549 utilisateurs connectés
Infection du fichié mdm.exe
Stingerwars
le 12 septembre 2009 à 13h44
Bonjour,
Je dispose d'un ordinateur Vista 32 bits et de l'antivirus avast.
Celui-ci ma récemment signalé que j'étais infecté d'un ver catégorie Win32:Trojan-gen {other}, le fichier infecté étant mdm.exe situé à l'emplacement suivant : C:\Users\nom_utilisateur\AppData\Local\Temp\~tmp\mlp56
Avast me conseillant de le mettre en quarantaine, je suivi son conseil et exécuta. Mais régulièrement, Avast/Avg me signal que ce fichier est "réapparu" dans C:\Users\nom_utilisateur\AppData\Local\Temp\~tmp\mlp57 puis dans mlp58 ....
et toujours infecté.
Bizarrement il ne réapparais pas a chaque redémarrage mais environs tous les 2/3 jours ...
j'ai exactement le même problème que cette personne
Voir lien => http://forum.telecharger.01net.com/telecharger/securite_virus_et_assimiles/ver-infectant-mdmexe-444074/messages-1.html
j'ai suivit les instructions mais je n'ai pas réussi a m'en débarrasser.
Il y a t'il une infection ?
J'ai déjà supprimer 3/4 Trojans à l'aide de Malwarebytes et de Kaspersky Virus Tool Remover mais apparemment cela ne suffis pas...
Je suppose que c'est un service infecté car il ne reviendrais pas après suppression ...(depuis presque un mois !)
Merci d'avance
Je dispose d'un ordinateur Vista 32 bits et de l'antivirus avast.
Celui-ci ma récemment signalé que j'étais infecté d'un ver catégorie Win32:Trojan-gen {other}, le fichier infecté étant mdm.exe situé à l'emplacement suivant : C:\Users\nom_utilisateur\AppData\Local\Temp\~tmp\mlp56
Avast me conseillant de le mettre en quarantaine, je suivi son conseil et exécuta. Mais régulièrement, Avast/Avg me signal que ce fichier est "réapparu" dans C:\Users\nom_utilisateur\AppData\Local\Temp\~tmp\mlp57 puis dans mlp58 ....
et toujours infecté.
Bizarrement il ne réapparais pas a chaque redémarrage mais environs tous les 2/3 jours ...
j'ai exactement le même problème que cette personne
Voir lien => http://forum.telecharger.01net.com/telecharger/securite_virus_et_assimiles/ver-infectant-mdmexe-444074/messages-1.html
j'ai suivit les instructions mais je n'ai pas réussi a m'en débarrasser.
Il y a t'il une infection ?
J'ai déjà supprimer 3/4 Trojans à l'aide de Malwarebytes et de Kaspersky Virus Tool Remover mais apparemment cela ne suffis pas...
Je suppose que c'est un service infecté car il ne reviendrais pas après suppression ...(depuis presque un mois !)
Merci d'avance
-->Message édité par Stingerwars le 12/09/2009 14:09:30<--
répondre
dédétraqué
le 12 septembre 2009 à 13h52
Salut Stingerwars
Pas de rapport avant qu'il ne soit demander, donc édit ton et supprime ton rapport HJT.
Télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe
- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse
Les rapports sont dans le dossier ici C:\rsit
@++
Pas de rapport avant qu'il ne soit demander, donc édit ton et supprime ton rapport HJT.
Télécharge RSIT (de random/random) sur le bureau ici :
http://images.malwareremoval.com/random/RSIT.exe
- Double clique sur RSIT.exe qui est sur le bureau
- Clique sur Continue dans la fenêtre
- RSIT téléchargera HijackThis si il n’est pas présent où détecté, alors il faudra accepter la licence
- Poste le contenue des deux rapports, log.txt et info.txt(réduit dans la barre des tâches) à la fin de l’analyse
Les rapports sont dans le dossier ici C:\rsit
@++
Stingerwars
le 12 septembre 2009 à 14h10
Voila le scan (il n'y a que un bloc note dispo dans la barre des taches ...)
