sur I Accept
-> Clique sur Do a scan system and save log file
-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