Logfile of random's system information tool 1.06 (written by random/random)
Run by Eric at 2009-09-12 14:07:57
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 10 GB (23%) free of 45 GB
Total RAM: 3070 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:03, on 12/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Eric\LOCALS~1\APPLIC~1\MICROS~1\comrepl.exe
C:\Windows\System32\rundll32.exe
D:\Program Files\AVG\AVG8\avgtray.exe
D:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Téléchargement\RSIT.exe
C:\Program Files\trend micro\HijackThis\Eric.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Eric\LOCALS~1\APPLIC~1\MICROS~1\comrepl.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Eric\LOCALS~1\APPLIC~1\MICROS~1\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\Windows\System32\drivers\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Users\Eric\AppData\Local\Temp\cisvc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MstInit] C:\Users\Eric\LOCALS~1\APPLIC~1\mstinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MstInit] C:\Users\Eric\LOCALS~1\APPLIC~1\mstinit.exe /waitservice (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 6675 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\User_Feed_Synchronization-{0686E751-AA0A-4129-8275-0EFCC751001E}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - D:\Program Files\AVG\AVG8\avgssie.dll [2009-08-17 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IaNvSrv"=C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [2007-07-24 33304]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-11-02 86016]
"AVG8_TRAY"=D:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-17 2007832]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"ClipSrv"=C:\Users\Eric\LOCALS~1\APPLIC~1\MICROS~1\clipsrv.exe [2009-08-02 57344]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=D:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"ClipSrv"=C:\Windows\System32\drivers\clipsrv.exe [2009-08-02 57344]
"Cisvc"=C:\Users\Eric\AppData\Local\Temp\cisvc.exe [2009-08-02 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cld2000.exe]
D:\Program Files\Calendrier\Cld2000.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Eric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Notification de cadeaux MSN.lnk]
C:\Users\Eric\AppData\Roaming\MICROS~1\NOTIFI~1\lsnfier.exe [2009-06-16 135680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="D:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"D:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="D:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"D:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="D:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
"D:\Program Files\BitTorrent\bittorrent.exe"="D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16f4e7d4-a4c5-11dd-9b71-001d925316b5}]
shell\AutoRun\command - H:\SCDAAutorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4162f76-fe39-11d5-9031-001d925316b5}]
shell\AutoRun\command - G:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2009-09-10 02:18:21 ----A---- C:\Windows\system32\MRT.INI
2009-09-09 20:14:57 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 20:14:57 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 20:14:57 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 20:14:56 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 20:14:56 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 20:14:56 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 20:14:56 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 20:14:56 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 20:14:56 ----A---- C:\Windows\system32\finger.exe
2009-09-09 20:14:44 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 20:14:44 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 20:14:44 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 20:14:44 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 20:14:41 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 20:14:41 ----A---- C:\Windows\system32\mf.dll
2009-09-09 20:14:37 ----A---- C:\Windows\system32\jscript.dll
2009-09-05 01:12:00 ----A---- C:\Users\Eric\AppData\Roaming\mstinit.exe
2009-09-02 20:51:37 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-02 20:51:36 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-01 12:12:07 ----D---- C:\ProgramData\is-KPOR1
2009-09-01 11:13:51 ----D---- C:\Users\Eric\AppData\Roaming\Malwarebytes
2009-09-01 11:13:46 ----D---- C:\ProgramData\Malwarebytes
2009-09-01 11:13:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-01 10:58:52 ----D---- C:\rsit
2009-09-01 10:58:52 ----D---- C:\Program Files\trend micro
2009-09-01 10:53:19 ----A---- C:\Windows\esentutl.exe
2009-08-30 15:15:41 ----D---- C:\Windows\system32\ErrorLogs
2009-08-30 13:20:10 ----D---- C:\Users\Eric\AppData\Roaming\uniblue
2009-08-30 13:19:43 ----HDC---- C:\ProgramData\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-08-30 12:44:38 ----A---- C:\Windows\system32\MFC71.dll
2009-08-26 12:03:11 ----A---- C:\Windows\system32\tzres.dll
2009-08-24 13:07:04 ----A---- C:\Windows\cmstp.exe
2009-08-24 13:06:14 ----A---- C:\Windows\mstinit.exe
2009-08-24 13:01:58 ----D---- C:\Windows\pss
2009-08-24 12:17:28 ----A---- C:\Windows\system32\wdigest.dll
2009-08-24 12:17:28 ----A---- C:\Windows\system32\secur32.dll
2009-08-24 12:17:28 ----A---- C:\Windows\system32\schannel.dll
2009-08-24 12:17:28 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-24 12:17:28 ----A---- C:\Windows\system32\lsass.exe
2009-08-24 12:17:28 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-24 12:17:28 ----A---- C:\Windows\system32\kerberos.dll
2009-08-15 22:39:20 ----D---- C:\Users\Eric\AppData\Roaming\BitTorrent
2009-08-15 22:39:07 ----D---- C:\Program Files\Mozilla Firefox
2009-08-13 19:33:56 ----A---- C:\Windows\system32\atl.dll
2009-08-13 19:33:54 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-13 19:33:52 ----A---- C:\Windows\system32\mstscax.dll
2009-08-13 19:33:50 ----A---- C:\Windows\system32\avifil32.dll
2009-08-13 19:33:46 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-13 19:33:46 ----A---- C:\Windows\system32\wmp.dll
2009-08-13 19:33:46 ----A---- C:\Windows\system32\spwmp.dll
2009-08-13 19:33:43 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-13 19:33:39 ----A---- C:\Windows\system32\wmploc.DLL
======List of files/folders modified in the last 1 months======
2009-09-12 13:58:20 ----D---- C:\Windows\Prefetch
2009-09-12 13:29:06 ----D---- C:\Windows\System32
2009-09-12 13:29:06 ----D---- C:\Windows\inf
2009-09-12 13:29:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-12 13:24:32 ----D---- C:\Windows\Temp
2009-09-11 20:32:06 ----HD---- C:\$AVG8.VAULT$
2009-09-10 23:40:19 ----A---- C:\Windows\NeroDigital.ini
2009-09-10 09:35:37 ----D---- C:\Windows\rescache
2009-09-10 09:30:38 ----D---- C:\Windows\winsxs
2009-09-10 09:20:33 ----D---- C:\Windows\system32\catroot
2009-09-10 09:20:32 ----D---- C:\Windows\system32\catroot2
2009-09-10 09:18:43 ----D---- C:\Windows\system32\fr-FR
2009-09-10 09:18:43 ----D---- C:\Windows\system32\drivers
2009-09-10 09:18:42 ----D---- C:\Program Files\Windows Mail
2009-09-10 02:17:01 ----D---- C:\Windows\Debug
2009-09-10 02:16:58 ----SHD---- C:\Windows\Installer
2009-09-10 02:16:24 ----D---- C:\Windows\ehome
2009-09-10 02:16:15 ----SHD---- C:\System Volume Information
2009-09-09 22:35:39 ----D---- C:\Windows
2009-09-08 23:26:32 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-09-06 14:02:55 ----D---- C:\Program Files\Common Files\Steam
2009-09-05 00:31:55 ----RD---- C:\Program Files
2009-09-04 17:46:42 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-09-04 11:36:43 ----D---- C:\Windows\system
2009-09-03 03:37:33 ----D---- C:\Windows\AppPatch
2009-09-02 15:52:10 ----D---- C:\ProgramData\TrackMania
2009-09-01 19:56:13 ----SD---- C:\Users\Eric\AppData\Roaming\Microsoft
2009-09-01 12:12:07 ----HD---- C:\ProgramData
2009-08-30 15:41:37 ----D---- C:\ProgramData\Lavasoft
2009-08-30 15:41:37 ----D---- C:\Program Files\Lavasoft
2009-08-30 15:41:27 ----DC---- C:\Windows\system32\DRVSTORE
2009-08-28 23:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-21 18:16:11 ----RSD---- C:\Windows\assembly
2009-08-21 16:07:56 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-19 17:44:58 ----D---- C:\ProgramData\Ubisoft
2009-08-17 19:05:46 ----A---- C:\Windows\system32\avgrsstx.dll
2009-08-15 13:33:17 ----A---- C:\Windows\DHO.INI
2009-08-15 12:42:57 ----A---- C:\Windows\win.ini
2009-08-13 22:52:54 ----D---- C:\Program Files\Windows Media Player
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-08-17 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-08-17 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-20 108552]
R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2004-01-27 9728]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2004-11-05 670208]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2004-01-27 3840]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 MGHwCtrl;MGHwCtrl; \??\C:\Windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-11-02 7630272]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-06-07 83456]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 AF15BDA;AF9015 BDA Filter; C:\Windows\System32\Drivers\AF15BDA.sys [2008-06-12 296704]
S3 ao0ie9b2;ao0ie9b2; C:\Windows\system32\drivers\ao0ie9b2.sys []
S3 BthAudioHF;Service BthAudioHF; C:\Windows\system32\DRIVERS\BthAudioHF.sys [2008-07-10 30208]
S3 bthav;Profil AV Bluetooth; C:\Windows\system32\drivers\bthav.sys [2008-07-10 34816]
S3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 Cam5603D;BisonCam, NB Pro; C:\Windows\System32\Drivers\BisonCam.sys [2007-08-20 783272]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\Eric\AppData\Local\Temp\UER89AA.tmp [2009-09-11 18504]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-02-02 25280]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 USB28xxBGA;Analog TV Device; C:\Windows\system32\DRIVERS\emBDA.sys [2008-06-12 361728]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM.sys [2008-06-12 39680]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 avg8emc;AVG Free8 E-mail Scanner; D:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-17 908056]
R2 avg8wd;AVG Free8 WatchDog; D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-17 297752]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HFGService;Handsfree Headset Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-04-25 355096]
R2 NishService;SCM Driver Daemon; C:\Program Files\System Control Manager\edd.exe [2007-08-23 61440]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Oz128 Driver\o2flash.exe [2007-02-13 65536]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-08-02 75064]
R2 SBSDWSCService;SBSD Security Center Service; D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service; D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2008-09-09 79144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-01-21 79360]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-09-05 316664]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by random/random)
Run by Eric at 2009-09-12 14:07:57
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 1
System drive C: has 10 GB (23%) free of 45 GB
Total RAM: 3070 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:03, on 12/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Eric\LOCALS~1\APPLIC~1\MICROS~1\comrepl.exe
C:\Windows\System32\rundll32.exe
D:\Program Files\AVG\AVG8\avgtray.exe
D:\Program Files\RocketDock\RocketDock.exe
C:\Windows\system32\wbem\unsecapp.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Téléchargement\RSIT.exe
C:\Program Files\trend micro\HijackThis\Eric.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msi.com.tw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: load=C:\Users\Eric\LOCALS~1\APPLIC~1\MICROS~1\comrepl.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKLM\..\Policies\Explorer\Run: [ClipSrv] C:\Users\Eric\LOCALS~1\APPLIC~1\MICROS~1\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ClipSrv] C:\Windows\System32\drivers\clipsrv.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [Cisvc] C:\Users\Eric\AppData\Local\Temp\cisvc.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MstInit] C:\Users\Eric\LOCALS~1\APPLIC~1\mstinit.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MstInit] C:\Users\Eric\LOCALS~1\APPLIC~1\mstinit.exe /waitservice (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: SCM Driver Daemon (NishService) - Unknown owner - C:\Program Files\System Control Manager\edd.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
--
End of file - 6675 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\User_Feed_Synchronization-{0686E751-AA0A-4129-8275-0EFCC751001E}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - D:\Program Files\AVG\AVG8\avgssie.dll [2009-08-17 1111320]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IaNvSrv"=C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe [2007-07-24 33304]
"NvSvc"=C:\Windows\system32\nvsvc.dll [2007-11-02 86016]
"AVG8_TRAY"=D:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-08-17 2007832]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"ClipSrv"=C:\Users\Eric\LOCALS~1\APPLIC~1\MICROS~1\clipsrv.exe [2009-08-02 57344]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"=D:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"ClipSrv"=C:\Windows\System32\drivers\clipsrv.exe [2009-08-02 57344]
"Cisvc"=C:\Users\Eric\AppData\Local\Temp\cisvc.exe [2009-08-02 57344]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cld2000.exe]
D:\Program Files\Calendrier\Cld2000.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Eric^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Notification de cadeaux MSN.lnk]
C:\Users\Eric\AppData\Roaming\MICROS~1\NOTIFI~1\lsnfier.exe [2009-06-16 135680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"D:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe"="D:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2"
"D:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe"="D:\Program Files\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate"
"D:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe"="D:\Program Files\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx"
"D:\Program Files\BitTorrent\bittorrent.exe"="D:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16f4e7d4-a4c5-11dd-9b71-001d925316b5}]
shell\AutoRun\command - H:\SCDAAutorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4162f76-fe39-11d5-9031-001d925316b5}]
shell\AutoRun\command - G:\LaunchU3.exe -a
======List of files/folders created in the last 1 months======
2009-09-10 02:18:21 ----A---- C:\Windows\system32\MRT.INI
2009-09-09 20:14:57 ----A---- C:\Windows\system32\NETSTAT.EXE
2009-09-09 20:14:57 ----A---- C:\Windows\system32\netiohlp.dll
2009-09-09 20:14:57 ----A---- C:\Windows\system32\ARP.EXE
2009-09-09 20:14:56 ----A---- C:\Windows\system32\TCPSVCS.EXE
2009-09-09 20:14:56 ----A---- C:\Windows\system32\ROUTE.EXE
2009-09-09 20:14:56 ----A---- C:\Windows\system32\netevent.dll
2009-09-09 20:14:56 ----A---- C:\Windows\system32\MRINFO.EXE
2009-09-09 20:14:56 ----A---- C:\Windows\system32\HOSTNAME.EXE
2009-09-09 20:14:56 ----A---- C:\Windows\system32\finger.exe
2009-09-09 20:14:44 ----A---- C:\Windows\system32\wlansvc.dll
2009-09-09 20:14:44 ----A---- C:\Windows\system32\wlansec.dll
2009-09-09 20:14:44 ----A---- C:\Windows\system32\wlanmsm.dll
2009-09-09 20:14:44 ----A---- C:\Windows\system32\L2SecHC.dll
2009-09-09 20:14:41 ----A---- C:\Windows\system32\WMVCORE.DLL
2009-09-09 20:14:41 ----A---- C:\Windows\system32\mf.dll
2009-09-09 20:14:37 ----A---- C:\Windows\system32\jscript.dll
2009-09-05 01:12:00 ----A---- C:\Users\Eric\AppData\Roaming\mstinit.exe
2009-09-02 20:51:37 ----A---- C:\Windows\system32\Apphlpdm.dll
2009-09-02 20:51:36 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2009-09-01 12:12:07 ----D---- C:\ProgramData\is-KPOR1
2009-09-01 11:13:51 ----D---- C:\Users\Eric\AppData\Roaming\Malwarebytes
2009-09-01 11:13:46 ----D---- C:\ProgramData\Malwarebytes
2009-09-01 11:13:46 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-01 10:58:52 ----D---- C:\rsit
2009-09-01 10:58:52 ----D---- C:\Program Files\trend micro
2009-09-01 10:53:19 ----A---- C:\Windows\esentutl.exe
2009-08-30 15:15:41 ----D---- C:\Windows\system32\ErrorLogs
2009-08-30 13:20:10 ----D---- C:\Users\Eric\AppData\Roaming\uniblue
2009-08-30 13:19:43 ----HDC---- C:\ProgramData\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-08-30 12:44:38 ----A---- C:\Windows\system32\MFC71.dll
2009-08-26 12:03:11 ----A---- C:\Windows\system32\tzres.dll
2009-08-24 13:07:04 ----A---- C:\Windows\cmstp.exe
2009-08-24 13:06:14 ----A---- C:\Windows\mstinit.exe
2009-08-24 13:01:58 ----D---- C:\Windows\pss
2009-08-24 12:17:28 ----A---- C:\Windows\system32\wdigest.dll
2009-08-24 12:17:28 ----A---- C:\Windows\system32\secur32.dll
2009-08-24 12:17:28 ----A---- C:\Windows\system32\schannel.dll
2009-08-24 12:17:28 ----A---- C:\Windows\system32\msv1_0.dll
2009-08-24 12:17:28 ----A---- C:\Windows\system32\lsass.exe
2009-08-24 12:17:28 ----A---- C:\Windows\system32\lsasrv.dll
2009-08-24 12:17:28 ----A---- C:\Windows\system32\kerberos.dll
2009-08-15 22:39:20 ----D---- C:\Users\Eric\AppData\Roaming\BitTorrent
2009-08-15 22:39:07 ----D---- C:\Program Files\Mozilla Firefox
2009-08-13 19:33:56 ----A---- C:\Windows\system32\atl.dll
2009-08-13 19:33:54 ----A---- C:\Windows\system32\wkssvc.dll
2009-08-13 19:33:52 ----A---- C:\Windows\system32\mstscax.dll
2009-08-13 19:33:50 ----A---- C:\Windows\system32\avifil32.dll
2009-08-13 19:33:46 ----A---- C:\Windows\system32\wmpdxm.dll
2009-08-13 19:33:46 ----A---- C:\Windows\system32\wmp.dll
2009-08-13 19:33:46 ----A---- C:\Windows\system32\spwmp.dll
2009-08-13 19:33:43 ----A---- C:\Windows\system32\dxmasf.dll
2009-08-13 19:33:39 ----A---- C:\Windows\system32\wmploc.DLL
======List of files/folders modified in the last 1 months======
2009-09-12 13:58:20 ----D---- C:\Windows\Prefetch
2009-09-12 13:29:06 ----D---- C:\Windows\System32
2009-09-12 13:29:06 ----D---- C:\Windows\inf
2009-09-12 13:29:06 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-09-12 13:24:32 ----D---- C:\Windows\Temp
2009-09-11 20:32:06 ----HD---- C:\$AVG8.VAULT$
2009-09-10 23:40:19 ----A---- C:\Windows\NeroDigital.ini
2009-09-10 09:35:37 ----D---- C:\Windows\rescache
2009-09-10 09:30:38 ----D---- C:\Windows\winsxs
2009-09-10 09:20:33 ----D---- C:\Windows\system32\catroot
2009-09-10 09:20:32 ----D---- C:\Windows\system32\catroot2
2009-09-10 09:18:43 ----D---- C:\Windows\system32\fr-FR
2009-09-10 09:18:43 ----D---- C:\Windows\system32\drivers
2009-09-10 09:18:42 ----D---- C:\Program Files\Windows Mail
2009-09-10 02:17:01 ----D---- C:\Windows\Debug
2009-09-10 02:16:58 ----SHD---- C:\Windows\Installer
2009-09-10 02:16:24 ----D---- C:\Windows\ehome
2009-09-10 02:16:15 ----SHD---- C:\System Volume Information
2009-09-09 22:35:39 ----D---- C:\Windows
2009-09-08 23:26:32 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-09-06 14:02:55 ----D---- C:\Program Files\Common Files\Steam
2009-09-05 00:31:55 ----RD---- C:\Program Files
2009-09-04 17:46:42 ----A---- C:\Windows\system32\PnkBstrB.exe
2009-09-04 11:36:43 ----D---- C:\Windows\system
2009-09-03 03:37:33 ----D---- C:\Windows\AppPatch
2009-09-02 15:52:10 ----D---- C:\ProgramData\TrackMania
2009-09-01 19:56:13 ----SD---- C:\Users\Eric\AppData\Roaming\Microsoft
2009-09-01 12:12:07 ----HD---- C:\ProgramData
2009-08-30 15:41:37 ----D---- C:\ProgramData\Lavasoft
2009-08-30 15:41:37 ----D---- C:\Program Files\Lavasoft
2009-08-30 15:41:27 ----DC---- C:\Windows\system32\DRVSTORE
2009-08-28 23:38:20 ----A---- C:\Windows\system32\mrt.exe
2009-08-21 18:16:11 ----RSD---- C:\Windows\assembly
2009-08-21 16:07:56 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-19 17:44:58 ----D---- C:\ProgramData\Ubisoft
2009-08-17 19:05:46 ----A---- C:\Windows\system32\avgrsstx.dll
2009-08-15 13:33:17 ----A---- C:\Windows\DHO.INI
2009-08-15 12:42:57 ----A---- C:\Windows\win.ini
2009-08-13 22:52:54 ----D---- C:\Program Files\Windows Media Player
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-08-17 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-08-17 27784]
R1 AvgTdiX;AVG8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-20 108552]
R2 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2004-01-27 9728]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2004-11-05 670208]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 ElbyDelay;ElbyDelay; C:\Windows\System32\Drivers\ElbyDelay.sys [2004-01-27 3840]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-18 1841312]
R3 MGHwCtrl;MGHwCtrl; \??\C:\Windows\system32\drivers\MGHwCtrl.sys [2006-12-22 19456]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits; C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-09-26 2251776]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-11-02 7630272]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-06-07 83456]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-21 11264]
S3 AF15BDA;AF9015 BDA Filter; C:\Windows\System32\Drivers\AF15BDA.sys [2008-06-12 296704]
S3 ao0ie9b2;ao0ie9b2; C:\Windows\system32\drivers\ao0ie9b2.sys []
S3 BthAudioHF;Service BthAudioHF; C:\Windows\system32\DRIVERS\BthAudioHF.sys [2008-07-10 30208]
S3 bthav;Profil AV Bluetooth; C:\Windows\system32\drivers\bthav.sys [2008-07-10 34816]
S3 BthEnum;Service d'énumérateur Bluetooth; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Pilote de port Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2008-04-29 220160]
S3 BTHUSB;Pilote USB radio Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2008-04-29 29184]
S3 Cam5603D;BisonCam, NB Pro; C:\Windows\System32\Drivers\BisonCam.sys [2007-08-20 783272]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\Eric\AppData\Local\Temp\UER89AA.tmp [2009-09-11 18504]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-02-02 25280]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-01-21 49664]
S3 SymIMMP;SymIMMP; C:\Windows\system32\DRIVERS\SymIM.sys []
S3 USB28xxBGA;Analog TV Device; C:\Windows\system32\DRIVERS\emBDA.sys [2008-06-12 361728]
S3 USB28xxOEM;USB 28xx OEM Filter; C:\Windows\system32\DRIVERS\emOEM.sys [2008-06-12 39680]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 avg8emc;AVG Free8 E-mail Scanner; D:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-17 908056]
R2 avg8wd;AVG Free8 WatchDog; D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-17 297752]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 HFGService;Handsfree Headset Service; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2007-04-25 355096]
R2 NishService;SCM Driver Daemon; C:\Program Files\System Control Manager\edd.exe [2007-08-23 61440]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files\O2Micro Oz128 Driver\o2flash.exe [2007-02-13 65536]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-08-02 75064]
R2 SBSDWSCService;SBSD Security Center Service; D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service; D:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2008-09-09 79144]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-01-21 79360]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2009-09-05 316664]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
-----------------EOF-----------------
dédétraqué
le 12 septembre 2009 à 14h43
Salut Stingerwars
Doublon, je vais faire fermé ce poste, continu ici :
http://www.commentcamarche.net/forum/affich-14348707-infection-du-fichie-mdm-(...)
@++
Doublon, je vais faire fermé ce poste, continu ici :
http://www.commentcamarche.net/forum/affich-14348707-infection-du-fichie-mdm-(...)
@++
-->Message édité par dédétraqué le 12/09/2009 16:56:47<--
PRODUITS
- Portables |
- PC |
- Moniteurs |
- Photo / Vidéo |
- T.V. |
- Audio |
- GPS |
- Stockage |
- Téléphonie |
- autres catégories
TÉLÉCHARGER - LOGICIELS
- Windows & logiciels |
- Bureautique |
- Développement |
- Internet |
- Jeux |
- Loisirs |
- Multimédia |
- Personnaliser son pc |
- Sécurité |
- Utilitaires |
- Logiciels Linux |
- logiciels Mac
JEUX VIDÉOS
- jeux PC |
- Xbox |
- Playstation |
- Wii |
- PSP |
- DS |
- Action |
- Aventure |
- MMORPG |
- Sports |
- Simulation |
- Enfant |
- Soluces et astuces
LOISIRS
01NET PRO
- Réseaux et Internet |
- Programmation et développement |
- Logiciels d'entreprise |
- Systèmes d'exploitation en entreprise |
- Sécurité en entreprise |
- Entreprenariat |
- Emploi |
- Services PRO |
- Matériel PRO
AVIS ET COMMENTAIRES
- Les actualités de 01net. |
- Avis sur les jeux vidéos |
- Avis sur les produits |
- Avis sur les logiciels |
A PROPOS DE 01NET
publicité
Messages des modérateurs
A lire aussi
PRODUITS
- message d'erreur /iexplore.exe / explorer.exe
- sndvol32.exe
- WOOBROWSER.EXE
- problème de démarrage avec cli.exe avec ati9600se
- scvhost.exe
TÉLÉCHARGER - LOGICIELS
- probleme .exe
- pb de sndvol32.exe
- [résolu] Help svp, infection SocksA.exe, tel.xls.exe
- Ver infectant mdm.exe
- problèmes dus à Firefox.exe
JEUX VIDÉOS
- probleme hl2.exe + css
- Kohan.exe doit fermer... impossible de jouer ..
- frets on fire il n'y pas de fichier EXE pour jouer? aide moi
- autorun.exe a rencontré un problème(résolu par formatage)
- Probleme counter strike [ hl2.exe ] a rencontré un pb..
LOISIRS
01NET PRO
AVIS ET COMMENTAIRES
A PROPOS DE 01NET
 |
 |
> Logiciel : Internet Download Manager
Optimisez la gestion de vos téléchargements.
|
 |
||
L'ORDINATEUR INDIVIDUEL
Le mensuel informatique qui vous informe et vous conseille.
Nous contacter
|
Charte de confiance
|
Voir notice légale
01net. - 01men - RMC - BFM Radio - BFM TV - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
01net. - 01men - RMC - BFM Radio - BFM TV - TousLesPodcasts - 01informatique.fr - Association RMC-BFM
Tous droits réservés © 1999 - 2009 Internext - 01net.